European Foreign Ministry Hit By DoNot APT Cyber-Espionage Attack - 1

Image by vecstock, from Unsplash

European Foreign Ministry Hit By DoNot APT Cyber-Espionage Attack

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

The hacker group DoNot APT performed a secretive cyberattack against a European foreign ministry, using fake emails and malware which demonstrated the advancement of worldwide espionage tactics.

In a rush? Here are the quick facts:

  • Attack began with a phishing email impersonating defense officials.
  • Malware disguised as a PDF was delivered via Google Drive.
  • Malware steals data and maintains access using scheduled tasks.

The cyber-espionage group DoNot APT, known as APT-C-35 or Mint Tempest, conducted a covert cyberattack against a European foreign ministry, as Trellix research shows. Since 2016, the espionage group operating from India has focused on South Asian government targets and diplomatic institutions, but now appears to be expanding into Europe.

The email, with the subject line “Italian Defence Attaché Visit to Dhaka, Bangladesh,” contained a malicious Google Drive link. Clicking the link downloaded a password-protected document but contained malware.

Once opened, the malware, disguised as a PDF, quietly installed a backdoor on the victim’s system. After gaining access, the attackers began stealing sensitive data by running tasks which refreshed the malware every 10 minutes. Since 2018, DoNot APT has used LoptikMod as its exclusive malware tool.

The researchers observed that the attackers employed a technique which embedded malicious code within binary strings, which made the malware detection more challenging. The malware steals personal system information through its encryption protocol to send it to a command-and-control server that researchers found inactive at the time of analysis, likely to evade detection.

The experts recommend that governments and organizations must enhance email protection mechanisms, monitor network activity, and implement signature-based malware blocking and employee training for phishing identification.

McDonald’s AI Hiring Bot Exposes 64 Millions Job Applicants In Major Data Breach - 2

Image by Erik Mclean, from Unsplash

McDonald’s AI Hiring Bot Exposes 64 Millions Job Applicants In Major Data Breach

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

The weak password on McDonald’s hiring chatbot exposed millions of job applicants’ data, raising serious concerns about AI, privacy, and digital security practices.

In a rush? Here are the quick facts:

  • McHire’s AI bot exposed over 64 million McDonald’s applicant records to hackers.
  • Hackers accessed data using the password “123456” on a Paradox.ai account.
  • Personal details like names, emails, and phone numbers were viewable.

A serious security flaw in McDonald’s hiring platform exposed millions of job applicants’ personal data using shockingly basic methods, as first reported by WIRED . The security issue was found on McHire.com, which allows candidates to interact with “Olivia,” the AI chatbot developed by Paradox.ai for candidate screening.

WIRED reports that security experts Ian Carroll and Sam Curry gained access to McHire’s backend system through the combination of the username and password “123456.” The researchers gained access to applicant information, including names, emails, phone numbers, and chat logs from more than 64 million records after entering the system.

“I just thought it was pretty uniquely dystopian compared to a normal hiring process,” said Carroll to WIRED. “So I started applying for a job, and then after 30 minutes, we had full access to virtually every application that’s ever been made to McDonald’s going back years,” Carroll added.

Paradox.ai confirmed the flaw in a statement and said only a small number of records contained personal data. The exposed account hadn’t been accessed since 2019 and lacked basic protections like multifactor authentication. “We do not take this matter lightly,” said Paradox.ai’s chief legal officer, Stephanie King, as reported by WIRED. “We own this,” he added.

WIRED reported that McDonald’s released a different statement, which pointed to Paradox.ai as the source of the problem and stated that the issue was fixed immediately. “We’re disappointed by this unacceptable vulnerability from a third-party provider,” the company said.

Carroll and Curry explained that the exposed data could be used to execute phishing attacks by impersonating McDonald’s HR staff, who would request sensitive financial information from applicants. The exposed data included non-sensitive information, but its context as minimum-wage job applications created potential risks for harm to applicants.