Hackers

Link

Inside Story: How the Mafia is Getting Involved in Cybercrime

Andrew Orr ·

On Monday, police in Europe announced the arrests of over 100 people connected to the Mafia. They were using hackers to support efforts in traditional crime.

The authorities said that the organized crime groups employed hackers who were using phishing, social engineering attacks, and SIM swapping, as well as sending malware to victims with the goal of taking over their bank accounts and stealing their money.

This operation highlights a new trend: traditional organized crime groups, such as the Italian Mafia and Camorra, are now dabbling in cybercrime to support their traditional offline activities, according to Italian and Spanish police investigators involved in the crackdown who spoke with Motherboard.

Link

Alaska Health Service Attacked by Nation-State Cyber Attacker

Andrew Orr ·

The Department of Health and Social Service (DHSS) disclosed that it was the victim of a sophisticated cyberattack from a nation-state level actor.

Citing an investigation conducted together with security firm Mandiant, DHSS officials said the attackers gained access to the department’s internal network through a vulnerability in one of its websites and “spread from there.”

Officials said they believe to have expelled the attacker from their network; however, there is still an investigation taking place into what the attackers might have accessed.

Link

Inside Project Raven, a Team of Former NSA Analysts Who Worked for the UAE Government

Andrew Orr ·

Project Raven was a team that included more than a dozen former U.S. intelligence operatives recruited to help the United Arab Emirates engage in surveillance of other governments, militants and human rights activists critical of the monarchy. Reuters tells the story.

The operatives utilized an arsenal of cyber tools, including a cutting-edge espionage platform known as Karma, in which Raven operatives say they hacked into the iPhones of hundreds of activists, political leaders and suspected terrorists. Details of the Karma hack were described in a separate Reuters article today.

An interesting story. We know that iOS 14.8 patched a vulnerability used by the Pegasus spyware, but I haven’t heard much about Karma.

Link

Chinese Hackers May be Stealing Data to Feed an Artificial Intelligence

Andrew Orr ·

Dina Temple-Raston of NPR published a fascinating investigation regarding the Microsoft Exchange attack earlier in 2021.

Officials believe that the breach was in the service of something bigger: China’s artificial intelligence ambitions. The Beijing leadership aims to lead the world in a technology that allows computers to perform tasks that traditionally required human intelligence — such as finding patterns and recognizing speech or faces.

Link

Top 10 Services That Hackers Target the Most

Andrew Orr ·

Software system provider Intact collected data and analyzed it to see which brands hackers are searching for as their next potential hacking targets.

We analysed search intent by digging out the number of searches for terms including ‘how to hack [xyz]’. Although career cybercriminals are likely to use more nefarious means to research and test their hacking processes, Google search data provides an insight into global intent and changing trends.

Link

Hackers Leak FIFA 21 Source Code After Extortion Attempt

Andrew Orr ·

After a failed extortion attempt, hackers have leaked a 751GB cache of data stolen from Electronic Arts. The files include the source code for FIFA 21.

While initially, the hackers hoped to earn a big payday from the EA hack, they failed to find any buyers on the underground market, as the stolen data was mostly source code that lacked any value for other cybercrime groups, most of which are interested in user personal or financial data primarily.

After failing to find a buyer, the hackers tried to extort EA, asking the company to pay an undisclosed sum and avoid having the data leaked online.

Link

Hackers Increasingly Using Discord to Spread Malware

Andrew Orr ·

Researchers found that hackers are turning to Discord to spread malware, such as password-hijacking and Discord chat bot APIs.

But the greatest percentage of the malware we found have a focus on credential and personal information theft, a wide variety of stealer malware as well as more versatile RATs. The threat actors behind these operations employed social engineering to spread credential-stealing malware, then use the victims’ harvested Discord credentials to target additional Discord users.

Link

UK Man Joseph O’Connor Arrested for Hacking Apple’s Twitter Account

Andrew Orr ·

Joseph O’Connor, also known as “PlugWalkJoe” has been arrested for hacking Apple’s Twitter account in 2020. He also faces charges for “takeovers of TikTok and Snapchat user accounts.”

O’Connor openly identified himself as “PlugWalkJoe” and confirmed that the hackers had obtained Twitter credentials to take over the accounts via an internal company Slack. At the time, O’Connor was fairly bullish about his involvement and apparent safety, “They can come arrest me. I would laugh at them. I haven’t done anything,” he told the Times.

He had also compromised the Twitter accounts of Elon Musk, former President Barack Obama, Bill Gates, President Joe Biden, and a few others.

Link

New Ransomware ‘Tsunami’ Destroying Supply Chains

Andrew Orr ·

The REvil hacking team is back with new malware. Brand new, still developing, but their ransomware called “Tsunami” is wreaking havoc.

The software in question, Kaseya VSA, is popular among so-called managed service providers, which provide IT infrastructure for companies that would rather outsource that sort of thing than run it themselves. Which means that if you successfully hack an MSP, you suddenly have access to its customers. It’s the difference between cracking safety deposit boxes one at a time and stealing the bank manager’s skeleton key.

Link

Russian Spies Abuse VPNs to Target Organizations

Andrew Orr ·

On Thursday, U.S. and British authorities said that Russia’s military spy agency is using VPNs and Tor to attack governments and private sector targets.

The advisory did not identify any of the targets by name, saying only that they were mainly in the United States and Europe and included government offices, political parties, energy companies, law firms and media organizations.

The Russian Embassy in Washington did not immediately return a message seeking comment. Russian officials routinely reject allegations that they employ hackers to spy on rival nations.

Link

Molson Coors Production Grinds to Halt From Cyberattack

Andrew Orr ·

Molson Coors has revealed in its regulatory filing it suffered a cyberattack, and production has come to a halt.

Molson Coors experienced a systems outage that was caused by a cybersecurity incident. We have engaged a leading forensic IT firm to assist our investigation into the incident and are working around the clock to get our systems back up as quickly as possible.

Not even our beer is safe. One likely candidate is some kind of ransomware.

Link

Chinese Hackers Threaten the Internet and Democracy

Andrew Orr ·

Over the past decade Chinese hackers have been increasingly attacking the United States and other countries that threaten the hegemony of The Party.

Many thought the internet would bring democracy to China. Instead it empowered rampant government oppression, and now the censors are turning their attention to the rest of the world.

Chinese hacking groups fall under the category of Advanced Persistent Threat (APT). The United States and China have this weird, sadomasochistic relationship, and while I don’t believe in trade wars, I think it’s important we send a message that the U.S. won’t tolerate such egregious behavior from our partners.

News

If You Haven't Changed Your iCloud Password in the Past Two Years do it Now

Jeff Gamet ·

Trying to extort money out of Apple by threatening to wipe out iCloud accounts and reset iPhones is a business model the Turkish Crime Family hacker team will likely learn is flawed at best, but there it is a great reminder to change your online passwords regularly. The list of iCloud logins the group has looks to be at least two years old, so if you haven’t changed your password more recently than that, it’s time right now.