CyberWire Daily: Red November Espionage, JLR Bailout, AI Sustainability & More

Global Espionage and Cyber Threats

• 🎯 A Chinese state-sponsored group, Red November, conducted a global espionage campaign targeting defense contractors, government agencies, and corporations by exploiting VPN and firewall vulnerabilities.
• 🔑 The group utilized publicly available tools like Pontagana backdoor, Cobalt Strike, and Sparkrat to maintain persistent access for months.
• ⚠️ Hackers are actively exploiting a maximum severity flaw in Fortra's GoAnywhere Managed File Transfer product, allowing remote command execution without authentication.
• 💻 Akira ransomware operators are bypassing MFA on SonicWall SSLVPN devices, likely by reusing stolen credentials or one-time password seeds.

Economic and Corporate News

• 🏦 The UK government is guaranteeing a £1.5 billion loan for Jaguar Land Rover following a cyber attack that disrupted production and supply chains.
• 📉 New research suggests the current AI boom may be unsustainable, with Deutsche Bank warning that AI capital expenditure is propping up the US economy and Bane projecting a significant revenue shortfall.
• 🛍️ Luxury retailer Harrods confirmed a data breach affecting 430,000 customer records due to a third-party provider, though sensitive financial data was not compromised.

Law Enforcement and International Relations

• 🇳🇱 Dutch police arrested two teenagers for allegedly spying for Russia using Wi-Fi sniffers near sensitive locations like Europol and the Canadian embassy.
• 🌍 Interpol announced the arrest of 260 individuals across Africa in a crackdown on online fraud networks, recovering over $2.8 million in losses from romance scams and sextortion.
• 📜 A bill introduced in the US House of Representatives, the "Scam Farms Mark and Reprisal Authorization Act," proposes reviving the concept of letters of mark for cyber operations, raising significant legal and geopolitical concerns.

Cybersecurity Ecosystem and Acquisitions

• 🇯🇵 Brandon Karpf discusses the cybersecurity ecosystem in Japan, highlighting international public-private partnerships.
• 🤝 The cybersecurity market saw several acquisitions, including Cyberbit acquiring RangeForce and Halon buying 11 cybersecurity, alongside various funding rounds for companies like Terara Security and Kertos.
• 🎣 A BBC journalist was targeted by cybercriminals offering a bribe to hand over BBC credentials for a ransomware attack, illustrating the reality of insider threat recruitment.