Global Leaders Face a Digital Siege: Cyberattacks Cause Major Disruption at the WEF in Davos
From DDoS to Diplomacy: How cyber threats are reshaping international relations and challenging global leaders this week.
This article was created using AI.
Table of Contents
Todays News: Switzerland Disrupted by Wave of Cyberattacks
Since the forum’s start on January 20, pro-Russian hackers have launched several Distributed Denial-of-Service (DDoS) attacks on Swiss websites, including government pages, banks, and local administrations.
The Russian hacker group “NoName” claimed responsibility for the attacks, citing Ukrainian President Volodymyr Zelenskyy’s attendance at the WEF as the reason.
Swiss National Cyber Security Centre Had Warned of Possible Cyberattacks
According to the Swiss National Cyber Security Centre (NCSC), the attacks were quickly detected and countermeasures were implemented. Affected sites included those of the Federal Administration, the cantonal banks of Zurich and Vaud, and several municipalities in the canton of Lucerne.
The NCSC had warned of possible cyberattacks in the lead-up to the WEF and urged critical infrastructure operators to enhance their security measures. The agency emphasizes that while DDoS attacks can temporarily render websites inaccessible, they do not result in data theft or compromise.
These incidents underscore the concerns highlighted in the WEF’s “Global Cybersecurity Outlook 2025” regarding the increasing complexity of the cybersecurity landscape. The report warns about the impact of geopolitical tensions, advanced technologies, and complex supply chains on digital security.
Threat of the Week: U.S. Treasury Sanctions Chinese and North Korean Entities
On January 16, 2025, the Office of Foreign Assets Control (OFAC) of the U.S. Treasury Department imposed sanctions on a Chinese cybersecurity company and a Shanghai-based cyber actor. These measures were taken due to alleged connections to the threat groups Salt Typhoon and Silk Typhoon. The cyber actor Yin Kecheng was linked to a breach in the Treasury Department’s network.
Top Cybersecurity News of the Week
New Phishing Kit Targets Microsoft 365 Accounts
An Adversary-in-the-Middle (AitM) phishing kit known as «Sneaky 2FA» has been gaining popularity among cybercriminals since October 2024. It enables the theft of credentials and two-factor authentication (2FA) codes from Microsoft 365 accounts.
FBI Removes PlugX Malware from Over 4,250 Computers
In a large-scale operation, the FBI deleted a variant of the PlugX malware from more than 4,250 infected computers. This action was part of a months-long law enforcement operation against the China-linked threat group Mustang Panda.
Russian Hackers Attack Kazakhstan with HATVIBE Malware
The Russian threat actor UAC-0063 has been linked to an ongoing cyber espionage campaign against Kazakhstan. The attacks use spear-phishing techniques and deploy the HATVIBE malware to steal sensitive information.
Trending CVEs: Critical Security Vulnerabilities in Focus
Current security vulnerabilities threaten a variety of systems and software. Here’s an overview of the most important CVEs this week:
| CVE ID | Affected System/Software | Publication Date |
|---|---|---|
| CVE-2025-21333 | Windows Hyper-V NT Kernel Integration VSP | January 14, 2025 |
| CVE-2025-21334 | Windows Hyper-V NT Kernel Integration VSP | January 14, 2025 |
| CVE-2025-21335 | Windows Hyper-V NT Kernel Integration VSP | January 14, 2025 |
| CVE-2024-55591 | Fortinet | January 14, 2025 |
| CVE-2024-10811 | Ivanti Endpoint Manager | January 14, 2025 |
| CVE-2024-13161 | Ivanti Endpoint Manager | January 14, 2025 |
| CVE-2024-13160 | Ivanti Endpoint Manager | January 14, 2025 |
| CVE-2024-13159 | Ivanti Endpoint Manager | January 14, 2025 |
| CVE-2024-7344 | Howyar Taiwan | January 14, 2025 |
| CVE-2024-52320 | Planet Technology WGS-804HPT Industrial Switch | December 6, 2024 |
| CVE-2024-48871 | Planet Technology WGS-804HPT Industrial Switch | December 6, 2024 |
| CVE-2024-12084 | Rsync | January 9, 2025 |
| CVE-2024-57726 | SimpleHelp | January 15, 2025 |
| CVE-2024-57727 | SimpleHelp | January 15, 2025 |
| CVE-2024-57728 | SimpleHelp | January 15, 2025 |
| CVE-2024-44243 | Apple macOS | December 11, 2024 |
| CVE-2024-9042 | Kubernetes | April 11, 2024 |
| CVE-2024-12365 | W3 Total Cache Plugin | January 14, 2025 |
| CVE-2025-23013 | Yubico | January 14, 2025 |
| CVE-2024-57579 | Tenda AC18 | January 16, 2025 |
| CVE-2024-57580 | Tenda AC18 | January 16, 2025 |
| CVE-2024-57581 | Tenda AC18 | January 16, 2025 |
| CVE-2024-57582 | Tenda AC18 | January 16, 2025 |
| CVE-2024-57011 | TOTOLINK X5000R | January 15, 2025 |
| CVE-2024-57012 | TOTOLINK X5000R | January 15, 2025 |
| CVE-2024-57013 | TOTOLINK X5000R | January 15, 2025 |
| CVE-2024-57014 | TOTOLINK X5000R | January 15, 2025 |
| CVE-2024-57015 | TOTOLINK X5000R | January 15, 2025 |
| CVE-2024-57016 | TOTOLINK X5000R | January 15, 2025 |
| CVE-2024-57017 | TOTOLINK X5000R | January 15, 2025 |
| CVE-2024-57018 | TOTOLINK X5000R | January 15, 2025 |
| CVE-2024-57019 | TOTOLINK X5000R | January 15, 2025 |
| CVE-2024-57020 | TOTOLINK X5000R | January 15, 2025 |
| CVE-2024-57021 | TOTOLINK X5000R | January 15, 2025 |
| CVE-2024-57022 | TOTOLINK X5000R | January 15, 2025 |
| CVE-2024-57023 | TOTOLINK X5000R | January 15, 2025 |
| CVE-2024-57024 | TOTOLINK X5000R | January 15, 2025 |
| CVE-2024-57025 | TOTOLINK X5000R | January 15, 2025 |
| CVE-2025-22785 | ComMotion Course Booking System Plugin | January 14, 2025 |
It is crucial that companies and individuals update their systems immediately to protect against these threats.
Developments in the Cyber World
Insider Threats on the Rise
Cybercriminals are increasingly advertising insider services on Telegram and dark web forums. These aim to connect potential customers with insiders in companies to steal sensitive information or manipulate systems.
UK Considers Ban on Ransom Payments
The British government proposes prohibiting all public institutions and critical infrastructures from paying ransoms in ransomware attacks. This measure is intended to undermine the financial motivation behind such attacks.
Gravy Analytics Data Leak Endangers Privacy of Millions
A severe data leak at location data provider Gravy Analytics has compromised the privacy of millions of people worldwide. Sensitive location information collected by thousands of Android and iOS apps has fallen into the hands of hackers.
CISA Publishes New Security Guidelines
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a series of new security guidelines. These include, among other things, the integration of «Secure-by-Design» elements in procurement processes and the use of extended cloud logs for better detection of intrusion attempts.
Conclusion: The Future of Cybersecurity
Recent developments underscore the growing importance of cybersecurity for national security. The merger of digital and physical security requires new strategies and technologies. Artificial intelligence and quantum-resistant encryption will play a key role in addressing future challenges in cyberspace.
Companies and individuals must remain vigilant, regularly update their systems, and stay informed about the latest threats. Only in this way can we collectively shape a more secure digital future.
Read More
Sources
Accessed on: January 21, 2025
U.S. Department of the Treasury. (2025, January 17). Treasury Sanctions Company Associated with Salt Typhoon and Cyber Actor Involved in Treasury Compromise. https://home.treasury.gov/news/press-releases/jy2792
Thai CERT. (2025, January 20). The U.S. sanctions Chinese cyber companies and hackers linked to the Salt Typhoon group for breaching government agency systems. https://www.thaicert.or.th/en/2025/01/20/the-u-s-sanctions-chinese-cyber-companies-and-hackers-linked-to-the-salt-typhoon-group-for-breaching-government-agency-systems/
Voice of America. (2025, January 19). US Treasury Department imposes sanctions on Chinese company over Salt Typhoon hack. https://www.voanews.com/a/us-treasury-department-imposes-sanctions-on-chinese-company-over-salt-typhoon-hack/7942173.html
CyberScoop. (2025, January 16). Treasury sanctions North Korea over remote IT worker schemes. https://cyberscoop.com/treasury-sanctions-north-korea-over-remote-it-worker-schemes/
Cybersecurity Dive. (2025, January 21). Treasury Department issues sanctions linked to cyber intrusions, telecom breaches. https://www.cybersecuritydive.com/news/treasury-sanctions-linked-cyber-telecom-china/737842/
Field Effect. (2025, January 17). U.S. Treasury sanctions North Korea’s IT warriors. https://fieldeffect.com/blog/u.s.-treasury-sanctions-north-koreas-it-warriors
CyberScoop. (2025, January 17). Treasury sanctions Chinese cybersecurity company, affiliate for Salt Typhoon hacks. https://cyberscoop.com/treasury-sanctions-chinese-cybersecurity-company-salt-typhoon-hacks/
The Hacker News. (2025, January 18). U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack and Telecom Breaches. https://thehackernews.com/2025/01/us-sanctions-chinese-cybersecurity-firm.html
Bleeping Computer. (2025, January 17). US sanctions Chinese firm, hacker behind telecom and Treasury hacks. https://www.bleepingcomputer.com/news/security/us-sanctions-chinese-firm-hacker-behind-telecom-and-treasury-hacks/
U.S. Department of State. (2025, January). U.S. Takes Action Against PRC-Linked Cyber Actors for Treasury Hack and Salt Typhoon. https://www.state.gov/office-of-the-spokesperson/releases/2025/01/u-s-takes-action-against-prc-linked-cyber-actors-for-treasury-hack-and-salt-typhoon/
The Hacker News. (2025, January 17). U.S. Sanctions North Korean IT Worker Network Supporting WMD Programs. https://thehackernews.com/2025/01/us-sanctions-north-korean-it-worker.html
U.S. Department of the Treasury. (2025, January 3). Treasury Disrupts North Korean Digital Assets Money Laundering Network. https://home.treasury.gov/news/press-releases/jy2752
