The U. S. government launches cyber security safety labels for smart devices. North Korean hackers are increasingly targeting Mac OS. And the U. S. Treasury sanctions a Chinese cyber security firm for supporting state sponsored hacking. This is Cyber Security Today. I'm your host, Jim Love. The White House has launched the US Cyber Trust mark, a new cybersecurity safety label for internet connected consumer devices. Starting later this year.
The label will appear on products like security cameras, smart TVs, fitness trackers, and connected devices, helping consumers assess whether a device is safe to install at home. Products that meet cyber security standards set by the National Institute of Standards and Technology, NIST, will be eligible for the label. These standards require unique and strong default passwords, regular software updates, and incident detection capabilities.
The goal is to make smart devices more secure against cyber attacks. such as hackers accessing house cameras or unlocking doors remotely. The Cyber Trustmark will include a QR code that consumers can scan to see detailed security information about the product, including password instructions, software update policies, and minimum support periods. Products that don't meet security standards won't be eligible for the mark.
The program was unveiled in July 2023 with major companies like Amazon, Google, Samsung, LG, and Best Buy agreeing to participate. In December 2024, the FCC approved 11 cybersecurity label administrators to manage the program. Retailers like Best Buy and Amazon will highlight Cybertrustmark certified products. Consumer Reports praised the initiative, saying it will help raise security standards across the industry.
However, the program is voluntary, and it remains to be seen how widely manufacturers will adopt the mark. The U. S. Cyber Trust Mark aims to become a cybersecurity equivalent of the Energy Star labels, encouraging consumers to choose more secure devices, while pressuring manufacturers to improve their cybersecurity practices. Security researchers have discovered Spectral Blur, a new Mac OS backdoor that shows similarities to malware previously used by North Korean linked Lazarus Group.
The backdoor appears to connect BlueNoroff, a subgroup of Lazarus, also known as TA444. Security expert Chris Greg Lesnewich linked spectral blur to KandyKorn, also known as SockRacket, a malware family attributed to BlueNoroff. KandyKorn is an advanced implant capable of monitoring infected systems, avoiding detection, and interacting with files.
In contrast, Spectral Blur is less sophisticated, but still effective, with capabilities to upload and download files, run commands, and delete files based on instructions from its command and control server. Researchers noted that North Korean threat actors have intensified their focus on Mac OS in recent years. In November 2023, security firm Jamf Threat Labs uncovered another macOS malware strain called ObscShells, also attributed to BlueNoroff.
Both ObscShells and SpectralBlur show connections to the RustBucket malware campaign, which has been linked to multiple macOS attacks since early 2023. Experts warn that macOS users should remain vigilant as North Korea's interest in Apple systems continues to grow.
The U. S. Department of the Treasury has sanctioned Integrity Technology Group, a Beijing based cybersecurity firm, for allegedly providing infrastructure to support FlaxTyphoon, a Chinese state sponsored hacking group known for targeting U. S. critical infrastructure. This marks a significant escalation in U. S. efforts to combat state sponsored cyber threats.
The Treasury Department revealled that between 2022 and 2023 Flax Typhoon used Integrity Tech's infrastructure to conduct network exploitation activities against multiple victims, including a California based entity. The group's tactics include exploiting known vulnerabilities and using legitimate remote access tools like VPNs and RDP to maintain persistence in compromised networks.
Under Executive Order 13694, the sanctions block all U. S. based property and interests of Integrity Tech and prohibit U. S. persons from engaging in transactions with the company. Acting Undersecretary Bradley T. Smith stated, the Treasury Department will not hesitate to hold malicious cyber actors and their enablers accountable. Integrity Tech's designation highlights Flax Typhoon's persistent threat to critical infrastructure, including sectors across North America, Europe, Africa, and Asia.
A joint cybersecurity advisory issued by the U. S. and allied agencies in September 2024 detailed the group's tactics, emphasizing the need for robust cybersecurity measures to protect against these threats. The sanctions may turn out to be mostly symbolic. Integrity Tech itself stated that the sanctions would not adversely affect its business since it does not operate in the U S and has no assets there.
But U. S. firms, including financial institutions that have any dealings with this company, would remain vulnerable to sanctions. It's clear that the sanctions are being set to send a message that the U. S. is serious about countering state sponsored cyber attacks, with the Treasury Department stressing that the goal is positive change, not punishment. But the message is clear. Entities that enable malicious cyber attacks will face significant consequences. And that's our show for today.
Show notes can be found at technewsday. com or ca. Take your pick. You can reach me with comments or tips at editorial at technewsday. ca. I'm your host, Jim Love. Thanks for listening.