Hello everyone! It's been a busy day in the cyber world with significant breaches affecting cryptocurrency users and national services, new insights into nation-state APT activity, and a look at how AI is reshaping both attacks and defences. Let's dive in:
Trust Wallet Chrome Extension Breach ⚠️
- Trust Wallet's Chrome extension version 2.68.0 was compromised, leading to an estimated $6-7 million in cryptocurrency losses for users.
- Malicious code was embedded in the extension, exfiltrating mnemonic phrases to an attacker-controlled server, api.metrics-trustwallet[.]com, which was registered shortly before the incident.
- Trust Wallet has confirmed the incident, urged users to update to version 2.69 immediately, and committed to refunding all affected users, while a parallel phishing campaign exploited the panic.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/trust-wallet-chrome-extension-hack-tied-to-millions-in-losses/
📰 The Hacker News | https://thehackernews.com/2025/12/trust-wallet-chrome-extension-bug.html
French Postal Service Hit by Pro-Russian Hackers 🚨
- Pro-Russian group NoName057(16) claimed responsibility for a DDoS attack that disrupted France's national postal service, La Poste, and its banking arm, La Banque Postale, just before Christmas.
- The attack temporarily knocked key digital systems offline, affecting parcel tracking and slowing mail distribution, though La Poste stated no customer data was compromised.
- French authorities have opened an investigation, with the domestic intelligence agency DGSI taking over the probe, focusing on the deliberate disruption of a data processing service.
🗞️ The Record | https://therecord.media/pro-russia-hackers-claim-attack-la-poste
GrubHub Phishing Scam via Legitimate Subdomain 🎣
- Grubhub users received fraudulent emails from a legitimate company subdomain (b.grubhub.com) promising a tenfold return on sent cryptocurrency as part of a "Holiday Crypto Promotion."
- This is a classic crypto reward scam, luring victims to send Bitcoin to a specified wallet with the false promise of a larger return.
- Grubhub has acknowledged "unauthorized messages" to merchant partners, stating they have contained the issue and are working to prevent future occurrences, though the exact cause (e.g., DNS takeover) remains unconfirmed.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/fake-grubhub-emails-promise-tenfold-return-on-sent-cryptocurrency/
Evasive Panda APT Uses DNS Poisoning for MgBot Malware 🐼
- China-linked APT group Evasive Panda (also known as Bronze Highland, Daggerfly, StormBamboo) conducted a highly targeted cyber espionage campaign using DNS poisoning.
- The group manipulated DNS requests to deliver its MgBot backdoor, masquerading as updates for legitimate software like SohuVA, Baidu's iQIYI Video, IObit Smart Defrag, and Tencent QQ.
- MgBot is a modular implant capable of extensive data harvesting, including keystrokes, clipboard data, audio streams, and browser credentials, allowing for long-term stealthy persistence.
📰 The Hacker News | https://thehackernews.com/2025/12/china-linked-evasive-panda-ran-dns.html
Hacker Mindset for Cyber Defence 🧠
- Remedio CEO Tal Kollender, a former video game hacker, advocates for adopting a "hacker mindset" to effectively defend against cyber threats, stating that understanding adversarial thinking is crucial.
- Her company uses AI to proactively identify and auto-remediate vulnerabilities, misconfigurations, and compliance gaps across corporate devices.
- The increasing use of AI by attackers to accelerate reconnaissance and exploitation means defenders must also leverage AI to keep pace, making cybersecurity a battle of AI versus AI.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/12/26/video_game_hacker_turned_ceo/
AI's Impact on Cybersecurity Tabletop Exercises 🛡️
- Cybersecurity tabletop exercises are evolving to account for AI, both in terms of how attackers use AI to find and exploit bugs faster, and how defenders can integrate AI into their response strategies.
- Organisations need to simulate scenarios involving rapid exploitation of CVEs (within minutes of publication) and AI-powered phishing, while also securing their own AI systems against prompt injection and data exfiltration.
- Experts recommend incorporating "analog friction" like mandatory out-of-band verification for deepfake-driven requests and practising offline business operations, emphasising process over technology when trust in digital information is compromised.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/12/26/end_of_year_tabletop_exercises/
#CyberSecurity #ThreatIntelligence #CryptoHack #DDoS #Phishing #APT #EvasivePanda #MgBot #AIinCyber #TabletopExercises #InfoSec #IncidentResponse
