News

Weekly News Recap 1

Too busy during the week? You don't have time to follow the latest news? Don't worry; I have you covered. Starting this week, I will try to publish every week a recap of newsworthy items with links to relevant articles from more details.

This weekly recap will be separated in a couple of sections: Darknet, Cryptocurrencies, APT, General Security. This may change across time, but these are more or less the subjects that will be covered.

APT

Back Despite Disruption: RedDelta Resumes Operations (Recorded Future)

Two months after extensive public reporting on its targeting of the Vatican and other Catholic organisations, RedDelta (affiliated to China) is back. They did change control domains and took other basic operational security measures, but their techniques and procedures remain consistent. Insik attributed new activities to the group such as PlugX samples featuring decoy documents themed around Catholicism, and additional network intrusion activity targeting Myanmar government systems and two Hong Kong universities.

Seven International Cyber Defendants, Including “Apt41” Actors, Charged In Connection With Computer Intrusion Campaigns (DoJ)

The American authorities charged 2 Malaysian and 5 Chinese people linked to the Apt41, aka Barium, Winnti, Wicked Panda, and Wicked Spider. One of the defendants has alleged connections with the Chinese Ministry of State Security. This APT made more than 100 victims globally and is involved in the theft of source code, software code signing certificates, customer account data, and valuable business information. They also ran ransomware and crypto-jacking. In addition to arrest warrants, the gov seized hundreds of accounts, servers, and domain names. No numbers are shared, but a lot of money is probably involved.

Cryptocurrencies

Binance is sued by Japanese crypto exchange Fisco for allegedly facilitating the laundering of $9 million (The Block)

On Monday, Fisco, a Japanese crypto currencies exchange sued Binance in a US court following Zaif (exchange belonging to Fisco) hack in 2018. During this hack, they lost about USD 63 million in various cryptocurrencies. The thieves laundered 1,451.7 BTC through Binance, which Fisco is accusing of having unbelievably lax KYC (Know Your Customers) policies that allowed the laundering to happen. Fisco is seeking USD 9 million in compensation.

Crypto Investors Have Ignored Three Straight 51% Attacks on ETC (Coin Desk)

ETC has been experiencing three 51% attacks (allowing attackers to double-spend coins if they have more than half of the hashing power within the network) within one month, but the price stays relatively stable.

Kraken Wins Bank Charter Approval (Kraken Blog)

The State of Wyoming has approved Kraken’s application to form the world’s first Special Purpose Depository Institution (SPDI), tentatively called Kraken Financial. Kraken aims to create a bridge between the crypto economy and the existing financial system, which can be achieved thanks to the bank charter permit, that allows Kraken to operate a fully independent bank. Kraken Financial will only be available to US residents at first but hope to expand soon.

Police summon Bithumb chairman for questioning over alleged fraud (Coin Telegraph)

The Seoul Metropolitan Police Agency is seeking to question Lee Jung-hoon, chairman of Bithumb. He is allegedly (among other things) accused of fraud regarding the BXA token's listing. The purported fraud caused up to USD 25 million.

Darknet

Icarus Market Exit Scam - A Chronology of Events

On September 9th, Shortly after Empire Market exit scammed, Icarus market did the same in a surprisingly similar manner. One of the previous moderators declared war on the administrators, and the FBI might have located the servers before the shutdown.

General Security

Cloudflare and the Wayback Machine, joining forces for a more reliable Web (Archive.org blog)

Cloudflare and Wayback Machine established a new partnership. The websites behind Cloudflare servers, and using the "Always Online" service will now have their content automatically archived on the Wayback machines, and served from there if the website's host becomes unavailable.

Hospital patient dies following botched ransomware attack (Graham Cluley)

A patient died in Germany because of a ransomware attack hit the Düsseldorf University Clinic where the patient was supposed to be sent. Instead, he was redirected to another hospital, 32 km away, and couldn't be treated on time. The ransom was addressed to the university the hospital was belonging to, and not to the hospital itself.

Mozilla to shutdown Firefox Send and Firefox Notes (Mozilla Blog)

Mozilla redefined its product focus and will decommission Firefox Send and Notes. Firefox Send was already temporarily made unavailable starting July 2020, after it was discovered that malware operators were abusing it.

Cerberus banking Trojan source code released for free to cyberattackers (ZDNet)

It was recently discovered that Cerberus (an android banking trojan active since July 2019) was being auctioned in a bid by one of its developers. The starting price was USD 50,000, and the package was including all the source code (.apk malware and control panel) as well as the customers list, and their contact information. It was reported that as no one looked interested in paying this much, and, as the auction failed the developer released the code source for free on a Russian forum

Thunderbird implements PGP crypto feature requested 21 years ago (Thunderbird blog)

Twenty-one years after the ticket asking for PGP to be integrated with Thunderbird was created, the integration has finally been completed. It was possible to use PGP within the mail client before, but it required a third-party plug-in.

Author image

About Ixonae