Introduction
As December wraps up, we’re here with the final ‘This Month in Cybersecurity’ roundup for the year—from the ongoing threat of Chinese telco hackers and illegal political microtargeting by the European Commission, to sophisticated phishing campaigns targeting security professionals and Chrome extensions.
Let’s explore the highlights! 
1. CISA, FBI urge Americans to use encrypted messaging apps to combat Chinese telco hackers
The China-backed hacking group Salt Typhoon remains embedded in major U.S. telecom networks, including AT&T, Verizon, and Lumen, accessing real-time unencrypted communications and metadata. The ongoing breaches, which target U.S. officials and presidential candidates, appear to support Chinese espionage efforts. To counter these threats, the FBI and CISA are urging Americans to use end-to-end encrypted messaging apps like Signal and WhatsApp to secure their communications. The government is also advising telecom providers on unique remediation strategies to bolster defenses against such attacks.
| Date: | Dec 4, 2024 |
|---|---|
| Source: | Tech Crunch |
| Author: | Zack Whittaker |
2. Political microtargeting by EU Commission illegal
The European Data Protection Supervisor (EDPS) ruled that the European Commission illegally used sensitive personal data for political microtargeting on X/Twitter. Ads targeting users based on inferred political preferences without consent violated EU regulations, aiming to influence views in the Netherlands during the chat control regulation debate. Though only reprimanded, the Commission was held accountable as the data controller. This decision sets a precedent against political microtargeting, which noyb warns undermines democracy.
| Date: | Dec 13, 2024 |
|---|---|
| Source: | noyb |
| Author: | noyb |
3. Yearlong supply-chain attack targeting security pros steals 390K credentials
A year-long supply-chain attack orchestrated by the sophisticated group MUT-1244 has targeted security professionals by Trojanizing open-source software on platforms like GitHub and NPM. The campaign deployed malicious packages, such as @0xengine/xmlrpc, and phishing tactics to steal sensitive credentials, SSH keys, and cloud access tokens, while also infecting machines with cryptomining software. The operation, marked by its longevity, professional backdoor design, and use of stealthy techniques, has resulted in the theft of 390,000 WordPress credentials and the compromise of numerous devices. Despite the campaign’s scale and precision, the attackers’ ultimate motives remain unclear, blending credential theft with cryptomining.
| Date: | Dec 13, 2024 |
|---|---|
| Source: | Ars TECHNICA |
| Author: | Dan Goodin |
4. HubPhish abuses HubSpot tools to target 20,000 European users for credential theft
The “HubPhish” phishing campaign targeted over 20,000 European users, exploiting HubSpot’s Free Form Builder to redirect victims to fake Office 365 login pages, stealing credentials to compromise Microsoft Azure accounts. While HubSpot itself wasn’t breached, attackers gained persistent access to Azure environments. The campaign highlights growing phishing tactics, including abusing legitimate tools like Google Calendar invites to bypass security. Users are advised to enable stricter controls to counter such threats.
| Date: | Dec 18, 2024 |
|---|---|
| Source: | The Hacker News |
| Author: | Ravie Lakshmanan |
5. 16 Chrome Extensions hacked, exposing over 600,000 users to data theft
A recent attack on Chrome browser extensions compromised at least 16 popular extensions, exposing over 600,000 users to credential theft and data leakage. The attackers used phishing emails to access extension developers’ accounts, then injected malicious code into the extensions. Notable targets included Cyberhaven, whose extension was manipulated to steal Facebook identity tokens. This widespread campaign, ongoing since at least 2023, highlights the vulnerabilities of browser extensions, which often have extensive permissions. Security experts emphasise the need for better monitoring and stricter controls on extension installations to mitigate risks.
| Date: | Dec 29, 2024 |
|---|---|
| Source: | The Hacker News |
| Author: | Ravie Lakshmanan |
Conclusion
Well, that’s a wrap for this year! We hope you’ve found these summaries insightful and engaging.
Which story caught your attention this month? We’d love to hear your thoughts. Don’t hesitate to share any interesting articles or insights in the Passbolt community forum: https://hubs.li/Q02bCy160.
Wishing you a joyful holiday season and here’s to exciting things for the year ahead! 
