Table of Contents
Missed the news this week? Then get up to speed with our news recap. Among other things, ESET discovers an APT allegedly active for at least eleven years; a bitcoin exchange owner was convicted for racketeering and laundering, KuCoin lost USD 150 million in a hack. Also, some new arrests related to the darknet, the man that hacked LinkedIn and Dropbox in 2012 was sentenced, ransomware again, and Cloudflare releases a “privacy-first” analytics tool.
ESET claimed to have uncovered XDSpy, an APT active since at least 2011 and primarily focused on reconnaissance and documents thefts. The group is said to mainly target government agencies and private companies in Eastern Europe, including Belarus, Russia, Moldavia, Serbia, and Ukraine.
The UN Security Council attributed a spear-phishing attempt to KimSuky, an APT linked to North Korea. The group targeted 26 UN officials using email and WhatsApp messages posing as UN security alerts, or requests for interviews.
The owner of RG Coins, a Bulgaria-based BTC exchange was convicted of conspiracy to commit racketeering and money laundering. Along with 19 other defendants, he victimized more than 900 people and exchanged more than USD 4.9 million for four other members of the criminal enterprise between September 2015 and December 2018.
KuCoin, a Singapore-based cryptocurrency exchange was hacked and lost at least USD 150 million in various currencies, including BTC, ETH, LTC, XPR, and a couple of other. KuCoin’s cold wallets were not affected.
Coinbase CEO announced in a blog post that the exchange is a mission-focused company, and would not focus on causes not directly related to their mission (create an open financial system for the world), such as policy decisions, non-profit work, broader societal issues, and political causes.
A man was indicted in Pennsylvania for purchasing at least 50 grams of methamphetamines with the intent to distribute. The indictment isn’t rich in details, but we know that the US Postal Inspection Service, the DEA, and McKean County forces were involved.
A Texas man was sentenced to 40 years in prison on child exploitation charges related to a post on an onion service where he said: “I’d like to try necrophilia and cannibalism, and see how it feels to take a life. If you’d be willing to let me kill you, are in the US (preferably in the south), and can travel by car, contact me”. Law enforcement posing as the father of a 13 years old child contacted him and exchanged various messages where the culprit repeated interest in raping, killing, and eating the 13-year old child.
General Security #
The hacker that broke into LinkedIn and Dropbox in 2012 and accessed millions of users’ data was sentenced to 88 months in prison. He was arrested while travelling to the Czech Republic in October 2016, and extradited to the US in March 2018.
The U.S. Treasury Department’s Office of Foreign Assets Control announced that organizations helping ransomware victims to make ransom payments are at risk of violating OFAC regulations, and therefore risk sanctions. The agency also said that potential sanctions could be mitigated if companies hit by ransomware report the incident to law enforcement, and provide assistance.
Twitter sent emails to developers to warn them that their API keys and secret access tokens could have stored in browsers cache while accessing developer.twitter.com.
A school in Nevada suffered from a ransomware attack at the end of September and refused to pay the ransom. In retaliation, the hacker shared students’ personal information, including names, social security numbers, addresses and (undisclosed) financial information.
A judge in the District of Columbia granted TikTok’s request for a temporary injunction preventing the Trump administration’s order aimed at banning the application from Google’s and Apple’s app stores. TikTok’s lawyer claimed that ByteDance, the parent company was denied due process and that a ban would violate the First Amendment rights to free speech.
Pastebin, the most popular text snippet sharing website added features to enhance users privacy. The service is notably used by malicious actors for things such as sharing hacked data, or by malware operators to send malicious commands to infected hosts. Pastebin is scrapped by various security companies and researchers to identify malicious ad sensitive content. They will now be prevented to do that to a certain extent. Some expect malware operators to take advantage of these new features widely.