Two new Rembrandts just dropped; if you're looking for something mind-blowing to start your week, try zooming in on this scan of one of his best-known paintings, "The Night Watchman."

These mysterious bloggers are back — and doxing suspected Chinese hackers

For years, a pseudonymous blog called “Intrusion Truth” has shed light on Chinese hacking operations by naming suspected Chinese hackers.

Now, after around five months of relative silence, they’re back — and turning their sights to Wuhan.

“We’re back once more to tell a familiar tale: how an MSS-sponsored APT group — known for its hacking operations around the world — has been caught red-handed,” the blogger wrote last week.

MSS refers to China’s Ministry of State Security and APT stands for “advanced persistent threat” hacking groups, which have advanced capabilities and are often backed by governments.

Wuhan — one of China’s most populous cities — is “home to some of China’s most impressive cyber talent,” the blog wrote.

New revelations

In near-daily posts over the last several days, the WordPress blog has been delving deep into a web of Wuhan-based cybersecurity firms and schools that it says are linked to the Chinese government.

Daily Beast’s The founder of a cybersecurity school identified by Intrusion Truth lived in Florida, the’s Shannon Vavra reported Thursday.

As Vavra notes, the recent blog posts are tagged “APT31,” an apparent reference to a China-linked hacking group that is widely known by that name.

Intrusion Truth’s blog posts could have broader ramifications because cybersecurity researchers and U.S. law enforcement could continue to take notice.

U.S. officials have for years warned about the threats posed by Chinese hackers.

Justice Department officials have previously declined to comment on using information posted by Intrusion Truth for their investigations. But federal indictments of Chinese hackers have corroborated some details of the group’s posts.

Researchers have also previously corroborated some of Intrusion Truth’s conclusions.

Others appear to have also taken notice.

In October, cybersecurity firm Mandiant said a pro-China influence operation had set up eight Twitter accounts that tried to impersonate Intrusion Truth.

It’s not clear who is responsible for Intrusion Truth. In an interview with cybersecurity journalist Kim Zetter last year, they said they’re a “global network of anonymous contributors united by a common goal to expose Chinese APTs.”

But, as Zetter wrote in a must-read deep dive on the group last year, some people have speculated that it could be a group of cybersecurity researchers or a cyber firm — or even a Western government.

Personal info of 237,000 current and former Transportation Department staff exposed

The personal data of 237,000 current and former employees in the Transportation Department was exposed in a data breach, David Shepardson reports for Reuters.

“The breach hit systems for processing TRANServe transit benefits that reimburse government employees for some commuting costs. It was not clear if any of the personal information had been used for criminal purposes,” Shepardson writes.

The breach did not affect transportation safety systems, a Transportation Department spokesperson told Reuters. They did not say who was responsible for the hack.

The hack is being investigated, and transit benefit system access has been paused for the time being until it is secured and restored, according to the report.

Philadelphia Inquirer struggling to recover as operations disrupted by cyberattack

The Philadelphia Inquirer and outside cybersecurity consultants are working to respond to an incident that disrupted the newspaper’s operations over the weekend, Jonathan Lai reports for the Philadelphia Inquirer.

“The Inquirer had been unable to print its regular Sunday newspaper, and it was not clear until late Sunday afternoon that it would be possible to print Monday’s editions of The Inquirer and Daily News newspapers,” Lai writes. “Online posting and updating of stories to Inquirer.com continued, though sometimes slower than normal.”

The incident is the largest disruption at the major Philadelphia news outlet since a January 1996 blizzard affected operations before a mayoral primary election, the report said.

“We appreciate everyone’s patience and understanding as we work to fully restore systems and complete this investigation as soon as possible,” publisher Lisa Hughes told Lai in emailed answers through a spokesperson. The FBI has also been notified of the incident.

Inquirer staff will not be allowed back into the outlet’s main building until at least Tuesday, the report adds.

“The interruption of services raises questions about The Inquirer’s cybersecurity practices and infrastructure, and it comes as news organizations and other companies have seen growing online threats such as ransomware,” Lai writes.

Last year, The Guardian was hit in a ransomware attack, and the Los Angeles Times was impacted by a 2018 ransomware attack. Chinese hackers reportedly breached News Corp, which owns the Wall Street Journal and New York Post, last year.

Toyota Japan apologizes for exposing millions of customers’ vehicle info for more than a decade

Toyota Japan issued an apology notice to 2.15 million customers for leaving their vehicle information up on the public internet for over a decade, Zack Whittaker reports for TechCrunch.

The exposed data includes “registered email addresses; vehicle-unique chassis and navigation terminal numbers; the location of vehicles and what time they were there; and videos from the vehicle’s ‘drive recorder’ which records footage from the car,” Whittaker writes.

The accidental data exposure was due to a “cloud misconfiguration” issue only discovered in April, the report said.

“Toyota said the data spilling from its Connected Cloud was initially exposed in November 2013, but pertains only to vehicles in Japan,” it adds.

The company added that the customer data is secured and that it had not seen any reports that the data was maliciously used.

Toyota last year said data on around 300,000 customers had been exposed for nearly five years after a contractor inadvertently uploaded source code online.

