Select Page
North Korean Hackers Stole Millions from Cryptocurrency Startups Worldwide

North Korean Hackers Stole Millions from Cryptocurrency Startups Worldwide

Operators associated with the Lazarus sub-group BlueNoroff have been linked to a series of cyberattacks targeting small and medium-sized companies worldwide with an aim to drain their cryptocurrency funds, in what’s yet another financially motivated operation mounted by the prolific North Korean state-sponsored actor.

Russian cybersecurity company Kaspersky, which is tracking the intrusions under the name “SnatchCrypto,” noted that the campaign has been running since at 2017, adding the attacks are aimed at startups in the FinTech sector located in China, Hong Kong, India, Poland, Russia, Singapore, Slovenia, the Czech Republic, the U.A.E., the U.S., Ukraine, and Vietnam.

“The attackers have been subtly abusing the trust of the employees working at targeted companies by sending them a full-featured Windows backdoor with surveillance functions, disguised as a contract or another business file,” the researchers said. “In order to eventually empty the victim’s crypto wallet, the actor has developed extensive and dangerous resources: complex infrastructure, exploits and malware implants.”

BlueNoroff, and the larger Lazarus umbrella, are known for deploying a diverse arsenal of malware for a multi-pronged assault on businesses to illicitly procure funds, including relying on a mix of advanced phishing tactics and sophisticated malware, for the sanctions-hit North Korean regime and generate revenue for its nuclear weapons and ballistic missile programs.

If anything, these cyber offensives are paying off big time. According to a new report published by blockchain analytics firm Chainalysis, the Lazarus Group has been linked to seven attacks on cryptocurrency platforms that extracted almost $400 million worth of digital assets in 2021 alone, up from $300 million in 2020.

images from Hacker News

U.K. Hacker Jailed for Spying on Children and Downloading Indecent Images

U.K. Hacker Jailed for Spying on Children and Downloading Indecent Images

A man from the U.K. city of Nottingham has been sentenced to more than two years in prison for illegally breaking into the phones and computers of a number of victims, including women and children, to spy on them and amass a collection of indecent images.

Robert Davies, 32, is said to have purchased an arsenal of cyber crime tools in 2019, including crypters and remote administration tools (RATs), which can be used as a backdoor to steal personal information and conduct surveillance through microphones and cameras, catching the attention of the U.K. National Crime Agency (NCA).

The cyber voyeur’s modus operandi involved catfishing potential targets by using fake profiles on different messaging apps such as Skype, leveraging the online encounters to send rogue links hosting the malware through the chats.

“Davies was infecting his victims’ phones or computers with malicious software by disguising it with the crypters so their antivirus protection would not detect it,” the NCA said in a statement. “He then used the RATs to gain remote access to their devices and steal any sexual images (mainly of females) they had stored on there.”

At least in one instance, Davies spied on a teenage girl via a hacked webcam. Officials said a total of 27 compromising images and videos of children were found on his computer, with over 30 victims identified over the course of the investigation.

Furthermore, Davies has been determined as a customer of a now-defunct marketplace called WeLeakInfo, which pawned access to data gathered from other websites until its disruption in January 2020. Later that year, the NCA arrested 21 individuals across the country for using the stolen personal credentials to commit further cyber and fraud offences.

images from Hacker News

Husband-Wife Arrested in Ukraine for Ransomware Attacks on Foreign Companies

Husband-Wife Arrested in Ukraine for Ransomware Attacks on Foreign Companies

Ukrainian police authorities have nabbed five members of a gang that’s believed to have helped orchestrate attacks against more than 50 companies across Europe and the U.S and caused losses to the tune of more than $1 million.

The special operation, which was carried out in assistance with law enforcement officials from the U.K. and U.S., saw the arrest of an unnamed 36-year-old individual from the capital city of Kyiv, along with his wife and three other accomplices.

A total of nine searches across the suspects’ homes were carried out, resulting in the seizure of computer equipment, mobile phones, bank cards, flash drives, three cars, and other items with evidence of illegal activity.

The Cyber Police of the National Police of Ukraine said the group offered a “hacker service” that enabled financially motivated crime syndicates to send phishing emails containing file-encrypted malware to lock confidential data pertaining to its victims, demanding that the targets pay cryptocurrency ransoms in return for restoring access to the files.

However, it’s not immediately clear what ransomware strain the perpetrators used to encrypt data on victim computers.

Besides ransomware attacks on foreign companies, the hacking cartel also provided IP-address spoofing services to transnational cybercrime actors, who unlawfully used the platform to break into systems belonging to government and commercial entities to collect sensitive information and carry out DDoS attacks to paralyze the networks.

“To launder criminal proceeds, the offenders conducted complex financial transactions using a number of online services, including those banned in Ukraine,” the Security Service of Ukraine (SSU) said. “At the last stage of converting assets into cash, they transferred funds to payment cards of an extensive network of fictitious persons.”

images from Hacker News

Cisco Releases Patch for Critical Bug Affecting Unified CCMP and Unified CCDM

Cisco Releases Patch for Critical Bug Affecting Unified CCMP and Unified CCDM

Cisco Systems has rolled out security updates for a critical security vulnerability affecting Unified Contact Center Management Portal (Unified CCMP) and Unified Contact Center Domain Manager (Unified CCDM) that could be exploited by a remote attacker to take control of an affected system.

Tracked as CVE-2022-20658, the vulnerability has been rated 9.6 in severity on the CVSS scoring system, and concerns a privilege escalation flaw arising out of a lack of server-side validation of user permissions that could be weaponized to create rogue Administrator accounts by submitting a crafted HTTP request.

“With these accounts, the attacker could access and modify telephony and user resources across all the Unified platforms that are associated to the vulnerable Cisco Unified CCMP,” Cisco noted in an advisory published this week. ” To successfully exploit this vulnerability, an attacker would need valid Advanced User credentials.”

images from Hacker News

GootLoader Hackers Targeting Employees of Law and Accounting Firms

GootLoader Hackers Targeting Employees of Law and Accounting Firms

Operators of the GootLoader campaign are setting their sights on employees of accounting and law firms as part of a fresh onslaught of widespread cyberattacks to deploy malware on infected systems, an indication that the adversary is expanding its focus to other high-value targets.

“GootLoader is a stealthy initial access malware, which after getting a foothold into the victim’s computer system, infects the system with ransomware or other lethal malware,” researchers from eSentire said in a report shared with The Hacker News.

The cybersecurity services provider said it intercepted and dismantled intrusions aimed at three law firms and an accounting enterprise. The names of the victims were not disclosed.

Malware can be delivered on targets’ systems via many methods, including poisoned search results, fake updates, and trojanized applications downloaded from sites linking to pirated software. GootLoader resorts to the first technique.

In March 2021, details emerged of a global drive-by download offensive that involved tricking unsuspecting victims into visiting compromised WordPress websites belonging to legitimate businesses via a technique called search engine poisoning that pushes these sites to the top of the search results.

images from Hacker News