Yazılar

Hacker Breach of TeleMessage Exposes Communications Across U.S. Government

/in /tarafından

A hacker who breached TeleMessage, a secure communications platform used by U.S. officials — including former Trump national security adviser Mike Waltz — accessed a broad range of messages from multiple government agencies, according to a Reuters investigation. The breach has significantly expanded the scope of concern over data security in the Trump administration and beyond.

The leaked data, obtained by nonprofit transparency group Distributed Denial of Secrets, revealed intercepted communications involving over 60 unique U.S. government users, including:

  • Disaster responders

  • Customs and Border Protection officials

  • U.S. diplomats

  • Secret Service members

  • A White House staffer

  • FEMA and financial sector personnel

The messages, spanning a roughly 24-hour period ending May 4, included discussions related to travel logistics for senior U.S. officials, such as a group labeled “POTUS | ROME-VATICAN | PRESS GC,” likely linked to preparations for a presidential visit. Another appeared to discuss a trip to Jordan involving U.S. personnel.

While Reuters did not identify any classified or overtly sensitive information, experts caution that the metadata alone — including who was talking to whom, when, and in what context — poses a serious counterintelligence risk.

“Even if you don’t have the content, that is a top-tier intelligence access,” said Jake Williams, a former NSA cyber expert, now at Hunter Strategy.

Waltz and Previous Signal Controversy

The breach of TeleMessage, which modifies secure apps like Signal to meet federal archiving requirements, drew attention after Mike Waltz was photographed using the platform during a Cabinet meeting on April 30. While no messages directly linked to Waltz have surfaced in the leak, his previous misuse of Signal — including inadvertently adding a journalist to a chat discussing real-time air raids on Yemen — led to his removal as national security adviser. He was later nominated to serve as U.S. ambassador to the United Nations.

Unclear Scope, Ongoing Investigations

The extent of the breach remains under investigation. The platform, owned by Smarsh, a Portland, Oregon-based digital communications firm, was taken offline on May 5 “out of an abundance of caution.” Smarsh has not responded to media inquiries.

Affected agencies include:

  • Department of Homeland Security

  • State Department

  • Centers for Disease Control and Prevention (CDC)

  • Federal Emergency Management Agency (FEMA)

  • Customs and Border Protection (CBP)

While some agencies downplayed the risk or claimed no confirmed compromise, others are still conducting internal reviews. The Cybersecurity and Infrastructure Security Agency (CISA) has since advised all users to cease use of the platform unless further mitigation steps are provided.

Key Questions Unanswered

Neither Waltz nor the White House has publicly addressed how or why TeleMessage was used or whether any guidelines were breached. The use of such platforms — designed to balance privacy, security, and legal compliance — now faces renewed scrutiny amid the apparent ease with which the hacker penetrated multiple layers of sensitive communications.

The incident adds to a growing list of cyber breaches targeting U.S. institutions in recent years, raising alarm about the resilience of federal communications systems in a time of heightened geopolitical risk and digital espionage.

Google Warns U.S. Retailers: Scattered Spider Hackers Shifting Focus from UK to U.S. Targets

/in /tarafından

Alphabet’s Google has issued a stark cybersecurity warning to U.S. retailers, revealing that hackers connected to the Scattered Spider group—linked to recent cyberattacks that paralyzed UK retail giants like M&Sare now actively targeting American retail operations.

These actors are aggressive, creative, and particularly effective at circumventing mature security programs,” said John Hultquist, chief analyst at Google’s cybersecurity unit.

🕸️ Who is Scattered Spider?

  • Scattered Spider is not a single entity but a loosely connected hacker collective, often made up of young and highly adaptive cybercriminals.

  • The group made headlines in 2023 for cyberattacks on:

    • MGM Resorts International

    • Caesars Entertainment

It now appears to be sector-focused, with retail as its current primary target.

💥 Recent Victims

  • Marks & Spencer (M&S), one of the UK’s most iconic retailers, has had its online operations frozen since April 25 due to a Scattered Spider-linked breach.

  • Google says U.S. retailers may soon face similar high-impact intrusions.

🔍 U.S. Retail Sector on High Alert

  • The National Retail Federation is closely monitoring developments.

    There aren’t geographic boundaries on these threats,” said Christian Beckner, an NRF vice president.

  • Retail & Hospitality ISAC, a major industry threat-sharing alliance whose members include Costco, McDonald’s, Albertsons, and Lowe’s, is working with Google to brief members on how to mitigate the threat.

🚨 Enforcement Challenges

  • Scattered Spiders decentralized structure, young members, and a lack of incident reporting by victims make it difficult for law enforcement to act.

  • FBI and CISA have not yet commented on Google’s latest warning.

🧭 Strategic Recommendations

Cyber experts are urging U.S. retailers to:

  • Reassess and reinforce multi-factor authentication (MFA) practices

  • Conduct penetration testing and vulnerability scanning

  • Increase internal monitoring of identity and access management systems

  • Join industry threat-sharing networks like ISAC to stay ahead of threat intelligence

With U.S. retail networks increasingly digitized, Google’s alert underscores the need for proactive defenses, especially as sophisticated, disruptive hacks now span continents and industries with ease.

DOGE Staffer ‘Big Balls’ Linked to Cybercrime Group, Records Show

/in /tarafından

Edward Coristine, known by his nickname “Big Balls,” a key member of Elon Musk’s DOGE Service team, provided technical support to a cybercrime group involved in illegal activities, including cyberstalking and data trafficking, according to digital records reviewed by Reuters.

Coristine’s Role in DiamondCDN and EGodly

Coristine, a 19-year-old technologist, founded a company named DiamondCDN around 2022, which offered network services. The company was linked to EGodly, a cybercrime ring that boasted about engaging in criminal activities such as stealing data and cyberstalking law enforcement officials. Digital records show that between October 2022 and June 2023, DiamondCDN’s infrastructure was used to support EGodly’s website, dataleak.fun, which was involved in cybercrimes. EGodly publicly thanked DiamondCDN for providing them with DDoS protection and caching systems.

Connection to Government Agencies

Despite these associations, Coristine has been recognized for his work with U.S. government agencies. He is listed as a “senior adviser” at the State Department and the Cybersecurity and Infrastructure Security Agency (CISA). His name also appears in their staff directories, raising concerns about his involvement in securing government networks despite his previous ties to cybercriminals. Coristine describes himself as a “Volunteer (Intern) Plumber” with the U.S. government on his LinkedIn profile.

EGodly’s Cybercrimes and FBI Targeting

EGodly, the group with which Coristine’s company had ties, was known for a variety of cybercrimes, including hijacking phone numbers, breaking into law enforcement email accounts, and stealing cryptocurrency. The group also posted personal information about an FBI agent they targeted for harassment. The group’s members were reportedly involved in the dangerous practice of swatting, which involves making hoax emergency calls to send armed officers to targeted locations. Law enforcement has been aware of EGodly’s activities due to its connection to cybercrime and swatting incidents.

Concerns Over National Security

Nitin Natarajan, former deputy director of CISA, expressed concern over the potential risks posed by Coristine’s past associations with EGodly, noting that it is troubling for someone with such connections to hold a position in government security. This raises questions about the vetting process and the broader implications of such individuals gaining access to sensitive government networks.