Weekly News Recap 3
Table of Contents
Missed the news this week? Then get up to speed with our news recap. Among other things, ESET discovers an APT allegedly active for at least eleven years; a bitcoin exchange owner was convicted for racketeering and laundering, KuCoin lost USD 150 million in a hack. Also, some new arrests related to the darknet, the man that hacked LinkedIn and Dropbox in 2012 was sentenced, ransomware again, and Cloudflare releases a “privacy-first” analytics tool.
ESET discovers a rare APT that stayed undetected for nine years
ESET claimed to have uncovered XDSpy, an APT active since at least 2011 and primarily focused on reconnaissance and documents thefts. The group is said to mainly target government agencies and private companies in Eastern Europe, including Belarus, Russia, Moldavia, Serbia, and Ukraine.
North Korea-linked APT group targeted UN Security Council officials over the past year, states a report from the United Nations organ
The UN Security Council attributed a spear-phishing attempt to KimSuky, an APT linked to North Korea. The group targeted 26 UN officials using email and WhatsApp messages posing as UN security alerts, or requests for interviews.
Owner of Bitcoin Exchange Convicted of Racketeering Conspiracy for Laundering Millions of Dollars in International Cyber Fraud Scheme
The owner of RG Coins, a Bulgaria-based BTC exchange was convicted of conspiracy to commit racketeering and money laundering. Along with 19 other defendants, he victimized more than 900 people and exchanged more than USD 4.9 million for four other members of the criminal enterprise between September 2015 and December 2018.
Over $150M Drained in KuCoin Crypto Exchange Hack
KuCoin, a Singapore-based cryptocurrency exchange was hacked and lost at least USD 150 million in various currencies, including BTC, ETH, LTC, XPR, and a couple of other. KuCoin’s cold wallets were not affected.
Coinbase is a mission focused company
Coinbase CEO announced in a blog post that the exchange is a mission-focused company, and would not focus on causes not directly related to their mission (create an open financial system for the world), such as policy decisions, non-profit work, broader societal issues, and political causes.
McKean County Man Charged with Trying to Buy Meth on the Dark Web for Resale
A man was indicted in Pennsylvania for purchasing at least 50 grams of methamphetamines with the intent to distribute. The indictment isn’t rich in details, but we know that the US Postal Inspection Service, the DEA, and McKean County forces were involved.
“Dark Web Cannibal” Sentenced to 40 Years in Prison
A Texas man was sentenced to 40 years in prison on child exploitation charges related to a post on an onion service where he said: “I’d like to try necrophilia and cannibalism, and see how it feels to take a life. If you’d be willing to let me kill you, are in the US (preferably in the south), and can travel by car, contact me”. Law enforcement posing as the father of a 13 years old child contacted him and exchanged various messages where the culprit repeated interest in raping, killing, and eating the 13-year old child.
General Security #
Russian Hacker Sentenced to Over 7 Years in Prison for Hacking into Three Bay Area Tech Companies
The hacker that broke into LinkedIn and Dropbox in 2012 and accessed millions of users’ data was sentenced to 88 months in prison. He was arrested while travelling to the Czech Republic in October 2016, and extradited to the US in March 2018.
US govt warns of sanction risks for facilitating ransomware payments
The U.S. Treasury Department’s Office of Foreign Assets Control announced that organizations helping ransomware victims to make ransom payments are at risk of violating OFAC regulations, and therefore risk sanctions. The agency also said that potential sanctions could be mitigated if companies hit by ransomware report the incident to law enforcement, and provide assistance.
Twitter is warning developers that their API keys, access tokens, and access token secrets may have been exposed in a browser’s cache
Twitter sent emails to developers to warn them that their API keys and secret access tokens could have stored in browsers cache while accessing developer.twitter.com.
Nevada school district refuses to submit to ransomware blackmail, hacker publishes student data
A school in Nevada suffered from a ransomware attack at the end of September and refused to pay the ransom. In retaliation, the hacker shared students’ personal information, including names, social security numbers, addresses and (undisclosed) financial information.
Federal Judge Temporarily Blocks Trump’s TikTok Ban
A judge in the District of Columbia granted TikTok’s request for a temporary injunction preventing the Trump administration’s order aimed at banning the application from Google’s and Apple’s app stores. TikTok’s lawyer claimed that ByteDance, the parent company was denied due process and that a ban would violate the First Amendment rights to free speech.
Pastebin adds ‘Burn After Read’ and ‘Password Protected Pastes’ to the dismay of the infosec community
Pastebin, the most popular text snippet sharing website added features to enhance users privacy. The service is notably used by malicious actors for things such as sharing hacked data, or by malware operators to send malicious commands to infected hosts. Pastebin is scrapped by various security companies and researchers to identify malicious ad sensitive content. They will now be prevented to do that to a certain extent. Some expect malware operators to take advantage of these new features widely.
Free, Privacy-First Analytics for a Better Web