Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Hacker group. Show all posts
server access
Black Suit hackers Cyber Data Breach Hacker group KADOKAWA cyberattack Ransomware Threat server access

Hackers Warn of Further Attacks on KADOKAWA, Claim Ongoing Access to Servers

 

KADOKAWA is on high alert for potential cyberattacks from the Russian hacker group Black Suit after failed negotiations aimed at resolving a previous major cyber incident. Black Suit, known for its ransomware operations, has warned of further attacks following KADOKAWA's refusal to pay an $8 million ransom (around 1.1 billion yen).

In a recent update to Kyodo News, the hackers disclosed that discussions with the company had broken down.

“We demanded $8 million, but KADOKAWA did not comply,” Black Suit stated, cautioning that the company “will face the same problem repeatedly” as they still have access to KADOKAWA’s systems.

Cybersecurity specialist Katsuji Okamoto from Trend Micro commented on the matter, stressing the severity of the threat.

“Even if this is a bluff, KADOKAWA must reassess its systems and prepare for the worst. Black Suit is notorious for their persistence and thorough execution of attacks, typically carrying them out from start to finish independently.”

KADOKAWA, however, has chosen not to disclose specific details about the incident, citing an active police investigation.

“This is a matter under police investigation, and we cannot comment,” a company spokesperson said.

The company initially reported the cyberattack in early June, noting disruptions across multiple websites and services. Since then, KADOKAWA has provided regular updates on its progress in system restoration and investigation efforts.

On June 27, 2024, Black Suit reportedly revealed the full scale of the breach, claiming they had stolen 1.5 terabytes of sensitive data, including business plans, user information, contracts, and financial records.

The group alleged they exploited vulnerabilities within KADOKAWA’s network infrastructure, gaining access to a “control center” that enabled them to encrypt the entire network, impacting subsidiaries like Dwango and NicoNico.

They threatened to release the stolen data if the ransom was not paid by July 1, 2024.

As of August 5, KADOKAWA confirmed a data leak affecting 254,241 individuals, following an investigation by third-party experts.
Read more »
Threat Management
Bypass Tool Cyber Security Data Privacy Hacker group Threat Management

New EDR Bypass Tool Advertised by FIN7 Hacking Group

 

SentinelOne researchers warn that the financially motivated group FIN7 is utilising various pseudonyms to promote a security evasion tool on several criminal underground forums. FIN7 created a tool called AvNeutralizer (also known as AuKill) that can circumvent safety measures. The researchers discovered that the tool was employed by multiple ransomware operations, including AvosLocker, MedusaLocker, BlackCat, Trigona, and LockBit. 

The researchers identified a new version of AvNeutralizer that uses a novel way to interfere with and bypass security mechanisms, exploiting the Windows driver ProcLaunchMon.sys. 

“New evidence shows FIN7 is using multiple pseudonyms to mask the group’s true identity and sustain its criminal operations in the underground market,” the researchers explained . “FIN7’s campaigns demonstrate the group’s adoption of automated SQL injection attacks for exploiting public-facing applications.” 

Last year in November, SentinelOne reported a potential link between FIN7 and the use of EDR evasion tools in ransomware attacks involving the Black Basta group. 

The cybersecurity firm's analysis revealed that the "AvNeutralizer" tool (also known as AuKill) targeted several endpoint security solutions and was utilised exclusively by one group for six months. This supported the hypothesis that the FIN7 group and the Black Basta gang had a close relationship.

Starting in January 2023, the experts detected the deployment of upgraded versions of AvNeutralizer by multiple ransomware gangs, implying that the programme was made available to multiple threat actors through underground forums. The researchers discovered numerous adverts on underground forums encouraging the sale of AvNeutralizer.

On May 19, 2022, a user named "goodsoft" advertised an AV killing tool for $4,000 on the exploit[.]in forum. Later, on June 14th, 2022, a person named "lefroggy" placed a similar ad on the xss[.]is forum for $15,000. A week later, on June 21st, a user known as "killerAV" advertised the tool on the RAMP forum for $8,000. 

SentinelOne researchers focused on the tool's innovative technique for disabling endpoint security solutions. The unpacked AvNeutralizer payload employs ten approaches to compromise system security systems. While multiple strategies have been reported, such as removing PPL protection using the RTCore64.sys driver and the Restart Manager API, a recently discovered technique includes utilising a Windows built-in driver capability that was previously unknown in the wild. 

“Our investigation into FIN7’s activities highlights its adaptability, persistence and ongoing evolution as a threat group. In its campaigns, FIN7 has adopted automated attack methods, targeting public-facing servers through automated SQL injection attacks,” the researchers concluded. “Additionally, its development and commercialization of specialized tools like AvNeutralizer within criminal underground forums significantly enhance the group’s impact.”
Read more »
Hacker group
Breach Forums Cyber Crime Dark Web Domain FBI Hacker group

Breach Forums Plans Dark Web Return Despite FBI Crackdown

 

Breach Forums, the infamous cybercrime and hacker forum, is all set to return to the dark web under a new Onion label, Hackread reported. While the exact timing for the resuscitation of its clearnet domain is unknown, officials are trying to revive it this week. 

ShinyHunters, a hacker and Breach Forums administrator, confirmed the latest developments to a local media outlet . According to the hacker, the new Onion domain for Breach Forums is preparing for a comeback, which is scheduled for the following week. 

"The onion is ready, it's not public yet, but it will probably be launched this week." When asked about the status of the clearnet domain, the hacker just stated that "the clearnet will come back," without providing a specific timeline. 

Notably, on May 15th, 2024, the FBI seized Breach Forums V2, apparently after apprehending two admins, one known by the moniker Baphomet. ShinyHunters told Hackread.com that they believe Baphomet may have handed up backend credentials to the FBI, resulting in the entire seizure of the forum's Escrow, as well as its dark web and clearnet domains. 

However, recent developments have taken an unexpected turn, with ShinyHunters announcement last week that they had retrieved access to the seized clearnet domain for Breach Forums from the FBI using an unspecified technique. 

Interestingly, neither the FBI nor the Department of Justice has issued a statement on the seizure or any of the linked events. While the FBI has recognised the seizure and requested victims of data breaches on Breach Forums to come forward and fill out a form to help with further investigations, official statements from authorities are still waiting. 

With ShinyHunters' revelation that they had regained access to the confiscated clearnet domain, the narrative develops, leaving many doubts regarding the forum's future and the role of law enforcement authorities. However, it is clear that Breach Forums is undergoing a huge transition. From its confiscation by the FBI to its probable resurrection with a new Onion domain, the story depicts the dangerous and strange world of cybercrime.
Read more »
South Korea
Andariel Data Breach Hacker group Military Data North Korea North Korean Hackers Ransomware group South Korea

Seoul Police Reveals: North Korean Hackers Stole South Korean Anti-Aircraft Data


South Korea: Seoul police have charged Andariel, a North Korea-based hacker group for stealing critical defense secrets from South Korea’s defense companies. Allegedly, the laundering ransomware is redirected to North Korea. One of the 1.2 terabytes of data the hackers took was information on sophisticated anti-aircraft weaponry.  

According to the Seoul Metropolitan Police Agency, the hacker group utilized servers that they had rented from a domestic server rental company to hack into dozens of South Korean organizations, including defense companies. Also, the ransomware campaign acquired ransoms from a number of private sector victim firms. 

Earlier this year, the law enforcement agency and the FBI jointly conducted an investigation to determine the scope of Andariel's hacking operations. This was prompted by reports from certain South Korean corporations regarding security problems that were believed to be the result of "a decline in corporate trust." 

Andariel Hacker Group 

In an investigation regarding the origin of Andariel, it was found that it is a subgroup of the Lazarus Group. The group has stolen up to 1.2 terabytes of data from South Korean enterprises and demanded 470 million won ($357,000) in Bitcoin as ransom from three domestic and international organizations.  

According to a study conducted by Mandiant, it was revealed that Andariel is operated by the North Korean intelligence organization Reconnaissance General Bureau, which gathers intelligence for the regime's advantage by mainly targeting international enterprises, governmental organizations, defense companies, and financial services infrastructure. 

Apparently, the ransomware group is also involved in cybercrime activities to raise funds for conducting its operation, using specially designed tools like the Maui ransomware and DTrack malware to target global businesses. In February, South Korea imposed sanctions on Andariel and other hacking groups operating in North Korea for engaging in illicit cyber operations to fund the dictatorial regime's nuclear and missile development projects.  

The threat actor has used a number of domestic and foreign crypto exchanges, like Bithumb and Binance, to launder the acquired ransom. Till now, a sum of 630,000 yuan ($89,000) has been transferred to China's K Bank in Liaoning Province. The hackers proceeded to redirect the laundered money from the K Bank branch to a location close to the North Korea-China border. 

Seoul police noted that they have seized the domestic servers and virtual asset exchange used by Andariel to conduct their campaigns. Also, the owner of the account, that was used in transferring the ransom, has been detained. 

"The Security Investigation Support Department of the Seoul Metropolitan Police Agency is actively conducting joint investigations with related agencies such as the U.S. FBI regarding the overseas attacks, victims and people involved in this incident, while continuing to investigate additional cases of damage and the possibility of similar hacking attempts," the agency said.

The police have warned businesses of the threat actor and have advised them to boost their cybersecurity and update security software to the latest versions. It has also been advised to organizations to encrypt any critical data, in order to mitigate any future attack. 

Moreover, police are planning to investigate server rental companies to verify their subscribers’ identities and to ensure that the servers have not been used in any cybercrime activity.  

Read more »
Ukraine
Anonymous Cyber Security CyberWar DDOS Attack Government Sites Group-IB Hacker group Russia Ukraine

Expert Opinion: The Consequences of the War of the Hacker Group Anonymous against Russia

 

Anonymous hacktivists announced on Twitter about the beginning of the war with Russia because of the special operation in Ukraine. The group is known for its massive DDoS attacks, declassification of government documents, and hacking of politicians' accounts. Information security experts told how Anonymous can harm Russia. 


Information security experts are confident that a real threat may be hiding behind the Anonymous statement. "Government websites, government online services such as Gosuslugi, email, social media accounts of politicians, websites and IT infrastructure of state banks and defense companies can be attacked", said Sergey Nenakhov, head of the information security audit department of Infosecurity a Softline Company. 

According to him, this community has repeatedly manifested itself earlier in hacktivism, hacking government websites, e-mails of politicians from different countries. They also manifested themselves in the online fight against the Islamic State organization (it is banned in Russia), obtaining and publishing information about members of the terrorist organization. 

Group-IB noted that the danger lies in the fact that other groups, including pro-state hacker groups targeting critical infrastructure facilities, may operate under the guise of Anonymous. 
"As for Anonymous, they act as follows: first, in public communities, for example, on Twitter, they call for attacks on certain organizations as part of a particular campaign. In order for users to easily identify these attacks, they usually use special hashtags for each event and the hashtag Anonymous. These campaigns can be joined by young hackers without professional skills and abilities. However, the strength of such actions lies precisely in the mass character of hacktivists," the company explained.

Fedor Dbar, commercial director of Security Code, believes that much will depend on whom the group will carry out the attacks. "The most serious consequences could be caused by attacks on critical information infrastructure (CII) facilities, but it cannot be said that tomorrow we will be left without electricity or electricity."
Read more »
United States
Carding Cyber Crime Group-IB Hacker group Russia Russian Hacker The Infraud Organization United States

Suspected Founder of Hacker Group The Infraud Organization Arrested in Moscow

 

It became known that Russia will not extradite the possible leader of the hacker group The Infraud Organization to the United States. Russian FSB officers and Russian law enforcement agencies, with the assistance of US law enforcement agencies, detained four members of the hacker group The Infraud Organization on January 22. Prior to that, the alleged founder Andrei Novak was put on the wanted list in the United States on charges of cyber fraud. 

According to the FSB, Novak has been arrested, and three other alleged hackers have been placed under house arrest. The investigation continues to identify other members of The Infraud Organization. The detained members of the group are accused of illegal access to computer information and illegal turnover of payment funds. 

Russia has no plans to extradite Andrei Novak, the possible leader of the international hacker group The Infraud Organization, to the United States. Thus, Russian law prohibits the extradition of citizens of one's own country to a foreign state. 

It is noted that if among the detained members of the organization there is a person without Russian citizenship, then after the investigation of a criminal case in Russia and the trial he will be extradited to the country where the case was opened against him. 

It is worth noting that in February 2018, it was reported that law enforcement officers detained 13 persons in the United States accused of involvement in a criminal scheme, the damage from which amounted to at least $530 million. In total, 36 people have been charged, and one Russian, Andrei Novak, was included in this list. 

The detained 13 people are citizens of the United States, Australia, Great Britain, France, Italy, and Serbia. The criminal group was organized by a citizen of Ukraine in 2010. 

The company Group-IB, which in Russia is engaged in the investigation and prevention of cybercrime (its founder Ilya Sachkov was arrested in Russia on charges of treason), said at the time that the defendants were not an organized group, but united on hacker sites solely to carry out attacks. Group-IB suggested that their main field of activity could be carding. In addition, cybercriminals could manage cardershops (sites for the sale of bank cards), sell accounts and accounts.
Read more »
Russia
Cyber Crime Cyber Crime Report Hacker group REvil Hacker group Russia

REvil hacker group activity stopped in Russia

The Federal Security Service of Russia stopped the activities of the hacker group REvil, which was engaged in the theft of money using malware.

The operation was carried out in cooperation with the Investigative Department of the Ministry of Internal Affairs throughout Russia. According to the FSB, hackers developed malicious software, organized the theft of money from foreign bank accounts, and cashed them, including by purchasing expensive goods on the Internet.

"The appeal of the competent US authorities served as the basis for the search activities that reported the leader of the criminal community and his involvement in encroachments on the information resources of foreign high-tech companies," the FSB said.

The FSB of Russia has established the full composition of the REvil criminal community and the involvement of its members in the illegal turnover of payment funds, documentation of illegal activities has been carried out.

REvil has ceased to exist. According to the FSB, at 25 addresses of the places of residence of 14 members of the organized criminal community, over 426 million rubles ($5.5 million) were seized, including in cryptocurrency, $600 thousand, €500 thousand, as well as computer equipment, crypto wallets used to commit crimes, 20 premium cars purchased with funds obtained by criminal means.

"As a result of the joint actions of the FSB and the Ministry of Internal Affairs of Russia, the organized criminal community has ceased to exist, the information infrastructure used for criminal purposes has been neutralized. Representatives of the competent US authorities have been informed about the results of the operation," the FSB reported.

The REvil group is considered one of the most active hacker groups in the world. It has committed several major attacks, including against Apple and the Texas government.

It is worth noting that in the summer of 2021, according to The New York Times, after a conversation about REvil, which took place between US President Joe Biden and Russian leader Vladimir Putin at a summit in Switzerland, hackers disappeared from the darknet. Then the American president called on the Russian Federation to take measures to suppress the activities of cyber criminals operating on its territory.


Read more »
North Korean Hackers
Cyber Crime Hacker group Hacker group Kimsuky North Korean Hackers

North Korean hacker group Kimsuky started attacking Russian political scientists

The American cybersecurity company Proofpoint has discovered that the Kimsuky hacker group, presumably from North Korea, is attacking Russian scientists, foreign policy experts, and non-governmental organizations that deal with various issues of interaction with the DPRK.

It follows from the company's research that hackers send phishing emails to Korean experts on behalf of well-known experts in the Russian Federation.

Alexey Pavlov, Business Development Director of the center for countering cyberattacks Solar JSOC Rostelecom-Solar, explained that the letters contain a link, upon clicking on which the user sees a window for entering a login and password. This is similar to a Windows pop-up window for password-protected network resources. According to the attackers' plan, the victim must enter his credentials. Since the unsecured HTTP protocol is used, hackers get the credentials in cleartext.

The Proofpoint study provides an example of such a letter in Russian, allegedly on behalf of the Executive director of the National Committee for BRICS Research, Georgy Toloraya. “Mass mailings are being sent from fake addresses opened in my name,” he confirmed, adding that the signature was copied from old letters.

"Positive Technologies specialists recorded Kimsuky attacks using Korean themes in August," says Denis Kuvshinov, head of the company's threat research department.

According to Group-IB experts, over the past year, Kimsuky has been quite active in conducting cyber espionage operations not only against South Korea but also countries that support it.

The group has been carrying out thematic attacks since 2018. In 2020, it attacked Russian military and industrial organizations.

Experts believe that Kimsuky will try to purposefully extract valuable documents from specific officials and employees of research organizations. Kimsuky can connect infected computers to a botnet or steal access to crypto wallets.

Read more »
Russian Cyber Security
Cyber Crime Hacker group Russia Russian Cyber Security

Hacker group RedCurl attacked a large Russian online store

Commercial espionage remains a rare phenomenon, but the success of this group can set a new trend.

The cybersecurity company Group-IB has discovered traces of new attacks by RedCurl hackers engaged in commercial espionage and theft of corporate documentation from companies from various industries. This time, the victim of the group was a Russian retailer, one of the top 20 largest online stores in Russia.

The company notes that it discovered a new Russian-speaking group last year, in the period from 2018 to 2020, it carried out 26 attacks, 14 victim organizations from different countries were identified. Among the hackers' targets are construction, financial, consulting companies, retailers, banks and insurance, legal organizations located in Russia, Ukraine, the UK, Germany, Canada, and Norway. In 2021, the attacks resumed.

According to experts, commercial espionage remains a rare phenomenon, but the success of this group can set a new trend. The company's specialists noted that since the beginning of 2021, 4 attacks have been recorded.

A feature of the group is the sending of phishing emails to different departments of the organization on behalf of the HR team. After a computer is infected, information about the victim's infrastructure begins to be collected on the organization's network; criminals are interested in the version and name of the infected system, the list of network and logical drives, and the list of passwords.

Experts note that the actions and methods of RedCurl are unique for Russian-speaking hackers, for example, from the moment of infection to data theft, it takes from 2 to 6 months. The group does not use standard means of remote control of compromised devices. Infection, attachment to an infected device, promotion on the network, and theft of documents are carried using self-written and several public tools.

The group does not encrypt the infrastructure of the victim company, does not withdraw money from accounts, and does not demand a ransom for stolen data. This may indicate that hackers are rewarded from other sources, and their goal is to secretly extract valuable information. According to the company, RedCurl is interested in business correspondence, personal files of employees, documentation on various legal entities, and court cases.


Read more »
Russian Hackers
Cyber Attacks Hacker group Microsoft Russian Hackers

Microsoft reported thousands of cyberattacks by the Russian hacker group

Microsoft has announced the activation of the Nobelium cyber group, which attacked the American software developer SolarWinds more than a year ago and gained access to US government data.

Microsoft has reported that a hacker group allegedly linked to Russian intelligence has significantly intensified its activities in recent months. From the beginning of July to mid-October, the hacker group carried out 22.9 thousand cyber attacks on 609 companies.

However, Russian experts do not agree at all with Microsoft representatives. So, Alexey Lukatsky, Cisco information security consultant, said that no one has shown evidence that hackers from Russia are behind the Nobelium hacker group.
According to him, if an attack is carried out from Russian IP addresses and code fragments have previously been attributed to Russian hackers (often also without evidence), experts conclude that Russians are behind the attack.
“It is now fashionable to accuse Russia of cyber attacks, as some countries allocate large budgets to increase the level of protection against cyber attacks and some companies believe that it is easy to get them to fight a known enemy,” said Lukatsky.

Anastasia Tikhonova, head of the Threat Intelligence Group-IB complex threat research group, also believes that there is no clear evidence that Russian hackers are behind the activities of the Dark Halo (Nobelium) group.
“No tactics, techniques and procedures that could prove intersections between the actions of Dark Halo (Nobelium) and another well-known group of attackers were presented, except perhaps a comparison of the Sunburst backdoor used by Dark Halo (Nobelium) with the Kazuar RAT, which is used by hackers of the Turla group,” added she. 

Sergey Nenakhov, Head of the Information Security Audit Department at Infosecurity, agrees with Tikhonova and Lukatsky. According to him, in order to draw conclusions about the involvement of a particular group of hackers in the attack, companies must have access to a large amount of telemetry data that can be collected by a very limited number of them. Microsoft, as a major player, can afford such an investigation, but it is unclear how independent this company is from political interference, Nenakhov said.
Read more »
Russian Hackers
Hacker group OldGremlin Hacker Group Russia Russian Cyber Security Russian Hackers

Russian-speaking hackers attacked Russian companies and demanded ransom

Group-IB recorded a successful attack by the criminal group OldGremlin on a Russian medical company. The attackers completely encrypted its corporate network and demanded a ransom of $50,000.

Russian-speaking hackers from the OldGremlin group attacked several Russian companies, despite the ban: among cybercriminals, there is an unspoken rule "do not work on RU".

According to experts, since the spring of 2020, hackers from OldGremlin have conducted at least nine attacks on Russian companies. It is noted that they send malicious emails allegedly on behalf of the Russian media holding RBC, the Russian metallurgical holding, the Minsk Tractor Plant, the Union of microfinance organizations and other individuals and enterprises. Under various pretexts, attackers are asked to click on the link and download the file. After trying to open it on the victim's computer, the backdoor malware TinyPosh runs.

This time a large Russian medical company became the victim of the criminals. After gaining access to the computer of one of the employees, they deleted the organization's backups, and also spread the TinyCrypton ransomware virus on the computers of the employees. As a result of their actions, the work of regional branches of the medical company was stopped. Then the hackers demanded a ransom: they wanted to get 50 thousand dollars in cryptocurrency for restoring access.

"The lack of a strong communication channel between organizations that resist cybercrime, as well as the difficult political situation, lead to the emergence of new criminal groups that feel safe," said Rustam Mirkasymov, head of the dynamic analysis of malicious code at Group-IB. The expert also stressed that businesses often underestimate the threats posed by cybercriminals, and do not use the necessary means of protection. 

Read more »
lazarus
Crypto Currency cyber attack Cyber Attacks Hacker group lazarus

Kaspersky Lab reports North Korean Hacker group Lazarus stealing cryptocurrencies using the Telegram messenger


A group of hackers calling themselves Lazarus modified their previous scheme to steal cryptocurrency which was used in 2018. Hackers use more effective tactics and act more carefully. According to Kaspersky Lab, now, not only users of the macOS operating system are at risk but also users of Windows.

Presumably, Lazarus hackers use malware that runs in memory and not on hard drives allowing it to remain undetected. The researchers believe that the group uses Telegram to spread the virus.

The new Lazarus attack was named Operation APpleJeus Sequel, which follows APpleJeus attack conducted in 2018. Principle of cryptocurrency theft remains the same as before: fake cryptocurrency companies are used to attract investors. The websites of these companies contain links to fraudulent

Telegram trading groups, through which malware that infects Windows computers is distributed.
Once the system is infected, attackers can gain remote access to it and steal the cryptocurrencies stored on the device. So far, researchers have been able to identify many victims of the new fraud across Europe and in China. A representative of Kaspersky Lab reports that it is known about the victims from Russia, China, Poland and the UK. At the same time, they include both individual traders and companies whose activities are related to cryptocurrency.

Kaspersky noted that currently, hackers from Lazarus have suspended their campaign using the messenger, but researchers suggested that in the future, attackers will use even more advanced methods.

Earlier, a closed UN report reported that North Korea finances the development of weapons through digital and Fiat currencies stolen from banks and cryptocurrency exchanges. Last fall, Group-IB said that a North Korean group of hackers stole $571 million in cryptocurrencies.
Read more »
Hacker group
cyber attack Cyber Attacks Hacker group

Group-IB reported on the five hacker groups threatening to Russian banks


The main hacker groups threatening Russian banks are Cobalt, Silence, MoneyTaker, Lazarus and SilentCards. They can hack a Bank, reach isolated financial systems and withdraw funds, said Ilya Sachkov, CEO and founder of Group-IB, a company specializing in preventing cyber attacks.

At the same time, hacker groups are shifting their focus from Russia to other countries.

According to the founder of Group-IB, "it is curious that three of the five groups (Cobalt, Silence, MoneyTaker) are Russian-speaking, but over the last year Cobalt and Silence began to attack banks mainly outside Russia".

"For example, Silence began its activities in Russia, but gradually shifted its focus to the CIS, and then entered the international market. Group-IB analysts have detected Silence attacks in more than 30 countries in Europe, Asia and the CIS for the current year," said Sachkov.

According to him, the pro-government hackers of developed countries are the most dangerous, since their activity is less noticeable, while they have a better arsenal for carrying out attacks.

"Our last year's forecast came true. The number of targeted attacks aimed at espionage, sabotage or obtaining direct financial benefits has grown significantly. So-called "digital weapons" or cyberweapons, which can stop production processes and disable networks of critical infrastructure and large commercial enterprises, are actively used. This is a serious problem. The number of cyber attacks will increase and it will be more difficult to resist them, " added Sachkov.

The head of the company Group-IB also said that cybercriminals began to use a new method of stealing money from Bank customers by installing remote access programs on smartphones. The monthly losses of large banks from this type of fraud can reach 6-10 million rubles.

He noted that the Secure Bank system monthly records of more than 1 thousand attempts to steal money from the accounts of individuals using this scheme.

Earlier it was reported about a new way of stealing from Bank cards. Hackers pose as Bank employees using the technology to substitute phone numbers.
Read more »
iPhone Hacks
Apple Charging Cables. Computer Hacking Hacker group Hackers iPhone iPhone Hacks

These legit looking iPhone cables allow hackers to take charge of your computer

When they said you should be wary of third-party accessories and unbranded cables for charging your smartphone, they were serious. And the latest example of what a cable that isn’t original can do, should be enough to scare you. There is apparently a Lightning Cable that looks just as harmless as an iPhone cable should. But it has a nasty trick up its sleeve, which allows a hacker to take control of your computer, the moment you plug this in to the USB port. This cable has been dubbed the OMGCable.

A security researcher with the Twitter handle @_MG_ took a typical USB to Lightning cable and added a Wi-Fi implant to it. The moment this gets plugged into the USB port on a PC, a hacker sitting nearby with access to the Wi-Fi module hidden inside the cable can run a malicious code and take charge of a PC or remotely access data without the user even noticing.

“This specific Lightning cable allows for cross-platform attack payloads, and the implant I have created is easily adapted to other USB cable types. Apple just happens to be the most difficult to implant, so it was a good proof of capabilities,” said MG, as reported by the TechCrunch website.

The thing with phone charging cables is that no one really gives them a second look. You see one, you plug it in and you let it be. At the same time, a lot of users are wary about using USB drives, also known as pen drives or thumb drives, because they are popular as carriers of malware and viruses that can pretty much ruin your PC.
Read more »
supply chain attacks
Chinese Hackers Hacker group Hacking News supply chain attacks

A Hacker Group, 'Barium' on a Supply Chain Hijacking Spree



One of the most fatal forms of hacking is a software supply chain attack as it involves illicitly accessing a developer's network and placing the malicious code into the software updates and applications that users consider and trust the most.

In a single attempt, supply chain hackers can potentially place their ransomware onto thousands or millions of computer systems, they can do so without even a single trace of malicious activity. With time, this trick has gained a lot of traction and has become more advanced and difficult to be identified. Supply chain attacks follow a similar pattern and have been used by the associated companies as their core tool.

Basically, supply chain attacks exploit various software dissemination channels and over the last three years, these attacks have been majorly linked to a group of Chinese hackers. Reportedly, they are popularly known as ShadowHammer, Barium, Wicked Panda and ShadowPad, the name varies along with the security firms.

The trick demonstrates the massive potential of ShadowHammer to destroy computer systems on a large scale along with exploiting vulnerabilities present in a fundamental model which governs the code employed by users on their systems, such destructive ability possessed by Barium is a matter of great concern for security researchers.

Referencing from the statements given by Vitaly Kamluk, the director of the Asia research team for security firm Kaspersky, "They're poisoning trusted mechanisms," "they’re the champions of this. With the number of companies they’ve breached, I don’t think any other groups are comparable to these guys."

"When they abuse this mechanism, they’re undermining trust in the core, foundational mechanisms for verifying the integrity of your system,"

"This is much more important and has a bigger impact than regular exploitation of security vulnerabilities or phishing or other types of attacks. People are going to stop trusting legitimate software updates and software vendors."

On being asked, Marc-Etienne Léveillé, a security researcher, said, "In terms of scale, this is now the group that is most proficient in supply chain attacks,"

"We’ve never seen anything like this before. It’s scay because they have control over a very large number of machines

"If [Barium] had deployed a ransomware worm like that through one of these attacks, it would be a far more devastating attack than NotPetya," said another expert on the matter.






Read more »
WADA
Hacker group Olympics Russian Hacker WADA

Russia-linked hackers Fancy Bears leak data from International Luge Federation

A Russia-linked hacker group called “Fancy Bears” released a statement on Wednesday claiming to have leaked emails and documents that demonstrate violations of anti-doping rules, just two weeks before Winter Olympics 2018.

“The obtained documents of the International Luge Federation (FIL) show the violations of the principles of fair play: widespread TUE approvals, missed anti-doping tests and the double standards approach towards guilty athletes,” read the report.

This is the same group that was implicated in the 2016 Democratic National Committee (DNC) hack, and is also known by the names “Pawn Storm” or “APT 28”.

This is believed to be in response to Russia’s ban from the 2018 Winter Olympics following the controversy in the 2016 games where the same group is believed to have been responsible for the hack that leaked sensitive athlete data stolen from the World Anti-Doping Agency (WADA), which too was in response to the organization’s recommendation to ban Russian athletes from the 2016 games in Rio over allegations of state-sponsored doping.

The hacking group’s “About Us” on their website reads, “We are going to tell you how Olympic medals are won. We hacked World Anti-Doping Agency databases and we were shocked with what we saw.”
Read more »
Indian Hackers
Defaced Website Hacker group Indian Cyber Devils Indian Hackers

China Bank Network Website Defaced By Indian Cyb3r D3V!LS


Indian Hacker group named "Indian Cyb3r D3V!LS" has hacked into the China Bank website and defaced the main page of the website(www.bbyinhang.com).

The Bibi bank network independent website, co-founded by a number of financial professionals committed to universal access to financial expertise to help the general public understand the products and services provided by banks, to cultivate rational, smart and confident consumers of financial.

The hacker claimed to have breached the site by exploiting the Remote File Inclusion (RFI) vulnerability.

Hackers claimed to have compromised around 1000 credit card numbers but they are not going to release/misuse the details.

""Chinese Hacker defacing Many Indian government and colleges along with Pakistan hackers.  Don't mess with us we are greater than you.. no respect for your f** security.. " Hacker said.
Read more »
Security News
Hacker group Hacking News Indonesian Hacker Jember Hacker Team Security News

Indonesian President website hacked by MJL007 from Jember Hacker Team


The official website of Indonesian president,Susilo Bambang Yudhoyono , presidensby.info, has been hacked and defaced by an Indonesian Hacker group known as Jember Hacker Team(JHT) .

The site was defaced by a hacker called "MJL007" from the group with a small message reading "This is a payback From Jember Hacker Team".

Few hours after the site got breached, the Indonesian Government restored the website. At the time of writing, the website works fine.

Detik cited the Indonesian minister of communications and information, Tifatul Sembiring, as claiming that the hacker didn't really hack into the website diverting the IP address that is in the existing DNS soft layer in Texas.

The mirror of the defacement can be found here:
http://www.zone-h.org/mirror/id/18912807
Read more »
VandaTheGod
Defaced Website Hacker group Information Security News UGNazi hacker VandaTheGod

VandaTheGod hacks several Government websites


A Hacker named VandaTheGod from UGNazi hacker group, has breached several Government websites and other websites.

Recently, he hacked Ecuador government website "Technical Secretariat for Vocational Training (setec.gob.ec), Argentina govt site "Ministry of Education of the Province of Corrientes (mecc.gov.ar)", official site of Escalante City ,Philippines(escalantecity.gov.ph).

The hacked sites simply displays a text "Deface By @VandatheGod or @CosmoTheGod" with a email address of the hacker.

The hacker keep defacing more websites every minutes. He also hacked subdomain of "The International Bank for Trade and Finance(mail.ibtf.com.sy).  
Read more »
opindia
Anonymous Hackers Hacker group hacker news Indian Hackers opindia

Government of Mizoram (Dpar.mizoram.gov.in) site hacked and defaced by Anonymous

Mizoram government site hacked

Anonymous hacktivist has hacked into the Department of Personnel and Administrative Reform(DP&AR) sub domain(Dpar.mizoram.gov.in) belong to Government of Mizoram.

Mizoram  is one of the Seven Sister States listed as in North Eastern India, sharing borders with the states of Tripura, Assam, Manipur and with the neighboring countries of Bangladesh and Burma.

"This is Govt saying, they can still censor you if you speak against them. " Hacker posted the protest message in the defacement webpage.

"Free press is a myth in #India thanks to #ITAct #66A with latest modification the Govt will better control "

" The time to sit silently is gone. Call your friends and get them to protests sites"

The defaced page:
dpar.mizoram.gov.in/components/index.html

At the end of the defacement page, hackers mentioned  that the website is full of malware even before they hacked into the site.
Read more »
Subscribe to: Posts (Atom)