Anonymous sources recently provided The Daily Phish with a confidential Homeland Security bulletin titled: Advanced Persistent Threat Cyber Actor Targets US Beauty Parlor. While unnamed in the bulletin, the same source identified the targeted organization as Beulah’s Beauty Barn in Castleberry, Alabama.
We reached out and talked with owner and stylist, Beulah Strickland. She was more than willing to share her story with us.
This guy from the government called. I thought he said he was from “see-saw” and I was really confused, because ‘playground equipment’ right?
So he spelt it out C-I-S-A and I still didn’t understand because I as far as I know, CISA is the Castleberry International Salon Association. But that’s just a joke between my friend Tina and me. ‘Cause you know there’s only the one beauty parlor here.Well anyway this see-saw guy or whatever said I needed to have an incident response team in ASAP. I was really confused then, because Sherlene hasn’t spilled any of them perm chemicals in quite a while. Besides, we just wipe those up with paper towels. That’s ok, right?
Then he said our computers had been infected, and he was talking about computer incident response team. I said we only had the one computer and we just use it to read gossip online. I let him know it was pretty old, but Jimmy Jackson’s girl plays them computer games and she could probably take a look at it. Mr. Government seemed kinda sad, and told me to just unplug the computer and get a tablet for the gossip.
Shoot, we haven’t had this much excitement in town since that cult came through and convinced Harold the barber to give money for their ‘charity!’
We asked Ms. Strickland if she had any idea why cybercriminals from another nation might target her small business? “I know some folks think we’re a bit simple around here” she said, “but I’m smart enough to figure out they got the wrong place.”
I’m sure they were after a much bigger target; someplace like Peggy’s Pretty Palace down in Mobile.
An excerpt from the official Network Defender Bulletin is shown below:
(U//FOUO) Advanced Persistent Threat Cyber Actor Targets US Beauty Parlor
(U//FOUO) Scope Note: This Network Defender Bulletin provides federal, state, local, and private sector network defenders information to help detect and mitigate malicious cyber activity. While I&A considers this network defense information to be credible and actionable, this Bulletin is not considered finished intelligence and is being shared for the purpose of informing cybersecurity protection activities.
(U//FOUO) An advanced persistent threat cyber actor located in Kutarrastan exfiltrated data from a US firm in the personal care services industry, transferring the data to the IP address below, according to government reporting.
Support to Computer Network Defense
Malicious IP Address
127[.]0[.]0[.]1