6 Year Old Sleeper Attack Uncovered, Fake Bank Draft Scam, and Signal Tool Breach - Cybersecurity Today

Summary

Cybersecurity Today: Episode Summary Hosted by Jim Love | Release Date: May 7, 2025

In this episode of Cybersecurity Today, host Jim Love delves into three significant cybersecurity incidents that highlight the evolving threat landscape businesses and government agencies face today. The episode covers a long-dormant supply chain attack, a sophisticated financial scam targeting small businesses, and breaches involving a messaging archiving tool used by high-level U.S. officials. Below is a comprehensive summary of the key discussions, insights, and conclusions drawn during the episode.

1. Six-Year-Old Sleeper Supply Chain Attack Uncovered

Overview: Jim Love begins by discussing a coordinated supply chain attack that compromised between 500 and 1,000 e-commerce websites. This attack exploited vulnerabilities in 21 Magento extensions from vendors Tigran, Mitenchi, and Mage Solutions.

Key Points:

Attack Vector: The attackers injected backdoors into Magento extensions as early as 2019. The malicious code remained dormant until its activation in April 2025.
Affected Extensions:
- Tigran: AJAX Suite, AJAX Cart, multicod
- Mitenchi: Cookie Notice, Currency Switcher, Defer JS
- Mage Solutions (MGS): Lookbook Store Locator, GDPR modules
Malicious Mechanism: The backdoor operates through a malicious license check within files named License PHP or License API php, allowing remote code execution via functions like admin_load_license.
Security Firm Involvement: Sansec discovered the breach and advised immediate auditing of installations, removal of affected files, scanning for additional malware, and restoring from clean backups to ensure system integrity.

Notable Quote: Jim Love emphasizes the gravity of the situation, stating, “[...] This incident is just another in a series that underscores the importance of supply chain security and the need for vigilant monitoring of third-party software components.” [04:20]

Insights:

The longevity of the attack highlights how malicious actors can embed threats deep within supply chains, remaining undetected for years.
The use of open-source tools in critical systems amplifies the potential impact of such attacks.

2. Vulnerability in the Easyjson Open Source Library

Overview: The episode transitions to a concerning revelation about the easyjson library, a widely-used open-source JSON serialization tool for the GO programming language.

Key Points:

Ownership and Maintenance: Easyjson is maintained by developers based in Moscow and hosted on GitHub under mail.ru, a subsidiary of the sanctioned Russian company VK Group.
Potential Risks: Although no current vulnerabilities have been identified, the library's pervasive use across healthcare, finance, defense, and government systems makes it a high-value target for exploitation by Russian state actors.
Integration Concerns: Easyjson is integral to essential tools like Kubernetes, Prometheus, and Grafana, meaning any compromise could have cascading effects across dependent systems.
Expert Recommendations: Organizations are urged to audit their dependencies, consider forking critical libraries to maintain control, and implement robust monitoring to detect anomalies.

Notable Quote: Jim Love underscores the potential threat, noting, “[...] Experts warn that easyjson could serve as a sleeper cell, enabling supply chain attacks, data exfiltration, or system disruptions if it was manipulated.” [12:45]

Insights:

The reliance on open-source libraries necessitates rigorous vetting and monitoring to prevent supply chain compromises.
Geopolitical tensions can directly influence cybersecurity risks, especially when software dependencies are tied to sanctioned entities.

3. Ontario Business Falls Prey to Fake Bank Draft Scam

Overview: A small business in Ontario, Canada, lost $108,000 in a sophisticated bank draft scam targeting the purchase of construction equipment.

Key Points:

Modus Operandi: The scam involved the presentation of counterfeit bank drafts that appeared legitimate, deceiving both the business and a bank teller into believing the payment was genuine.
Outcome: The business released the machinery to the fraudulent buyer, who then absconded with the equipment once the bank identified the draft as fake.
Financial Recovery: Thankfully, the company's insurance covered the theft, reimbursing them for the loss.
Expert Advice:
- Verify bank drafts directly with issuing banks before releasing goods.
- Allow drafts to fully clear to add an extra layer of security.
- Encourage collaboration between CISOs and CFOs to address financial fraud risks.

Notable Quote: Jim Love highlights the increasing sophistication of such scams, stating, “[...] The incident underscores the increasing sophistication of financial scams targeting businesses.” [20:30]

Insights:

Financial transactions, while not purely cybersecurity issues, intersect significantly with information security practices.
Cross-departmental communication within organizations is crucial to safeguard against diverse fraud tactics.

4. Signal Tool Breach Raises Concerns Over Messaging Security

Overview: The final segment addresses breaches involving Telemessage, an Israeli-based tool used to archive encrypted messages from platforms like Signal, Telegram, and WeChat, utilized by Trump administration officials.

Key Points:

Breach Details:
- Two separate hackers claimed to have breached Telemessage's system, accessing names, contact details of U.S. officials, internal credentials, and client indicators.
- One breach occurred via fast access to Telemessage’s backend, and another involved downloading a large cache of files.
Company Response: Telemessage suspended operations out of caution and is investigating the incidents.
Security Concerns:
- Telemessage's approach potentially undermines Signal's end-to-end encryption by storing message copies.
- This raises alarms about the protection of high-level U.S. communications and the possible exploitation by malicious actors.
Expert Commentary:
- The breach calls into question the effectiveness of security advisories provided to senior government officials.
- Suggestion to involve competent security advisors, such as Chris Krebs, to oversee and rectify the vulnerabilities.

Notable Quote: Jim Love critiques the security oversight, remarking, “[...] Now it makes you wonder who, if anyone, is actually advising the most senior members of the Trump Cabinet on security.” [35:10]

Insights:

The compromise of messaging archiving tools used by government officials highlights the critical need for secure communication channels.
The balance between archiving communications for transparency and maintaining encryption integrity is delicate and must be managed with utmost security considerations.

Conclusion

In this episode, Jim Love effectively sheds light on the multifaceted nature of contemporary cybersecurity threats. From long-dormant supply chain attacks and vulnerabilities in widely-used open-source libraries to financial scams and breaches in government communication tools, the discussions underscore the imperative for continuous vigilance, robust security practices, and interdepartmental collaboration. As businesses and government agencies navigate an increasingly perilous digital landscape, the insights provided offer valuable guidance on safeguarding against both existing and emerging threats.

Engage with Us: Jim Love invites listeners to share their thoughts and comments via email at me@EditorialEchnewsDay.cat, on LinkedIn, or through YouTube comments.

Summary

Cybersecurity Today: Episode Summary Hosted by Jim Love | Release Date: May 7, 2025

1. Six-Year-Old Sleeper Supply Chain Attack Uncovered

Key Points:

Attack Vector: The attackers injected backdoors into Magento extensions as early as 2019. The malicious code remained dormant until its activation in April 2025.
Affected Extensions:
- Tigran: AJAX Suite, AJAX Cart, multicod
- Mitenchi: Cookie Notice, Currency Switcher, Defer JS
- Mage Solutions (MGS): Lookbook Store Locator, GDPR modules
Malicious Mechanism: The backdoor operates through a malicious license check within files named License PHP or License API php, allowing remote code execution via functions like admin_load_license.
Security Firm Involvement: Sansec discovered the breach and advised immediate auditing of installations, removal of affected files, scanning for additional malware, and restoring from clean backups to ensure system integrity.

Insights:

The longevity of the attack highlights how malicious actors can embed threats deep within supply chains, remaining undetected for years.
The use of open-source tools in critical systems amplifies the potential impact of such attacks.

2. Vulnerability in the Easyjson Open Source Library

Overview: The episode transitions to a concerning revelation about the easyjson library, a widely-used open-source JSON serialization tool for the GO programming language.

Key Points:

Ownership and Maintenance: Easyjson is maintained by developers based in Moscow and hosted on GitHub under mail.ru, a subsidiary of the sanctioned Russian company VK Group.
Potential Risks: Although no current vulnerabilities have been identified, the library's pervasive use across healthcare, finance, defense, and government systems makes it a high-value target for exploitation by Russian state actors.
Integration Concerns: Easyjson is integral to essential tools like Kubernetes, Prometheus, and Grafana, meaning any compromise could have cascading effects across dependent systems.
Expert Recommendations: Organizations are urged to audit their dependencies, consider forking critical libraries to maintain control, and implement robust monitoring to detect anomalies.

Insights:

The reliance on open-source libraries necessitates rigorous vetting and monitoring to prevent supply chain compromises.
Geopolitical tensions can directly influence cybersecurity risks, especially when software dependencies are tied to sanctioned entities.

3. Ontario Business Falls Prey to Fake Bank Draft Scam

Overview: A small business in Ontario, Canada, lost $108,000 in a sophisticated bank draft scam targeting the purchase of construction equipment.

Key Points:

Modus Operandi: The scam involved the presentation of counterfeit bank drafts that appeared legitimate, deceiving both the business and a bank teller into believing the payment was genuine.
Outcome: The business released the machinery to the fraudulent buyer, who then absconded with the equipment once the bank identified the draft as fake.
Financial Recovery: Thankfully, the company's insurance covered the theft, reimbursing them for the loss.
Expert Advice:
- Verify bank drafts directly with issuing banks before releasing goods.
- Allow drafts to fully clear to add an extra layer of security.
- Encourage collaboration between CISOs and CFOs to address financial fraud risks.

Insights:

Financial transactions, while not purely cybersecurity issues, intersect significantly with information security practices.
Cross-departmental communication within organizations is crucial to safeguard against diverse fraud tactics.

4. Signal Tool Breach Raises Concerns Over Messaging Security

Key Points:

Breach Details:
- Two separate hackers claimed to have breached Telemessage's system, accessing names, contact details of U.S. officials, internal credentials, and client indicators.
- One breach occurred via fast access to Telemessage’s backend, and another involved downloading a large cache of files.
Company Response: Telemessage suspended operations out of caution and is investigating the incidents.
Security Concerns:
- Telemessage's approach potentially undermines Signal's end-to-end encryption by storing message copies.
- This raises alarms about the protection of high-level U.S. communications and the possible exploitation by malicious actors.
Expert Commentary:
- The breach calls into question the effectiveness of security advisories provided to senior government officials.
- Suggestion to involve competent security advisors, such as Chris Krebs, to oversee and rectify the vulnerabilities.

Insights:

The compromise of messaging archiving tools used by government officials highlights the critical need for secure communication channels.
The balance between archiving communications for transparency and maintaining encryption integrity is delicate and must be managed with utmost security considerations.

Conclusion

Engage with Us: Jim Love invites listeners to share their thoughts and comments via email at me@EditorialEchnewsDay.cat, on LinkedIn, or through YouTube comments.