A disturbing new cybersecurity incident has raised alarms across U.S. telecoms, with revelations this week about a large-scale Chinese hacking campaign known as Salt Typhoon. The sophisticated breach targeted at least eight major U.S. telecom providers, including Verizon, AT&T, and T-Mobile, with attackers successfully infiltrating the networks and siphoning off sensitive metadata—potentially compromising millions of private communications.

The Attack: What We Know So Far

The Salt Typhoon operation is believed to be state-sponsored, with Chinese actors exploiting vulnerabilities in telecom infrastructure to gather data on American citizens. According to experts, the attackers gained access to not only personal data but also possibly phone intercepts, raising serious concerns about privacy and the security of telecom systems vital to national infrastructure.

Senators on both sides of the aisle were briefed on the incident this week, with officials from agencies like the FBI and FCC grilled on how the breach went undetected for so long. While specific details of the attack remain limited, it’s clear that the scale and sophistication of Salt Typhoon have exposed major gaps in U.S. cybersecurity protocols.

The Fallout: What’s Next?

In the aftermath, lawmakers have called for increased scrutiny of telecom providers and a potential overhaul of encryption protocols. It is likely that new legislation will soon be on the table, focusing on stricter encryption requirements, third-party risk management, and tougher penalties for lapses in securing critical infrastructure.

This incident serves as a stark reminder of the vulnerabilities in our telecommunications networks, which are fundamental to everything from personal communication to national security. As cyber threats from nation-state actors become more complex, the need for stronger, more proactive cybersecurity measures has never been clearer.

While legislative action may be forthcoming, the effectiveness of these proposed solutions remains to be seen. As we’ve learned from previous high-profile breaches, reactive measures often lag behind the evolving tactics of cyber adversaries. The question remains: Will U.S. telecoms and their cybersecurity defenses be able to keep up with the increasingly sophisticated and frequent cyberattacks targeting critical infrastructure?

The post Salt Typhoon Campaign: A Wake-Up Call for U.S. Telecoms and National Security appeared first on Centraleyes.

What happens when the backbone of global operations—supply chain software—comes under attack? Starbucks and leading UK supermarkets like Morrisons and Sainsbury’s are now living that reality. A recent ransomware breach on Blue Yonder disrupted everything from payroll systems to fresh produce logistics, sending a clear message: supply chain security is more critical than ever.

Starbucks reported difficulties managing payroll and employee scheduling due to the breach. While store operations remain unaffected, the company has shifted to manual calculations to ensure employees are paid accurately. This proactive approach reflects Starbucks’ commitment to minimizing the impact on its workforce.

UK Grocers Experience Temporary Disruptions

The attack impacted major retailers in the UK, with Morrisons reporting issues in its fresh produce and warehouse management systems. Sainsbury’s also faced brief operational challenges but swiftly resumed normal service. These incidents underscore the far-reaching implications of targeting supply chain technology providers.

Blue Yonder Investigates

Blue Yonder, a division of Panasonic with a client base exceeding 3,000 businesses, identified the incident as a ransomware attack affecting its managed services environment. The company is collaborating with cybersecurity experts to contain the breach and restore services, although a precise timeline for recovery remains unclear.

A Broader Trend in Cyber Threats

This attack follows a disturbing trend of ransomware targeting supply chain platforms, including MOVEit, Kaseya, and others. Such incidents reveal the critical need for businesses to fortify their cybersecurity defenses and evaluate risks associated with third-party providers.

Centraleyes: Advancing Risk Management

Centraleyes empowers organizations to identify vulnerabilities, prioritize risks, and strengthen their cyber resilience. Our platform is designed to help businesses stay ahead of evolving threats and maintain continuity in an unpredictable landscape.

The post When Your Coffee Break Faces a Cyber Threat appeared first on Centraleyes.

Fake copyright infringement notices are sweeping across inboxes globally, hitting hundreds of companies with a new and devious malware campaign. Since July, cyber researchers at Check Point have been tracking “CopyR(ight)hadamantys,” an attack designed to look like legal copyright warnings but packing a hidden threat—Rhadamanthys, a powerful data-stealing malware.

How It Hooks Victims

The emails pretend to be legal warnings from big-name brands, accusing recipients of copyright violations and pressuring them to “review” details of the infraction in a password-protected file. But instead of legal documents, victims are met with a decoy and a hidden malware file. Industries like tech and media are prime targets, as scammers play on copyright anxiety, nudging recipients to wonder, “Did I actually misuse an image?”

Meet Rhadamanthys: The Malware with a $1,000 Price Tag

This isn’t your run-of-the-mill malware. Rhadamanthys packs advanced features, including optical character recognition (OCR) that can read text from images and PDFs, suggesting an interest in swiping credentials—especially cryptocurrency wallets. The malware’s sophistication has even caught the attention of threat actors tied to nation-states, like Iran-linked Void Manticore and pro-Palestinian groups, adding an extra layer of intrigue.

Stealth Mode Activated

To avoid detection, Rhadamanthys uses a clever trick: it clones itself as a much larger file in the victim’s Documents folder, disguised as a Firefox component. The oversized file’s unique “overlay” data changes its hash, allowing it to slip past antivirus systems that rely on hash-based scanning. Plus, some antivirus programs skip scanning large files to save resources, letting Rhadamanthys hide in plain sight.

How to Stay Safe

Security experts urge businesses to double down on phishing protection and to keep employees alert to suspicious emails. Keeping an eye out for unusually large file downloads from emails may also help, though sorting legitimate from malicious files can be tricky.

The post Under the Mask of Copyright: How Phishing Attacks Are Evolving appeared first on Centraleyes.