Hello. Hackers backed by the Russian government have changed tactics in a yearslong campaign against energy companies in North America, Europe and the Middle East, according to Amazon.com cybersecurity researchers.

The attackers are targeting internet routers and other widely used devices that have been set up incorrectly or sport known security holes, Amazon said Monday.

This method is cheaper and easier to carry out than trying to find and exploit zero-day bugs, and it works. Read our full story.

Also today: 

• Venezuela blames U.S. for cyberattack on state-run oil company
• Millions of vehicle buyers breached in hack at credit-check company
• At Amazon, hackers probe new vulnerabilities within 90 seconds
• Texas sues five TV makers for allegedly spying for the Chinese
• And more

The alleged perpetrator had improper access to virtually every South Korean adult’s personal information: names, phone numbers and even the keycode to enter residential buildings.

It was one of the biggest data breaches of recent years and it has sent the company it targeted—Coupang, South Korea’s equivalent of Amazon—reeling, generating lawsuits, government investigation and calls to toughen penalties against such leaks.

The leak went undetected for nearly five months, hitting Coupang’s radar on Nov. 18 only after a customer flagged suspicious activity.

Wealth-management firm Wedbush Securities is notifying customers that their personal data along with the name of their financial institution and account number were breached between May 17 and July 11. The company said it discovered that one of its internet-facing web applications was misconfigured, allowing unauthorized access to the information. 

TV set spying: Texas is suing TV makers Hisense, LG, Samsung, Sony and TCL Technology Group for allegedly monitoring what consumers watch and sending the information to the Chinese government without consent. 

Audio streamer SoundCloud said recent outages stem from a cyberattack during which hackers stole information from a database of user email addresses. The breach affects about 20% of its users, SoundCloud said. (Bleeping Computer)

Credit- and identity-check company 700Credit confirmed that more than 5.8 million people had their personal and financial information compromised in a recent hack. 

• The Southfield, Mich.-based company, which serves dealers of cars, RVs, boats and other vehicles, discovered the attack in October. Its investigation found the breach started as early as May.
• Michigan's attorney general is warning residents to watch out for phishing and other fraud attempts. (SecurityWeek)

SEC head says crypto regulation needs to respect privacy. Cryptocurrencies provide new opportunities to amass data on citizens’ financial lives, but a too-aggressive approach would be “incompatible with the kind of free society that has made America great,” Paul Atkins, SEC chairman, said. 

• Read the full story, or sign up for a free trial of Dow Jones Risk Journal. 

The WSJ Pro Cybersecurity team is Deputy Bureau Chief Kim S. Nash and reporters Angus Loten and James Rundle. Follow us on X @WSJCyber. Reach the team by replying to any newsletter you receive or by emailing Kim at kim.nash@wsj.com.