Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label DOGE. Show all posts
User Security
Cyber Attacks DOGE Fog Hackers Ransomware attack User Security

'Fog' Attackers Mock Victims With DOGE Ransom Notes

 

Fog ransomware assaults over the last month have included a new ransom note mentioning the US Department of Government Efficiency (DOGE) and enticing victims to propagate the malware to other PCs, Trend Micro said earlier this week. 

Analysis of the latest samples of Fog ransomware, which were published to VirusTotal between March 27 and April 2, 2025, found that they propagated via the transfer of a ZIP file containing an LNK file disguised as a PDF called "Pay Adjustment." This shows that attacks were carried out via phishing emails to employees.

Once the "Pay Adjustment" LNK file is clicked, a PowerShell script named stage1.ps1 is executed, which retrieves multiple payloads from a hacker-controlled domain. These include the ransomware loader cwiper.exe, a bring-your-own-vulnerable-driver (BYOVD) privilege escalation tool named Ktool.exe, a QR code image directing to a Monero wallet, a ransom letter called RANSOMNOTE.txt, and more malicious PowerShell scripts. 

Ktool.exe extracts the vulnerable Intel Network Adapter Diagnostic Driver iQVW64.sys to the %TEMP% folder, passing the target process ID (PID) and a hardcoded key as arguments. Lootsubmit.ps1 and Trackerjacker.ps1 are PowerShell scripts that collect and exfiltrate system information such IP addresses, CPU configurations, MAC addresses, and system geolocations. 

Before dropping the Fog ransomware, the ransomware loader checks to ensure it is not in a sandbox environment. It also drops dbgLog.sys, which tracks encryption-related activities, and readme.txt, an additional ransom note. This ransom note is identical to those found in past Fog ransomware assaults. 

Odd political references

While the final ransom note, readme.txt, is identical to prior attacks, the initial ransom note, RANSOMNOTE.txt, refers to DOGE and includes the names of specific individuals involved with the department. 

The note reads, "Give me five bullet points on what you accomplished for work last week," and refers to emails sent to federal employees in February as part of a DOGE campaign. The note further offers to decrypt the user's data for free if they deliver the malicious files to another person or manually execute the malicious PowerShell commands on someone else's PC. 

Earlier this year, the DoNex ransomware group followed a similar tactic, promising payment to targets in exchange for sharing sensitive company data or spreading the malware throughout their organisation. The PowerShell script also contains bizarre political references, such as the statement "The CIA didn't kill Kennedy, you idiot." The script also launched several politically orientated YouTube videos, including an episode of "Last Week Tonight with John Oliver.”
Read more »
Personal Data
Dark Web Dark website Data Breach Data Brokers Data Leak data security DOGE Elon Musk ParkMobile Personal Data

Dark Web Site DogeQuest Targets Tesla Owners Using Data from ParkMobile Breach

 

A disturbing dark web website known as DogeQuest has surfaced, targeting Tesla owners and associates of Elon Musk by publishing their personal information. The data used on the site appears to have been sourced largely from a 2021 breach of the ParkMobile app, which affected over 21 million users. 

According to privacy research group ObscureIQ, 98.2% of the individuals listed on DogeQuest can be matched to victims of the ParkMobile hack. The site initially operated on the surface web but now functions under a .onion domain, which anonymizes its hosting and complicates takedown efforts by authorities. The purpose of DogeQuest is masked as an “artistic protest” platform, encouraging acts of vandalism against Tesla vehicles. 

Although the site claims neutrality by stating it does not endorse or condemn actions taken, it openly hosts names, home addresses, contact details, and even employment information of more than 1,700 individuals. These include not only Tesla drivers but also DOGE employees, their families, and high-profile individuals from the military, cybersecurity, and diplomatic sectors. The website’s presence has allegedly been linked to real-world vandalism, prompting federal investigations into its operations. 

ObscureIQ’s analysis reveals that the core data used by DogeQuest includes email addresses, phone numbers, and license plate details—information originally accessed through ParkMobile’s compromised Amazon Web Services cloud storage. While ParkMobile claimed at the time that no financial data was exposed, the combination of breached user data and information purchased from data brokers has been enough to target individuals effectively. 

A class-action lawsuit against ParkMobile later resulted in a $32 million settlement for failing to secure user data. Despite the gravity of the situation, no other public reporting had directly connected DogeQuest to the ParkMobile breach until ObscureIQ’s findings were shared. The doxxing platform has evolved into a larger campaign, now also publishing details of prominent federal employees and private sector figures. A spreadsheet reviewed by the Daily Caller News Foundation highlights how widespread and strategic the targeting has become, with individuals from sensitive fields like defense contracting and public health policy among the victims. 

Law enforcement agencies, including the FBI and DOJ, are now actively investigating both the digital and physical components of this campaign. Just last week, the Department of Justice charged three individuals suspected of attacking Tesla vehicles and infrastructure across multiple states. However, officials have not yet confirmed a direct link between these suspects and DogeQuest. The FBI has also noted a troubling increase in swatting incidents aimed at DOGE staff and affiliates, indicating that the site’s influence may extend beyond digital harassment into coordinated real-world disruptions. 

With DogeQuest continuing to evade takedown attempts due to its anonymized hosting, federal authorities face an uphill battle in curbing the campaign. ParkMobile has so far declined to comment on the matter. As the scope and sophistication of this doxxing effort grow, it underscores the lingering impact of data breaches and the increasing challenges in protecting personal information in the digital age.
Read more »
USAID
Cyber Security Data Leak DOGE Elon Musk Threat Landscape USAID

Threat Analysts Warn of the 'Largest Data Breach' After Elon Musk's DOGE Controversy

 

The debate over Elon Musk's Department of Government Efficiency continues, with the world's richest man accused of snooping on some of America's most sensitive data. The DOGE has been tasked with reducing government spending by a paltry $2 trillion, which Musk himself admits might be unfeasible. 

However, the billionaire and his crew have lost no time to shed the fat, targeting everything from the National Space Council to USAID. Concerns have been raised regarding the DOGE's level of access, and some staff members have received death threats as a result of the debate.

"You can’t un-ring this bell,” the anonymous source told the local media outlet. Once these DOGE guys have access to these data systems, they can ostensibly do with it what they want." 

Four sources spoke to the local media outlet, but only Scott Cory would go on record. The former CIO for an HHS agency said: "The longer this goes on, the greater the risk of potential fatal compromise increases.” 

The National Oceanic and Atmospheric Administration, the Office of Personnel Management, the Department of Health and Human Services, and the U.S. Treasury have all apparently been accessed by the DOGE. "I don't think the public quite understands the level of danger," a federal agency administrator continued. 

With its newfound authority, the DOGE might prevent payments to government agencies and redirect funds to organisations it chooses. There are concerns that possible access to Federal Aviation could be "dire," even if Musk hasn't altered the current system yet. 

There have also been criticism that he has brought in a young team of technical wizards, but one payment-systems expert remarked that this is actually a good thing: "If you were going to organise a heist of the US Treasury, why in the world would you bring a handful of college students?" He went on to suggest that you'd need numerous people with at least ten years of experience with COBOL. 

Despite not being paid, working 120 hours a week, and sleeping in the offices, DOGE employees have been flexing their muscles to make some significant savings. Looking at the broad picture, one source concluded: "I'd want to believe that this is all so enormous and convoluted that they won't be successful in whatever they're attempting to do. But I wouldn't bet that outcome against their egos.”
Read more »
Subscribe to: Posts (Atom)