Tuesday, April 5, 2022 // (IG): BB //Weekly Sponsor: Cloakedentryco
MailChimp Hacked: Stolen Data Used for Phishing Attacks on Trezor Crypto Wallet Users
FROM THE MEDIA: Hackers utilized an internal tool to collect data from 102 of MailChimp's clients, and the stolen information was subsequently used to phish users of the popular cryptocurrency wallet Trezor. Trezor users received emails over the weekend saying that their accounts had been compromised due to a data breach. The email contained a phishing site that claimed to be a link to an updated version of Trezor Suite, as well as instructions on how to set up a new pin — but it was actually a phishing site designed to steal the contents of their digital wallets. Cybercriminals accessed MailChimp's systems at some point last month, taking information from 102 users, the company said on Monday, April 4. The incident, which was discovered by MailChimp personnel on March 26, entailed an unknown threat actor gaining access to internal tools used by the company's customer support staff for account administration. According to MailChimp's Chief Information Security Officer Siobhan Smyth, the breach was propagated by an external actor who successfully executed a social engineering attack on MailChimp employees, resulting in employee credentials being hijacked. The hacker or hackers then exploited their access to the company to obtain subscriber data.
READ THE STORY: Itechpost
Okta CEO says Lapsus$ hack is ‘big deal’, aims to restore trust
FROM THE MEDIA: Okta Inc. doesn’t yet know how many of its customers were affected by a January data breach that the company waited nearly two months to make public, Chief Executive Officer Todd McKinnon told Bloomberg Television on Monday. Said during an interview with. Okta, which provides user authentication services, revealed last month that it was hacked in January after a group that claimed responsibility for the intrusion, Lapsus$ posted screenshots that appeared to show access to Okta accounts. As a “trusted identity provider for more than 15,000 companies,” McKinnon said, “anytime something like this happens, it’s a big deal.” The hackers used an unnamed competitor’s software to break into third-party call centers, where about 40 people acted as Okta’s support agents to provide support to customers, he said. McKinnon said the hackers took and posted screenshots of what the support agents were doing on his computer. “I want to be really clear that we are responsible,” he said. “So third-party this and third-party that. It is our responsibility to ensure that these things do not happen.”
READ THE STORY: Business News
Cybercrime Group FIN7 Moves into Ransomware Operations
FROM THE MEDIA: FIN7, a notorious group of cyber criminals known for disrupting businesses by infiltrating their payment systems might have another operation to pull off. Cybersecurity firm Mandiant recently found out that the hackers under this group have transitioned to launching ransomware attacks on their victims. Mandiant unveiled that a notorious group of cybercriminals called FIN7 has transitioned to ransomware operations. In an initial report released by Mandiant on Monday, April 4, the tactics of hackers have changed operations in recent years. The cybersecurity company said that there has been an increase in the case of ransomware attacks spearheaded by FIN7. To note, the researchers wrote that the group has deployed several security threats such as BlackCat, Ryuk, and Maze. Mandiant added that there was a huge change in the hackers' operation. Even so, they could also have links to previous ransomware attacks that took place in some parts of the world. The researchers discovered that Bastion Secure also serves as FIN7's front for carrying out malicious operations. The experts considered this to be a "major indicator" of the group's transition to a different venture.
READ THE STORY: Techtimes
Indiana utilities could be vulnerable to cyber attacks from Russia
FROM THE MEDIA: U.S. economic sanctions on Russia could open up Indiana utilities to cyber attacks. Von Welch, director of Indiana University’s Center for Applied Cybersecurity Research, said either the Russian government or Russian individuals could hack into utilities’ computer systems in retaliation. "Would probably have the goal of causing a shutdown of those utilities for some period of time, a lot of disruption," Welch said. "Get a lot of noise and media and hope to sort of cause anxiety here about our involvement in the sanctions against Russia." Welch said hackers used to be more financially motivated — targeting things like credit cards and social security numbers — but these politically motivated attacks are becoming more common. Last spring, hackers held access to a large oil and gas pipeline for ransom. And a few years ago, Russian spies tried to gain control of a Kansas nuclear power plant.
READ THE STORY: WFYI
Debate erupts at news the White House may scale back DOD cyber-ops authorities
FROM THE MEDIA: Days after CyberScoop exclusively reported the White House is considering scaling back a Trump-era policy giving the Department of Defense and U.S. Cyber Command broad authorities to launch cyber-operations, conflict erupted in Washington about the wisdom of such a move. More than three years after the Trump administration gave DOD those authorities, White House officials have launched an “interagency review process” to hammer out revisions to NSPM-13 with an eye on scaling it back and returning some control over cyber ops to the White House. Cybersecurity experts debated the merits of the White House’s plans to revise NSPM-13, with some asserting that cyber operations will be dangerously slowed down if the White House becomes involved in the process. Others argued that the White House has to take back control. Those in the latter camp say it is unsafe for DOD to act without knowledge of political and diplomatic considerations — and they questioned how effectively the DOD has wielded its broad authority to undertake offensive cyber operations.
READ THE STORY: Cyberscoop
TikTok owner ByteDance 'scraped' content from Instagram, Snapchat
FROM THE MEDIA: Chinese short-video-making app TikTok's parent company ByteDance allegedly made fake accounts with content taken from Instagram, Snapchat and other social media platforms, a new report has claimed.
According to BuzzFeed News, the company then posted those fake accounts on popular mobile app Flipagram to grow further. "The China-based company scraped public accounts and then duplicated them on Flipagram, a predecessor to TikTok, according to four former employees and documents viewed by BuzzFeed News," the report said late on Monday. Founded in 2013, Flipagram allowed users to create and share short videos as something of a TikTok precursor. ByteDance allegedly took videos, usernames, pictures and more from the social media platforms and uploaded them to the app without users' consent or knowledge. Internal documents reviewed by BuzzFeed News indicate that the scraping was seen as a "growth hack" for the company. According to the former employee, the team's goal was to "scrape more than 10,000 videos a day in the highest priority countries". The scraped content was used to train ByteDance's powerful "For You" personalization algorithm on the US-based content.
READ THE STORY: Economic Times
Global APT Groups Use Ukraine War for Phishing Lures
FROM THE MEDIA: Security researchers have detected multiple APT campaigns leveraging Ukraine war-themed documents and news sources to lure victims into clicking on spear-phishing links. Check Point Research said victim locations ranged from South America to the Middle East, with malware downloads designed to perform keylogging and screenshotting and execute commands. The threat groups in question include El Machete, which is targeting the financial and government sectors in Nicaragua and Venezuela with malicious macro-laden Word documents containing articles on the war. One of the docs was an article written by the Russian ambassador to Nicaragua titled: “Dark plans of the neo-Nazi regime in Ukraine.” Another is Lyceum, an Iranian state-linked group targeting the energy sector with emails about war crimes in Ukraine that link to a malicious document hosted elsewhere. Its victims so far have been in Israel and Saudi Arabia, according to Check Point. One email contained a link to an article from The Guardian hosted on the news-spot[.]live domain, alongside several malicious docs about the war. The last of the three groups is SideWinder, which has been linked to India in the past. Targeting Pakistani victims, its lure is a purported document from the National Institute of Maritime Affairs of Bahria University in Islamabad, titled “Focused Talk on Russian Ukraine Conflict Impact on Pakistan.”
READ THE STORY: Infosecurity
Ukraine: The cyber battlefield
FROM THE MEDIA: On the 24th February 2022 armed forces of the Russian state crossed into Ukraine in what Vladimir Vladimirovich Putin described as a ‘special military operation’. Since then, the majority of news coverage has understandably centred on the military conflict and the humanitarian tragedy that has unfolded. However, today any such conflict inevitably includes a cyber component. Russia is acknowledged to be a leader in the use of cyber ‘weapons’ including traditional hacking of systems and networks, large scale disinformation and social media manipulation. Most likely uses for such weapons are disruption of government operation, military operation, disinformation, interference with industrial systems such as power grids and telecommunications and propaganda. The best cyber weapons and the best infiltrations are, by their nature, difficult to detect. When at war there is no time for careful, forensic analysis of systems. Adaptation is likely to be the first stage in reacting to technical issues. Maintaining services and working around or patching broken elements of networks in order to re-enable or replace systems under threat. So with this in mind let’s take a look at the various aspects of the cyber conflict that is happening in parallel with the more traditional battles. Some background looking at previous attacks by Russia on Ukraine’s infrastructure will give us an idea of what type of attacks are likely taking place now. It should be stressed that, although we know much about the use of cyber in the conflict, so far full technical and strategic details will only emerge over time.
READ THE STORY: BCS
NSO hacked new Pegasus victims weeks after Apple sought injunction
FROM THE MEDIA: Investigators say they have found evidence that a Jordanian journalist and human rights defender’s iPhone was hacked with the Pegasus spyware just weeks after Apple sued the spyware’s maker NSO Group to stop it from targeting Apple’s customers. Award-winning journalist Suhair Jaradat’s phone was hacked with the notorious spyware as recently as December 5, 2021, according to an analysis of her phone by Front Line Defenders and Citizen Lab that was shared with TechCrunch ahead of its publication. Jaradat was sent a WhatsApp message from someone impersonating a popular anti-government critic with links to the Pegasus spyware, compromising her phone. According to the forensic analysis, Jaradat’s iPhone was hacked several times in the preceding months and as far back as February 2021. Apple had filed a lawsuit against Israeli spyware maker NSO Group in November 2021, seeking a court-issued injunction aimed at banning NSO from using Apple’s products and services to develop and deploy hacks against its customers.
READ THE STORY: Techcrunch
How Hackers Target Bridges Between Blockchains for Crypto Heists
FROM THE MEDIA: A $540 million cryptocurrency heist revealed last week marked the latest in a string of eye-popping hacks hitting a technology seen as a linchpin to building a more decentralized internet. Hackers moved the funds by exploiting the Ronin Network, software that allows users of the online game “Axie Infinity” to transfer digital assets across different blockchains. Growing sums of money exchanged over such bridges has turned them into targets. Developers are rushing to create these bridges to build out decentralized systems—known by the “Web3” catchall—that can host increasingly complex applications such as games or lending services. But the expansion has come with growing security risks as users flock to blockchains and investors pump money into the companies behind them. “The amount of value being locked in these bridges is skyrocketing,” said Arjun Bhuptani, founder of Connext Inc., which develops tools that help transfer information between blockchains. “Hacks will get bigger and bigger until we figure out better mechanisms [for protection].” Decentralized financial systems incurred at least $10.5 billion in losses in 2021 due to crime, according to blockchain analytics firm Elliptic Inc., an estimate including stolen funds and price drops in crypto offered by systems that were hacked.
STORY: WSJ
'Anonymous' Claims To Leak Personal Data Of 120,000 Russian Soldiers Fighting In Ukraine
FROM THE MEDIA: Cyber hacking group ‘Anonymous’ on Sunday claimed the responsibility for leaking the personal information regarding 120,000 Russian soldiers fighting in Ukraine. Saying that the information was leaked last month, the information included names, dates of birth, addresses, unit affiliation and passport numbers. ‘Anonymous’ said in a tweet, “All soldiers participating in the invasion of Ukraine should be subjected to a war crime tribunal”. Anonymous claimed responsibility for leaking personal information amid heightened scrutiny over alleged human rights abuses committed by Russian forces in the Ukrainian town of Bucha. Evidence has emerged suggesting that Ukrainian citizens in the town north of Kyiv were shot to death with hands tied behind their backs, and dead bodies were spotted in the yards, cars and even on the streets. It is pertinent to note that the leak of personal information of 120,000 Russian soldiers appeared in the Ukrainian news outlet Pravda on March 1, just days after Russian President Vladimir Putin announced a ‘special’ military operation in Ukraine. However, the Ukrainian outlet had not disclosed the time when the information came and stated that the “Centre for Defense Strategies acquired this data from reliable sources."
READ THE STORY: Republicworld
Items of interest
Researchers Discover New Android Spyware Linked to Russia’s Turla Hackers
FROM THE MEDIA: An Android spyware application has been discovered that acts as a “Process Manager” service in order to capture sensitive data from infected devices. The application, which has the package name “com.remote.app,” establishes communication with a remote command-and-control server, 82.146.35[.]240, which has previously been identified as infrastructure belonging to the Turla hacking gang located in Russia. An Android spyware application has been discovered that acts as a “Process Manager” service in order to capture sensitive data from infected devices. The application, which has the package name “com.remote.app,” establishes communication with a remote command-and-control server, 82.146.35[.]240, which has previously been identified as infrastructure belonging to the Turla hacking gang located in Russia.
READ THE STORY: Phone World
How Elon Musk's Satellites Are Secretly DESTROYING Russian Military(Video)
FROM THE MEDIA: According to The Telegraph, Aerial Reconnaissance is being used to attack Russian drones, and it has been ongoing since February 24. The president of Ukraine, Volodymyr Zelensky, took to Twitter to thank Elon Musk for the support. Stick around to find out more about Elon Musk helping Ukraine. Subscribe to Futurity for more Elon Musk news.
Drone Digital Forensics(Video)
FROM THE MEDIA: A presentation on the importance of digital forensics following an incident or suspected incident.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com