We have collected the most important news from the world of cyber security for the week.
- The hacker extorted $1 million in Monero from Optus, but later apologized for the leak.
- In Great Britain, the alleged hacker of Uber and Rockstar Games was arrested.
- Malicious versions of WhatsApp were found in the application stores.
- Experts warned the owners of crypto wallets about the activation of the NullMixer Trojan.
An ex-NSA employee tried to sell secret information for cryptocurrency
Former employee of the US National Security Agency (NSA) accused of espionage in favor of a foreign government. He was going to sell secret information for $85,000 in cryptocurrency.
According to the Ministry of Justice, 30-year-old Jare Sebastian Dahlke held the position of security developer of NSA information systems from June 6 to July 1, 2022. At the end of July, he began communicating with a person connected, in his opinion, to a foreign government. In fact, his interlocutor was an undercover FBI agent.
Dahlke offered to sell him confidential information related to foreign targeting of US systems and data on US cyber operations. For his services, he requested an unnamed cryptocurrency equivalent to $85,000. The “buyer” had previously received extracts from three secret documents.
Dalke was detained during another attempt to hand over information of state importance. He was charged with espionage.
If proven guilty, the ex-NSA employee faces life imprisonment or the death penalty.
The hacker extorted $1 million in Monero from Optus, but later apologized for the leak
On September 22, a hacker hacked the Australian telecommunications giant Optus, gaining access to information about 9.8 million customers of the operator. The company confirmed the leak.
The attacker published a post on one of the darknet forums in which he demanded to pay him $1 million in Monero cryptocurrency within a week. Otherwise, he threatened to sell confidential data.
As proof, the hacker published 200 sample records from databases. Later, he posted information about another 10,000 of the company’s clients, insisting on a buyout.
A few days later, the original post was deleted, but other forum users managed to copy the stolen data and distribute it. Some Optus customers reported that they received anonymous letters demanding to pay $2,000 for the deletion of personal information.
In a new message on the forum, the hacker apologized for the cyberattack, adding that the publication of the stolen information “was a mistake.”
At Optus confirmed leak, stating that it could contain client names, dates of birth, phone numbers, e-mail addresses, as well as passport and driver’s license numbers. Payment details and account passwords were not compromised.
Now the company is working together with the police investigating the incident. She also agreed to pay for the replacement of passports revealed as a result of the leak.
WhatsApp detected malicious versions of the messenger for Android
WhatsApp clones have been found in application stores for Android devices that can protect users’ correspondence and personal data. This is reported The Sun.
Criminals distribute malicious software under the guise of an improved version of the manager with exclusive functions. In fact, together with the downloaded software, the user installs a virus on the device that tracks its subsequent actions.
WhatsApp warned that all unofficial applications violate the company’s Terms of Service.
“If you use them, there is no guarantee that your messages or data, such as location or files you share, will be safe,” the developers noted.
They added that they intend to block WhatsApp users who install such applications. Google emphasized that they have started removing malicious copies from stores.
Lazarus was infected with Trojans of open source programs
North Korean hacker group Lazarus infects legitimate open source software with Trojans to attack large organizations. This was reported by experts Microsoft.
According to experts, from June 2022, hackers will create fake profiles on LinkedIn, offering vacancies on behalf of well-known technology, defense and media companies. Later, they transfer the dialogue to WhatsApp and send the interlocutor a file with a backdoor integrated into it.
The malware provides attackers with access to the attacked network and remote systems to steal confidential information.
Legitimate open source programs used by hackers for infection include PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and muPDF/Subliminal Recording installer.
The malicious campaign is aimed, first of all, at technical support specialists working in IT and media in the UK, India and the USA.
At the same time, experts SentinelOne found that Lazarus hackers use fake job offers on behalf of the cryptocurrency platform Crypto.com to steal digital assets from potential applicants.
In Great Britain, the alleged hacker of Uber and Rockstar Games was arrested
On September 22, the City of London police reported the arrest of a 17-year-old boy suspected of involvement in recent major cyberattacks. Law enforcement did not provide additional details of the investigation, noting only that the arrest occurred in Oxfordshire.
Later, the British journalist Matthew Keys through his sources confirmed, that the arrested teenager is connected with the hacker group Lapsus$. He was charged with hacking video game developers Rockstar Games and Take Two Interactive.
The guy is also considered the mastermind behind the attack on Uber Technologiesinformed sources added.
Earlier this year, the teenager was accused of compromising the data of technology companies Microsoft, Okta and others Nvidia. Then he was released on bail pending a court hearing.
Now the prosecutor’s office, in addition to illegal use of computers, accuses him of violating bail conditions.
A law enforcement source reported that at least two other people were involved in the attack on Rockstar Games and Uber. Additional arrests are expected.
In Germany, a hacker was arrested for stealing €4 million using phishing
German Federal Criminal Police (BKA) established three suspects in the organization of large-scale phishing campaigns, as a result of which bank clients lost €4 million. One of them was arrested.
According to the agency, from October 3, 2020 to May 29, 2021, criminals sent phishing emails in the name of real German banks. In them, they indicated the supposedly upcoming changes in the internal security system and offered to go to the link to enter current account data.
In addition, victims were asked to provide a one-time code for online transactions, allowing hackers to access their electronic banking and withdraw funds.
In order to hide fraudulent operations, the attackers conducted a series of operations DDoS– attack on banking systems.
One of the hackers was arrested, the second was charged with 124 episodes of computer fraud. The investigation into the case of the third is ongoing.
Experts warned the owners of crypto wallets about the activation of the NullMixer Trojan
Since the beginning of the year, almost 50,000 users around the world have encountered an attack by the NullMixer Trojan, which, among other things, changes the address of crypto-wallets. This was reported by specialists “Kaspersky Laboratories”.
Criminals spread malware on sites for downloading various hacking tools, key generators, and activator programs.
Once on the victim’s computer, NullMixer downloads many malicious files. Among them are spyware, backdoors, bankers, as well as the RedLine styler. The latter is able to change the address of crypto wallets, protect account data in Telegram and a number of VPN applications, Discord tokens, saved passwords and cookies from browsers.
Experts emphasized that the creators of the Trojan use professional ones SEO– tools. With their help, sites on which malware is spread appear on the first lines in search engines.
Also on ForkLog:
What to read on the weekend?
We suggest that you recall the relevant material about the introduction of facial recognition technologies in Russian cities and the legal aspect of this trend.
Read ForkLog bitcoin news in our Telegram — cryptocurrency news, courses and analytics.
Found an error in the text? Select it and press CTRL+ENTER