Bulletin — September 2024

September closes with the story that will mark the rest of the year in telco security: the WSJ publishes on the 25th that Salt Typhoon, an APT group attributed to China, has been inside Verizon, AT&T and Lumen for months. Before that, the month had given more: OpenAI debuted o1 on the 12th, Microsoft patched four zero-days, Cisco published an advisory with hardcoded credentials, 23andMe signed a $30 million settlement, the FBI dismantled the Flax Typhoon botnet, and on the physical side Mossad detonated Hezbollah’s pagers from inside the supply chain.

Salt Typhoon inside Verizon, AT&T and Lumen

On 25 September the WSJ publishes that an APT group Microsoft calls Salt Typhoon has been inside the network of several US telecoms for some time: Verizon, AT&T, Lumen, and per later reports also T-Mobile. The access isn’t to an end customer, it’s to the operators’ core infrastructure.

What’s public in September is this:

• The access goes back months, possibly more than a year.
• The operators are investigating with Mandiant and CrowdStrike. The public characterisation is mass metadata exfiltration.
• Attribution to a Chinese actor with state intelligence ties comes from the WSJ report itself and will be confirmed by CISA/FBI.
• In October the key piece that isn’t public in September will emerge: the attackers also touched the CALEA systems, the infrastructure operators maintain by law to serve judicial interception orders to the government. That means the group could, in theory, see which numbers the US is tapping.

By 30 September Salt Typhoon is already a real case with confirmed telcos. The CALEA piece, the final scope (nine operators) and CISA’s official confirmation arrive in the following months.

The sober reading: an infrastructure that exists by regulatory mandate to serve legal intercepts is an appealing target for a foreign intelligence service, and it’s taken years to audit with that threat model in mind. It isn’t cyberwar, it’s espionage done with the operational calm we covered in the 2023 pattern.

Source: https://www.wsj.com/politics/national-security/china-cyberattack-internet-providers-260bd835 · open summary: https://www.theregister.com/2024/10/07/verizon_att_lumen_salt_typhoon/

OpenAI o1 and the hidden chain of thought

12 September. OpenAI publishes o1-preview and o1-mini, the first commercial models trained by reinforcement to generate a long chain of thought before answering. The chain isn’t served to the user, it’s summarised; the model reasons privately and delivers only the final output.

OpenAI presents two metrics: notable improvements in maths, code and science (83% on AIME 2024 vs 13% for GPT-4o), and improvement also in jailbreak resistance (StrongREJECT 84 vs 22). The system card is public on the same 12th.

Within 48 hours, Pliny the Liberator publishes screenshots of o1 obeying prompts GPT-4o was rejecting and leaking chunks of its own system prompt. Simon Willison publishes technical notes the same day: the opacity of reasoning tokens is an interpretability regression for whoever deploys the model. Marco Figueroa (Mozilla 0Din programme) is preparing bypasses via hex-encoding that will be published in late October.

We cover it in the technical post of the month. The short reading for architects: the chain of thought is a new channel between prompt and response. The attacker can push the model to deliberate on things the output filter doesn’t catch. And the API doesn’t return the content of the reasoning tokens, only the billed count. Production logs are left with a hole until OpenAI changes that decision.

Source: https://openai.com/index/learning-to-reason-with-llms/ · system card: https://cdn.openai.com/o1-system-card.pdf

CVE-2024-43461 (MSHTML) and CVE-2024-38217 (LNK stomping)

Patch Tuesday on 10 September. Microsoft closes 79 vulnerabilities; four are being exploited in the wild. Two deserve attention:

CVE-2024-43461 — MSHTML platform spoofing, CVSS 8.8. It’s complementary to CVE-2024-38112 patched in July: both are part of the chain Void Banshee was using to deliver the Atlantida infostealer before July. Microsoft initially doesn’t mark the CVE as exploited in the advisory; on 13 September it amends and acknowledges the zero-day. The technical takeaway: patching only the July piece doesn’t close the chain, you need the September one too.

CVE-2024-38217 — LNK stomping, reported by Joe Desimone (Elastic Security). Allows bypassing Mark of the Web and Smart App Control with a .lnk with non-standard internal structure. Per the report, the technique has been actively used since 2018. A small piece with a very long life, unpatched for six years.

The other two zero-days of the month (CVE-2024-38014 Windows Installer EoP, CVE-2024-38226 Office Publisher Macros) are CISA KEV catalogue regulars. What’s notable about this Patch Tuesday is that three of the four zero-days have prior lives Microsoft hadn’t publicly acknowledged.

Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43461 · Trend Micro ZDI analysis: https://www.zerodayinitiative.com/blog/2024/9/16/cve-2024-43461-an-old-friend-windows-mshtml-spoofing-vulnerability

Cisco Smart Licensing Utility — hardcoded credentials in production

4 September. Cisco publishes an advisory for CVE-2024-20439 (CVSS 9.8): the Smart Licensing Utility ships with an administrative account with static hardcoded credentials in the code. Versions 2.0.0 to 2.2.x; fixed in 2.3.0. Later, CVE-2024-20440 completes the picture (log disclosure via debug enabled by default, leaking credentials).

The admin account was internally documented as a development account and never removed before release. CWE-798 (hardcoded credentials) combined with CWE-912 (hidden functionality). In March 2025, CISA adds the CVE to the KEV catalogue: exploitation confirmed.

There’s no technical novelty in the bug. What is novel is that an enterprise vendor still ships software with static credentials in 2024, and that the release process let it through. The sad part is the systematic angle: any auditor who’d run strings on the binary would have seen the credential. Clearly it isn’t done.

Source: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw · NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20439

23andMe pays $30 million for the 2023 breach

13 September. 23andMe files a $30 million settlement with the court to close over forty class actions consolidated for the October 2023 credential stuffing, in which 6.9 million profiles were exposed via the DNA Relatives feature. Of the $30 million, $25 is covered by the cyber insurance; the company puts up the other $5, with finances already delicate (revenue was declining and the valuation hadn’t matched the IPO).

What’s notable about the settlement isn’t the amount but the asymmetry: 6.9 million profiles with genetic and kinship information at a few dollars per affected user, plus three years of Privacy & Medical Shield + Genetic Monitoring as a complement. For a company whose product is exactly the sensitive data that leaked, it doesn’t look deterrent.

The operational pattern of the incident (credential stuffing against a poorly designed social feature) was already clear in 2023. The 2024 settlement confirms what we suspected: in the US the legal consequence of a genetic data breach without HIPAA applying stays at manageable figures.

Source: https://23andmedatasettlement.com/ · coverage: https://www.law360.com/pulse/articles/1879177/

FBI dismantles the Flax Typhoon botnet

18 September. FBI Director Christopher Wray announces at the Aspen Cyber Summit that the bureau, with international partners, has dismantled a botnet operated by Flax Typhoon, a Chinese group attributed to the company Integrity Technology Group (“Integrity Tech”). The botnet totalled 260,000+ devices at its June peak, mostly in the US: SOHO routers, IP cameras, NVRs, consumer NAS.

Judicially authorised operation, with sinkholeing and issuance of commands to clean compromised devices. The operators tried to migrate the infrastructure to new C2 and launched DDoS against FBI servers during the operation; the FBI identified the new infrastructure in hours and kept pushing.

Flax Typhoon, unlike the Volt Typhoon already worked in January, doesn’t focus on carrier routers but on home IoT. The pattern is the same: compromise devices with little telemetry and use them as residential proxy to hide traffic for operations against US targets. Treasury sanctions Integrity Tech in January 2025.

Source: https://www.fbi.gov/news/stories/fbi-director-announces-chinese-botnet-disruption-exposes-flax-typhoon-hacker-group-s-true-identity-at-aspen-cyber-summit

Mossad and the Hezbollah pagers

17 September. At roughly 15:30 local time, thousands of pagers used by Hezbollah members detonate simultaneously in Lebanon and Syria. The next day, the same with walkie-talkies. Public toll: 30+ dead and thousands injured. Later reports attribute the operation to Mossad via supply chain infiltration: PETN explosive embedded in the device’s own battery during assembly at a factory controlled by Israeli service shell companies, sold to Hezbollah through a known distributor (Gold Apollo, a Taiwanese brand whose name ends up on the devices).

For a technical blog the reading goes this way: the piece is hardware supply-chain, not malware. An operation prepared for years, with cross shell companies to move product, an unwittingly recruited saleswoman, and a payload that lives physically inside the gadget. It’s the same kind of question XZ-utils poses for software: when do we trust the piece we bought, and what independent validation is actually feasible on a supplier’s material? For hardware the answer is worse: there’s no diff equivalent on the silicon arriving at the plant.

Whoever wants the full version with forensic analysis of the devices: Reuters and NYT coverage from 18 and 19 September, plus the later 60 Minutes report with ex-Mossad agents confirming the outline of the operation.

Source: https://www.reuters.com/world/middle-east/walkie-talkies-explode-lebanon-day-after-pager-blasts-2024-09-18/

Rest of the month

• iOS 18 / iPhone 16 (16 Sep) — release without Apple Intelligence on day one (it arrives with 18.1 in October). Security changes: Private Cloud Compute moves from WWDC promise to public documentation. For enterprise deployers, relevant news: a new intent model for clipboard and pasteboard access.
• GAZEploit / CVE-2024-40865 (visionOS 1.3, July; public coverage in September) — paper from University of Florida + CertiK + Texas Tech: the Vision Pro Persona avatar leaks eye movement during gaze typing, and an attacker with video call access can reconstruct virtual keyboard keystrokes with 77% accuracy on passwords (top-5) and 92% on messages. Apple fixes it in visionOS 1.3 by suspending Persona when the virtual keyboard is active. Accepted at ACM CCS 2024, not USENIX as some summaries circulated.
• RAMBO attack — Mordechai Guri (Ben-Gurion University) publishes a technique using RAM buses as an antenna to exfiltrate data over radio in air-gapped systems. Useful distance reported: a few metres, low rate. The research line is fifteen years old; still more paper than operational threat, but useful reading to understand how physical controls are designed.
• Mandiant publishes research on UNC1860 (Iran), a cluster with persistent backdoors in Middle East infrastructure. No patch to apply, but reading.
• GitLab CVE-2024-45409 (10 Sep) — SAML auth bypass via ruby-saml; CVSS 10.0; exploited in KEV on the 18th.
• Ivanti Cloud Service Appliance CVE-2024-8190 (10 Sep) — authenticated command injection, CVSS 7.2; added to the KEV catalogue on 13 September, public Horizon3 PoC a few days later.

Pattern of the month

If there’s a cross-cutting axis in September, it’s persistent access that had been around for a while and wasn’t seen: Salt Typhoon in telco, Flax Typhoon in home IoT, Void Banshee with MSHTML from before July, LNK stomping since 2018, Mossad inside the Gold Apollo chain for years. The conclusion repeats versus December 2023: the attacker invests time, the defender operates in a hurry.

October will bring the other thread: AI agents moving the mouse (Anthropic’s Computer Use), the NIS2 deadline, and the continuation of the CALEA case. Meanwhile, the technical post of the month covers o1 calmly.