News

Weekly News Recap 12

As always, plenty of things happened this week, but no worries if you had no time to go through all the news. Our weekly news recap will keep you up to date on the latest APTs, Cryptocurrencies, Darknet, General Security, Privacy and Ransomware news.

If you want to see this recap in your mailbox every week, you can signup for the newsletter for free.

APT

New activity from Russian actor Nobelium (Microsoft Blog)

Microsoft says that Nobelium, the Russian nation-state actor behind the SolarWind hack in 2020, is still trying to replicate his past approach by targeting the global IT supply chain. Since May 2021, it allegedly targeted more than 140 resellers and technology service providers and managed to compromise 14 of them. Microsoft says it is only a part of a larger wave a activities coming from this APT which also attacked at least 609 customers between July 1st and October 19th this year.

Former Air War College Professor Pleads Guilty to Making False Statements About Relationship with Government Official in China (US Department of Justice)

A civilian professor at the Air War College in Alabama pleaded guilty to making false statements to a federal agent after failing to report contacts he had with a Chinese official between December 2021 and January 2017.

North Korean state hackers start targeting the IT supply chain (Bleeping Computer)

Researchers at Kaspersky assessed that Lazarus, a North-Korea backed APT, is building supply-chain attack capabilities. Among other things, the group used an updated version of its BLINDINGCAN malware to breach a Lativian IT vendor in May and used it as a proxy to compromise a South-Korean think-tank the following month.

Operations at Iranian gas stations were disrupted today. Cyber attack or computer glitch? (Security Affairs)

Gas stations operated by the state-owned National Iranian Oil Products Distribution Company were disrupted on October 27th after screens at gas pumps were hijacked to display various messages, and the employees were not able to charge customers for the fuel that they were buying. The authorities made the assumption that this was the result of a cyber-attack by a hostile foreign state.

China Telecom booted out of USA as Feds worry it could disrupt or spy on local networks (The Register)

The US Federal Communications Commission announced that it terminated China Telecom's permission to provide communications services in the USA for the sake of national security. The agency said that it has classified information assessing that China Telecom could "access, store, disrupt, and/or misroute US communications, which in turn allow them to engage in espionage and other harmful activities against the United States."

Cryptocurrencies

German law enforcement begins auction of 215 seized bitcoins (The Block)

The Ministry of Justice of North Rhine-Westphalia started auctioning 215 Bitcoins on October 25th. The ministry estimated that one Bitcoin's market value is EUR 54,000.

Mastercard says any bank or merchant on its vast network can soon offer crypto services (CNBC)

Mastercard is preparing to announce that banks and merchants using their payment network will soon be able to integrate cryptocurrencies into their products.

Cream Hacked Analysis, US $130 Million Hacked (SlowMist)

Cream Finance (a decentralized lending protocol) was hacked for the third time this year and lost an estimated USD 130 million in various assets. The hackers used some flaws to carry on price manipulations on flash loan (Cream's lending system), which allowed them to artificially raise the value of their collateral and to be lent more funds than they should have been able to.

Darknet

150 arrested in dark web drug bust as police seize €26 million (Europol)

Europol announced that as a result of its new operation Dark HunTOR, police forces from Australia, Bulgaria, France, Germany, Italy, the Netherlands, Switzerland, the United Kingdom, and the United States arrested 150 individuals suspected of selling/buying illegal goods on darknet markets. Furthermore, more than EUR 26.7 million (in cash and cryptocurrencies), 234 kg of drugs, and 45 firearms were seized.

Money launderers for Russian hacking groups arrested in Ukraine (Bleeping Computer)

Ukrainian authorities arrested a group of malicious individuals at the request of some US intelligence services. They are accused of laundering millions of dollars for various hacking groups, and of being involved in cryptocurrency stealing activities.

General Security

DDoS attacks hit multiple email providers (The Record)

On Friday 22nd thee privacy-focused email providers (Fastmail, Posteo, and Runbox) suffered a massive DDoS attack allegedly carried out by the same malicious actor. Posteo said on a blog post that criminals asked for a ransom in order to stop the attack. The company refused to pay.

Ex-carrier employee sentenced for role in SIM-swapping scheme (ZDNet)

A former mobile-carrier employee was sentenced for helping criminals to carry out sim-swapping attacks between 2017 and 2018. He reportedly received USD 2,325 in bribes and helped target at least 19 customers.

Hacker sells the data for millions of Moscow drivers for $800 (Bleeping Computer)

A stolen database containing about 50 million records of Moscow car owners data is being sold on underground forums for USD 800. The source of the data is unknown but it appears to have been collected between 2006 and 2019 and contains various data such as cars information, full names, dates of birth, and phone numbers.

Popular NPM Package Hijacked to Publish Crypto-mining Malware (The Hacker News)

A hacker hijacked the NPM account of UAParser.js, an NMP library with more than six million weekly downloads, and embedded a crypto-mining and password-stealing malware. The versions 0.7.29, 0.8.0, and 1.00 (now patched) were targeted.

NYT Journalist Repeatedly Hacked with Pegasus after Reporting on Saudi Arabia (University of Toronto - Citizen Lab)

The University of Toronto's Citizen Lab says that the iPhone of the New York Times journalist Ben Hubbard was hacked multiple times using Pegasus (an NSO group's spyware) between June 2018 and June 2021, while he was writing a book about the Saudi crown prince.

EU investigating leak of private key used to forge Covid passes (Bleeping Computer)

The private key used to sign EU digital covid certificates is reportedly circulating on various messaging apps and online forums. The key is being used by fake certificate sellers to generate "real" certificates and was also used to create a certificate in the name of Adolf Hitler.

Privacy

Proton wins appeal in Swiss court over surveillance laws (Swiss Info)

In 2020, the Swiss Post and Telecommunications Surveillance Service decided that Proton Mail should be considered a telecommunications provider and therefore retain data necessary for surveillance. A court overruled this decision and said that the company could not be considered as a telecommunications provider, limiting its obligations to monitor traffic and retain users data.

Facebook sues Ukrainian who scraped the data of 178 million users (The Record)

Facebook sued a Ukrainian resident for allegedly scraping more than 178 million users' personal data using Facebook Messenger's contact importer between January 2018 and September 2019, and selling them on cybercrime forums.

Ransomware

DarkSide ransomware rushes to cash out $7 million in Bitcoin (Bleeping Computer)

About USD 7 million stored in a Bitcoin wallet controlled by DarkSide's operators reportedly started moving in what appears to be an attempt to launder the funds. This occurs a few days after REvil announced its retirement due to a hijack of its infrastructure.

Conti Ransom Gang Starts Selling Access to Victims (Krebs on Security)

The Conti ransom gang announced in its victim-shaming blog that it was "looking for a buyer to access the network of [multiple organizations it has hacked] and sell data from their network". Until now, the group would only ask for ransom from organizations it hacked, and publish their data on its website if they were not willing to pay.

Grief ransomware gang hit US National Rifle Association (NRA) (Security Affairs)

Grief ransomware operators announced on their website that they managed to hack the US NRA, and are threatening to leak the stolen data.

German investigators identify REvil ransomware gang core member (Bleeping Computer)

The German police reportedly identified a Russian man (that is presenting himself as a cryptocurrency trader and investor) as one of the REvil group's core members. The police managed to link Bitcoin payments with ransoms paid to the GrandGrab ransomware gang.

Interesting Reads

Author image

About Ixonae

You've successfully subscribed to Ixonae on Security
Great! Next, complete checkout for full access to Ixonae on Security
Welcome back! You've successfully signed in.
Unable to sign you in. Please try again.
Success! Your account is fully activated, you now have access to all content.
Error! Stripe checkout failed.
Success! Your billing info is updated.
Error! Billing info update failed.