DeepSeek under cyber attack amid security concerns

Chinese AI company DeepSeek found itself in the spotlight this week as it led to significant financial market losses. On Monday, the tech-heavy Nasdaq index fell by 3.1%, with Nvidia's shares tumbling nearly 17%, resulting in a record one-day loss of approximately $593 billion in market capitalization. Other tech giants, including Broadcom, Microsoft, and Alphabet, also experienced substantial declines. Overall, these events contributed to a total loss of about $1 trillion in market value across U.S. exchanges.

Shortly after DeepSeek announced that a cyberattack had disrupted new user registrations on its platform. The incident came as security researchers uncovered vulnerabilities in its open-source R1 model.

DeepSeek, founded in 2023, claims that R1 performs at the level of OpenAI’s ChatGPT and Google’s Gemini while requiring significantly less computational power. However, the model is now under scrutiny from cyber security experts.

Researchers reported that R1 is susceptible to multiple jailbreak methods that have been patched in other models. Red teams successfully tricked the chatbot into generating malicious content, including ransomware development and instructions for making explosives. Additionally, R1 provided fabricated details about OpenAI executives, raising concerns about its reliability.

Meanwhile, DeepSeek has warned users about impersonation scams on social media. The company has yet to disclose details about the cyberattack but described it as large-scale and malicious—suggesting a potential DDoS assault.

The controversy around DeepSeek also fuels ongoing discussions about data security risks with Chinese AI models. Experts warn that users should be mindful of privacy risks, particularly in light of US concerns over foreign-owned platforms like TikTok.

Hackers exploit SimpleHelp RMM flaws for initial access

Cybercriminals are believed to be exploiting recently patched vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) software to gain access to target networks.

The flaws—CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728—allow attackers to upload and download files and escalate privileges. Horizon3 researchers disclosed the vulnerabilities two weeks ago, with SimpleHelp issuing fixes between January 8 and 13.

Researchers have since observed an attack campaign targeting SimpleHelp servers. While it cannot confirm that these flaws are being exploited, it recommends immediate upgrades to patched versions.

Threat intelligence group Shadowserver reports 580 vulnerable SimpleHelp instances online, with 345 in the US. Attackers appear to leverage existing SimpleHelp installations to establish access, execute commands, and gather intelligence for further escalation.

Users should update immediately or uninstall SimpleHelp if it is no longer needed to reduce the attack surface. More details on mitigation are available in SimpleHelp’s security bulletin.

UnitedHealth data breach affected 190 Million Americans

UnitedHealth has disclosed that 190 million Americans had their personal and healthcare data stolen in the Change Healthcare ransomware attack—nearly double the initial estimate of 100 million.

The stolen data includes health insurance details, medical records, billing information, and sensitive personal data such as addresses, phone numbers, and Social Security Numbers. Despite assurances that there is no evidence of misuse, the sheer scale of the breach makes it the largest healthcare data compromise in US history.

The February 2024 attack was carried out by the BlackCat ransomware gang, which exploited stolen credentials to breach Change Healthcare’s network. UnitedHealth paid an initial $22 million ransom, but the affiliate responsible later claimed the data was not deleted as promised. A second ransom was reportedly paid to prevent further leaks.

The attack has caused significant disruption to the US healthcare system, with financial losses now projected to reach $2.45 billion for the year.

Smiths Group discloses cyber security breach

London-based engineering giant Smiths Group has disclosed a security breach after attackers gained unauthorised access to its systems. The multinational firm, which operates in energy, security, aerospace, and defence, reported £3.1 billion in revenue last year and employs over 15,000 people across 50 countries.

In a filing with the London Stock Exchange, Smiths confirmed it is investigating the incident and has isolated affected systems while activating business continuity plans. The company is working with cyber security experts to assess the impact and recover compromised systems.

Smiths has not yet disclosed when the breach was detected or whether sensitive business or customer data was stolen. A company spokesperson declined to provide further details.

The attack follows recent cyber security incidents at major firms, including Conduent, Hewlett Packard Enterprise, and Nominet, highlighting an ongoing wave of cyber threats targeting global businesses. More updates are expected as the investigation continues.

EU sanctions Russian GRU operatives for cyber espionage in Estonia

The EU has sanctioned three Russian nationals for their role in a 2020 cyber espionage campaign targeting Estonian government agencies. The individuals—Nikolay Korchagin, Vitaly Shevchenko, and Yuriy Denisov—are members of the GRU’s Unit 29155, a Russian military intelligence group known for cyber and covert operations.

According to the EU, the trio illegally accessed several Estonian ministries, including Economic Affairs, Social Affairs, and Foreign Affairs, stealing thousands of classified documents containing business secrets, health records, and other sensitive information.

The sanctions impose an asset freeze and travel ban across the EU, with restrictions on providing financial support to the individuals.

Unit 29155 has been linked to numerous destabilisation efforts, including the 2018 Skripal poisoning and cyber sabotage campaigns such as WhisperGate, which targeted Ukraine. The US State Department is offering a $10 million reward for information leading to the capture of Korchagin and Denisov.

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.