We’ve rounded up the most important news from the world of cybersecurity for the week.
- The hacker extorted $1 million in Monero from Optus, but later apologized for the leak.
- In Britain, the suspected Uber and Rockstar Games hacker has been arrested.
- Malicious versions of WhatsApp have been found in app stores.
- Experts have warned owners of crypto wallets about the activation of the NullMixer Trojan.
A former NSA employee tried to sell secret information for cryptocurrency
Former employee of the United States National Security Agency (NSA) accused of espionage in favor of a foreign government. He was going to sell secret information for $85,000 in cryptocurrency.
According to the Department of Justice, Jare Sebastian Dahlke, 30, served as the NSA’s Information Systems Security Developer from June 6 to July 1, 2022. In late July, he began communicating with someone related , according to him, to a foreign government. In fact, his interlocutor was an undercover FBI agent.
Dahlke offered to sell him confidential information related to foreign targeting of US systems and data on US cyber operations. For his services, he requested an unnamed cryptocurrency equivalent to $85,000. The “buyer” had previously received excerpts from three secret documents.
Dalke was arrested in another attempt to turn over information important to the state. He was charged with espionage.
If proven guilty, the former NSA employee faces life imprisonment or the death penalty.
The hacker extorted $1 million in Monero from Optus, but later apologized for the leak
On September 22, a hacker hacked into Australian telecommunications giant Optus, accessing information about the operator’s 9.8 million customers. The company confirmed the leak.
The attacker posted a message on one of the darknet forums in which he demanded to pay him $1 million in Monero cryptocurrency within a week. Otherwise, he threatened to sell confidential data.
As proof, the hacker published 200 examples of records from databases. He later released information on another 10,000 of the company’s customers, insisting on a takeover.
A few days later, the original post was deleted, but other forum users managed to copy the stolen data and distribute it. Some Optus customers have reported receiving anonymous letters asking to pay $2,000 for the deletion of personal information.
In a new forum post, the hacker apologized for the cyberattack, adding that posting the stolen information “was a mistake”.
At Optus confirmed leaked, saying it may contain customer names, birth dates, phone numbers, email addresses, as well as passport and driver’s license numbers. Payment details and account passwords were not compromised.
Now the company works together with the police investigate the incident. She also agreed to pay for the replacement of passports revealed following the leak.
WhatsApp has detected malicious versions of the messenger for Android
WhatsApp clones have been found in application stores for Android devices that can protect users’ correspondence and personal data. This is reported The sun.
Criminals distribute malware under the guise of an enhanced version of the manager with exclusive functions. In fact, along with the downloaded software, the user installs a virus on the device that tracks their subsequent actions.
WhatsApp has warned that all unofficial apps violate the company’s terms of service.
“If you use them, there is no guarantee that your messages or data, such as location or files you share, will be safe,” the developers noted.
They added that they intend to block WhatsApp users who install such apps. Google pointed out that they have started removing malicious copies from stores.
Lazarus was infected with Trojans from open source programs
The North Korean hacker group Lazarus infects legitimate open source software with Trojans to attack large organizations. This has been reported by specialists Microsoft.
According to experts, from June 2022, hackers will create fake profiles on LinkedIn, offering vacancies on behalf of well-known technology, defense and media companies. Later, they transfer the dialogue to WhatsApp and send the interlocutor a file with an embedded backdoor.
The malware allows attackers to access the attacked network and remote systems to steal confidential information.
Legitimate open source programs used by hackers for infection include PuTTY, KiTTY, TightVNC, Sumatra PDF Reader and muPDF/Subliminal Recording installer.
The malicious campaign primarily targets tech support specialists working in IT and media in the UK, India and the US.
At the same time, specialists SentinelOne discovered that Lazarus hackers are using fake job postings on behalf of cryptocurrency platform Crypto.com to steal digital assets from potential candidates.
In Britain, the alleged hacker of Uber and Rockstar Games has been arrested
On September 22, City of London Police reported the arrest of a 17-year-old boy suspected of involvement in the recent major cyberattacks. Law enforcement did not provide further details of the investigation, noting only that the arrest took place in Oxfordshire.
Later British journalist Matthew Keys through his sources confirmed, that the arrested teenager is linked to the Lapsus$ hacker group. He was accused of hacking video game developers rock star games and Take Two Interactive.
The guy is also considered the mastermind behind the attack on UberTechnologiesinformed sources added.
Earlier this year, the teenager was accused of compromising data from tech companies Microsoft, Okta and others Nvidia. He was later released on bail pending a court hearing.
From now on, the prosecution, in addition to the illegal use of computers, accuses him of having violated the conditions of his bail.
A law enforcement source reported that at least two other people were involved in the attack on Rockstar Games and Uber. Further arrests are expected.
In Germany, a hacker was arrested for having stolen 4 million euros by phishing
German Federal Criminal Police (BKA) established three suspects in the organization of large-scale phishing campaigns, during which bank customers lost 4 million euros, one of which was arrested.
According to the agency, from October 3, 2020 to May 29, 2021, criminals sent phishing emails on behalf of genuine German banks. There they indicated the supposed upcoming changes in the internal security system and offered to access the link to enter current account data.
Additionally, victims were asked to provide a one-time code for online transactions, allowing hackers to access their electronic banking and withdraw funds.
In order to conceal fraudulent operations, the attackers carried out a series of operations DDoS– attack on banking systems.
One of the hackers was arrested, the second was charged with 124 episodes of computer fraud. The investigation into the case of the third is ongoing.
Experts Warned Crypto Wallet Owners About NullMixer Trojan Activation
Since the beginning of the year, almost 50,000 users worldwide have been confronted with an attack by the NullMixer Trojan, which among other things changes the address of crypto-wallets. This has been reported by experts “Kaspersky Laboratories”.
Criminals spread malware on sites to download various hacking tools, key generators and activation programs.
Once on the victim’s computer, NullMixer downloads lots of malicious files. Among them are spyware, backdoors, bankers, as well as the RedLine styler. The latter is able to change the address of crypto wallets, protect account data in Telegram and a number of VPN applications, Discord tokens, saved passwords and browser cookies.
Experts pointed out that the creators of the Trojan use professionals SEO– tools. With their help, the sites on which malware spreads appear in the first line in search engines.
Also on ForkLog:
What to read on the weekend?
We suggest you recall the relevant material on the introduction of facial recognition technologies in Russian cities and the legal aspect of this trend.
Read ForkLog bitcoin news in our Telegram – cryptocurrency news, quotes and analysis.
Found an error in the text? Select it and press CTRL + ENTER