China Targets India, Security Firm Mistake, Zeus Hacks Olympics

Email authentication isn’t just about preventing spoofing - it’s about trust, says Vasile Diaconu, Operations Lead at DuoCircle. Every email your organization sends either builds trust or erodes it. SPF, DKIM, and DMARC are the foundation of that trust. Without them, receivers have no way to distinguish your legitimate email from an attacker’s.

The three core email authentication standards - SPF (RFC 7208), DKIM (RFC 6376), and DMARC (RFC 7489) - work together to verify that an email genuinely originates from the domain it claims to represent. DMARC Report

China Targets India, Security Firm Mistake, Zeus Hacks Olympics

					<button title="Play" aria-label="Play Episode" aria-pressed="false" class="play-btn">
						

Play Episode

					</button>
					<button title="Pause" aria-label="Pause Episode" aria-pressed="false" class="pause-btn hide">
						

Pause Episode

					</button>
					


				

				

					<audio preload="none" class="clip clip-14730">
						<source src="https://media.mailhop.org/dmarcreport/images/2024/08/China-Targets-India-Security-Firm-Mistake-Zeus-Hacks-Olympics.mp3">
					</audio>
					

						

					

					

						

							<button class="player-btn player-btn__volume" title="Mute/Unmute">
								

Mute/Unmute Episode

							</button>
							<button data-skip="-10" class="player-btn player-btn__rwd" title="Rewind 10 seconds">
								

Rewind 10 Seconds

							</button>
							<button data-speed="1" class="player-btn player-btn__speed" title="Playback Speed" aria-label="Playback Speed">1x</button>
							<button data-skip="30" class="player-btn player-btn__fwd" title="Fast Forward 30 seconds">
								

Fast Forward 30 seconds

							</button>
						

						

							<time class="ssp-timer">00:00</time>
							

/

							<!-- We need actual duration here from the server -->
							<time class="ssp-duration" datetime="PT0H1M46S">1:46</time>
						

					

				

			

								<nav class="player-panels-nav">
												<button class="subscribe-btn" id="subscribe-btn-14730" title="Subscribe">Subscribe</button>
																		<button class="share-btn" id="share-btn-14730" title="Share">Share</button>
										</nav>
						

	



		

						

				

					

					

				

				

					

																																																																								

					

						

RSS Feed

							<input value="https://dmarcreport.com/feed/podcast/dmarc-report" class="input-rss input-rss-14730" title="RSS Feed URL" readonly />
						

						<button class="copy-rss copy-rss-14730" title="Copy RSS Feed URL" aria-label="Copy RSS Feed URL"></button>
					

				

			

									

				

					

					

				

				

					

						Share						

					

						<a href="https://www.facebook.com/sharer/sharer.php?u=https://dmarcreport.com/blog/podcast/china-targets-india-security-firm-mistake-zeus-hacks-olympics/&t=China Targets India, Security Firm Mistake, Zeus Hacks Olympics" target="blank" rel="noopener noreferrer" class="share-icon facebook" title="Share on Facebook">
							

						</a>
						<a href="https://twitter.com/intent/tweet?text=https://dmarcreport.com/blog/podcast/china-targets-india-security-firm-mistake-zeus-hacks-olympics/&url=China Targets India, Security Firm Mistake, Zeus Hacks Olympics" target="blank" rel="noopener noreferrer" class="share-icon twitter" title="Share on Twitter">
							

						</a>
						<a href="https://media.mailhop.org/dmarcreport/images/2024/08/China-Targets-India-Security-Firm-Mistake-Zeus-Hacks-Olympics.mp3" target="blank" rel="noopener noreferrer" class="share-icon download" title="Download" download>
							

						</a>
					

				

				

					

						Link						

					

						<input value="https://dmarcreport.com/blog/podcast/china-targets-india-security-firm-mistake-zeus-hacks-olympics/" class="input-link input-link-14730" title="Episode URL" readonly />
					

					<button class="copy-link copy-link-14730" title="Copy Episode URL" aria-label="Copy Episode URL" readonly=""></button>
				

				

					

						Embed						

					

						<input type="text" value='<blockquote class="wp-embedded-content" data-secret="n1NQiWBm3Q"><a href="https://dmarcreport.com/blog/podcast/china-targets-india-security-firm-mistake-zeus-hacks-olympics/">China Targets India, Security Firm Mistake, Zeus Hacks Olympics</a></blockquote><iframe sandbox="allow-scripts" security="restricted" src="https://dmarcreport.com/blog/podcast/china-targets-india-security-firm-mistake-zeus-hacks-olympics/embed/#?secret=n1NQiWBm3Q" width="500" height="350" title=""China Targets India, Security Firm Mistake, Zeus Hacks Olympics" - DMARC Report" data-secret="n1NQiWBm3Q" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"></iframe><script>

/*! This file is auto-generated / !function(d,l){“use strict”;l.querySelector&&d.addEventListener&&“undefined”!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!/[^a-zA-Z0-9]/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll(‘iframe[data-secret=”‘+t.secret+’”]’),o=l.querySelectorAll(‘blockquote[data-secret=”‘+t.secret+’”]’),c=new RegExp(“^https?:$”,“i”),i=0;i<o.length;i++)o[i].style.display=“none”;for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute(“style”),“height”===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):“link”===t.message&&(r=new URL(s.getAttribute(“src”)),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener(“message”,d.wp.receiveEmbedMessage,!1),l.addEventListener(“DOMContentLoaded”,function(){for(var e,t,s=l.querySelectorAll(“iframe.wp-embedded-content”),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute(“data-secret”))||(t=Math.random().toString(36).substring(2,12),e.src+=”#?secret=“+t,e.setAttribute(“data-secret”,t)),e.contentWindow.postMessage({message:“ready”,secret:t},"")},!1)))}(window,document); //# sourceURL=https://dmarcreport.com/wp-includes/js/wp-embed.min.js ’ title=“Embed Code” class=“input-embed input-embed-14730” readonly/>

					<button class="copy-embed copy-embed-14730" title="Copy Embed Code" aria-label="Copy Embed Code"></button>
				

			

				

**Digital advancement has made our lives easy. But at the same time, criminals with malicious intentions are also using it to mint money in an easy and quick manner. Cyberattackers are slowly expanding their territories across the globe. The only way to keep your money and devices safe from these threat actors is to educate yourself about cyberattacks, and take adequate measures and precautionary strategies.

Every week, we bring you the latest cyber happenings from around the world so that you can stay updated and be **well-prepared for any kind of cyber mishap.

The major event in the cyberworld involves a mind-boggling incident where a cybersecurity firm accidentally hired a North Korean hacker. On the other hand, Indian postal service users are being targeted by China-backed threat actors. Lastly, ‘Zeus’ hackers have targeted Israeli athletes in ongoing Paris Olympics.

Keep reading to get detailed information about these cyber incidents.

China-backed Smishing Triad is targeting Indian postal service users

If you are an iPhone user and also a **loyal customer of Indian postal services, then you need to be cautious. Smishing Triad, a China-backed phishing group, has been attacking Indian postal service users. The threat actors are sending out fake text messages to iPhone users claiming that their parcel/package is awaiting to be collected at the Indian Post warehouse . These fake messages contain malicious URLs, clicking on which will simply empty your bank account just like that.

Basically, the threat actors have been sending iMessages by leveraging third-party apps such as Gmail, HotMail, and Yahoo. Apple ID accounts that have been configured using these **third-party email IDs are used to send out the iMessages. Each iMessage consists of short URLs; one click, and you will be redirected to fraudulent websites.

This is not the first time that the postal services have been targeted by threat actors. Earlier, the US Postal Service (USPS) faced the brunt of cyberattacks. Tehran, a phishing actor, singlehandedly disrupted the operations of the US postal services. In a similar kind of smishing incident, US citizens were receiving **text messages claiming that they had road toll dues. The ultimate goal of these text messages was to somehow convince them to share their bank account details.

Mobile phishing attacks are on the rise because of the truckloads of features that smartphones come equipped with. QR codes, SMS, email, and third-party communication apps – all make the work easier for threat actors. Also, the lack of apt **security control systems **on mobile phones makes them an easy target. By implementing robust email authentication protocols such as SPF, DKIM and DMARC, individuals and organizations can protect their sensitive information from malicious actors.

Security firm ropes in a North Korean hacker by mistake!

In a bizarre turn of events, a security firm- KnowBe4, accidentally hired a North Korean hacker. They confused him as a software engineer and roped him in for their internal AI team. Although KnowBe4 has a set of elaborate, stringent screening processes, but the hacker managed to fool them with an AI-enhanced photo and a stolen identity.

KnowBe4’s screening process includes a pre-hiring background check . Also, once the background check is done, candidates need to go through **4 different rounds **of video conference interviews. Despite the intricate background checks, the hacker came out clean,

Once the hacker got hired by KnowBe4, he received his **Mac workstation from the company. The hacker started uploading malware as soon as he got his hands on the Mac workstation.

**KnowBe4 got doubtful on 15th July when they detected suspicious activities on his system. As authorities reached out to him in person to make further queries, he said he was trying to troubleshoot a speed issue.

However, the hacker was actually trying to manipulate the **session history files with malicious intentions. He was trying to transfer harmful files and execute unauthorized software by leveraging Raspberry Pi.

SOC or the Security Operations Center summoned him for further inquiry. The hacker initially claimed that he was not available at that moment and later on became unresponsive. Then SOC **simply quarantined the workstation of the hacker.

KnowBe4 has shared all the details it had with the FBI, and an investigation is ongoing.

“Zeus” hacker group targets Israeli athletes in Paris Olympics

The Paris Olympics event has become a hot pick for threat actors around the globe. Now cyberattackers have managed to publish sensitive data of Israeli athletes on the Telegram app. From login credentials to blood test results, everything is out there in the public domain. The hacker group named “Zeus” has taken responsibility for the data leaks.

OFAC, or France’s Anti Cybercrime Office, took down the data from the Telegram app after the incident was reported. The Israeli Foreign Minister is clearly unhappy with the data breach and stated the mishap as an attempt to disrupt the “joyous event.”

Sources

• RFC 7208 - Sender Policy Framework (SPF)
• RFC 7489 - Domain-based Message Authentication, Reporting, and Conformance (DMARC)