Today’s Topics:
- DoJ and Microsoft Take Down 107 Russian Cybercrime Domains in Major Operation
- Apple Releases Critical Security Updates for iOS and iPadOS to Address VoiceOver Password Vulnerability and iPhone 16 Audio Flaw
- How can Netizen help?
DoJ and Microsoft Take Down 107 Russian Cybercrime Domains in Major Operation
The U.S. Department of Justice (DoJ) and Microsoft have teamed up to seize 107 internet domains linked to Russian state-sponsored cyber fraud, making a significant impact on the ongoing battle against cybercrime. These domains, allegedly operated by a Russian threat group known as COLDRIVER, were being used in sophisticated phishing campaigns to steal sensitive information from U.S. government entities and other high-profile targets.
Deputy Attorney General Lisa Monaco noted that the Russian government had orchestrated this scheme, disguising fraudulent activity behind legitimate-looking emails to trick victims into giving up their credentials. The group’s activities are believed to be part of Center 18, a unit within Russia’s Federal Security Service (FSB), and have been in operation for over a decade.
In December 2023, U.S. and U.K. officials sanctioned two individuals—Aleksandrovich Peretyatko and Andrey Stanislavovich Korinets—who are associated with COLDRIVER. These sanctions were imposed due to their involvement in malicious spear-phishing and credential harvesting campaigns. More recently, the European Council imposed sanctions on these individuals in June 2024, signaling a coordinated international effort to disrupt their operations.
This latest crackdown includes 41 domains seized by the DoJ, which were used in targeted attacks against U.S. government officials and other high-value individuals. In parallel, Microsoft filed a civil suit to seize an additional 66 domains that COLDRIVER used to target NGOs and think tanks—especially those aligned with NATO and providing support to Ukraine.
According to Microsoft’s Digital Crimes Unit, COLDRIVER has been relentless in its pursuit, particularly focused on targeting former intelligence officials and Russian experts residing in the U.S. Between January 2023 and August 2024, the group ramped up its efforts, showing a clear intention to infiltrate and steal sensitive information from strategic entities. Despite the group’s consistent attacks, many victims remained unaware of the true nature of the phishing emails they received, ultimately leading to the compromise of their credentials.
Steven Masada, assistant general counsel at Microsoft’s Digital Crimes Unit, emphasized how COLDRIVER’s tactics are constantly evolving. “They are meticulous in crafting personalized phishing emails, identifying high-value targets, and maintaining the infrastructure needed to steal credentials. Their victims often have no idea what’s coming.”
Apple Releases Critical Security Updates for iOS and iPadOS to Address VoiceOver Password Vulnerability and iPhone 16 Audio Flaw
In a security update, Apple has released iOS 18.0.1 and iPadOS 18.0.1 to patch two significant vulnerabilities, one of which posed a serious risk by exposing user passwords via the VoiceOver feature. The vulnerabilities, tracked as CVE-2024-44204 and CVE-2024-44207, affect various iPhone and iPad models, highlighting the importance of timely software updates to maintain device security.
The first flaw, discovered by security researcher Bistrit Daha, exists within Apple’s new Passwords app. It is categorized as a logic issue that allowed the VoiceOver assistive technology to read out users’ saved passwords without adequate restrictions in place. This could expose sensitive information to individuals who were not intended to hear the content, posing a significant privacy risk.
Apple’s advisory states, “A user’s saved passwords may be read aloud by VoiceOver.” The company acknowledged the issue and resolved it by improving the app’s validation mechanisms to ensure that VoiceOver only interacts with password fields when necessary and appropriate.
Devices impacted by this vulnerability include:
- iPhone XS and later models
- iPad Pro (13-inch, 12.9-inch 3rd generation and later)
- iPad Pro (11-inch 1st generation and later)
- iPad Air (3rd generation and later)
- iPad (7th generation and later)
- iPad mini (5th generation and later)
This vulnerability is particularly concerning for users who rely on VoiceOver for accessibility, as the feature is designed to read on-screen elements aloud to assist those with visual impairments. If exploited, attackers with physical access to a device could easily access a user’s password data.
The second vulnerability impacts Apple’s latest iPhone 16 models and is rooted in the Media Session component of iOS. CVE-2024-44207 could potentially allow an attacker to record a few seconds of audio before the microphone indicator was triggered, enabling unauthorized audio capture without the user’s awareness.
According to Apple, “Audio messages in Messages may be able to capture a few seconds of audio before the microphone indicator is activated.” This issue was particularly alarming as it could compromise users’ privacy, especially during sensitive conversations.
The bug was discovered by researchers Michael Jimenez and an anonymous contributor, and Apple has now patched it by implementing additional checks that ensure the microphone indicator is activated promptly before any audio recording occurs.
Both vulnerabilities underline the growing complexity of mobile device security, where software features designed for convenience—like VoiceOver and media session handling—can inadvertently open the door to security risks. While Apple responded quickly with fixes, these issues serve as a reminder of the critical importance of regular software updates to protect against emerging threats.
Apple has urged all users to install iOS 18.0.1 and iPadOS 18.0.1 as soon as possible to protect their devices from these vulnerabilities. With the release of these patches, users can safeguard their information and prevent unauthorized access to their devices’ sensitive data.
For organizations and individuals alike, these security flaws reinforce the need for a proactive approach to cybersecurity. Accessibility features such as VoiceOver are essential tools for many users, but they can also become attack vectors if not properly secured. Enterprises that manage fleets of Apple devices should prioritize mobile device management (MDM) strategies that ensure timely software updates across all devices in their network.
Additionally, regular security audits and vulnerability assessments are essential to stay ahead of potential threats. Organizations using Apple devices, especially in high-security environments like healthcare, finance, or government, should immediately verify that their devices are running the latest software versions to prevent exploitation of these flaws.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
