Global Cyber Pulse: 21 January 2025

January 21, 2025 | Cybersecurity
By Ashwani Mishra, Editor-Technology, 63SATS

Cybersecurity incidents dominate the headlines. HPE investigates claims of stolen data, including source code and sensitive information, by hacker IntelBroker. A breach at Otelier exposed data of 500,000 hotel guests from major brands like Marriott and Hilton.

India’s DONOT APT used a malicious Android app, “Tanzeem,” to gather sensitive data, highlighting evolving cyber threats. In the UK, Gateshead Council fell victim to Medusa ransomware, leaking personal and financial data. Advanced cyberattacks targeting German systems used sophisticated techniques like DLL Sideloading. Meanwhile, the U.S. sanctioned Chinese cyber actors for infiltrating Treasury networks, marking a strong stance against cyber espionage.

HPE Investigates Data Breach by Hacker IntelBroker

Hewlett Packard Enterprise (HPE) is investigating claims by hacker IntelBroker of stolen data, including source code, GitHub repositories, certificates, and personal information.

IntelBroker, active on cybercrime forums, is reportedly selling the data and access to HPE services. HPE confirmed awareness of the breach and is conducting a detailed investigation.

Otelier Breach Exposes Data of 500,000 Hotel Guests

A breach at Otelier, a hotel management software provider, has exposed the personal information of 500,000 hotel guests, including email addresses, names, and booking details.

Renowned hotel brands like Marriott and Hilton were impacted. Cybersecurity site HIBP reported the incident, which highlights risks in cloud security for the hospitality industry.

DONOT APT Uses Malicious App for Covert Data Collection

Indian cyber threat group DONOT has been linked to a malicious Android app, “Tanzeem,” used to gather sensitive data.

Disguised as a chat platform, the app exploits OneSignal for phishing links and prompts users for dangerous permissions. This highlights evolving APT tactics targeting South Asia.

Medusa Ransomware Targets Gateshead Council

The Medusa ransomware group attacked Gateshead Council, leaking personal and financial data on its site.

Documents include job applications, budgets, and housing reports. Gateshead confirmed the breach is contained and notified the ICO. The attack underscores vulnerabilities in public sector cybersecurity.

Advanced Cyberattack Hits German Systems with Sophisticated Tactics

Cyble Labs uncovered an attack on German systems using DLL Sideloading, proxying, and Sliver implants.

A phishing email with a decoy file triggers malware, bypassing security defenses. This marks a significant evolution in cyberattack methodologies targeting organizational networks.

U.S. Sanctions Chinese Cyber Actors Over Treasury Breach

The U.S. Treasury sanctioned Yin Kecheng and Sichuan Juxinhe Network Technology for cyber activities, including a breach of Treasury networks linked to China’s MSS.

The sanctions aim to counter PRC cyber espionage and protect U.S. security and economic interests.