Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Source Code leak. Show all posts

Infamous Hacker IntelBroker Breaches Apple's Security, Leaks Internal Tool Source Code

 

A prominent threat actor known as IntelBroker, notorious for orchestrating several high-profile data breaches, has now set its sights on Apple.

The hacker successfully leaked the company’s source code associated with several internal tools, announcing this development through a post on the dark web.

According to reports from IntelBroker, the iPhone maker experienced a significant security breach, leading to this exposure. The threat actor claims to have obtained the source code for various internal tools, including AppleConnect SSO and AppleMacroPlugin.

While details about these tools are scarce, it is known that AppleConnect SSO is a system used for authentication, allowing employees to access specific applications within the network.

These systems are integrated with the company's database, providing a secure form of access to its resources.Within iOS, apps launched by employees can use AppleConnect SSO for login purposes, where users set up patterns instead of passcodes for easier access.

The threat actor has not provided further details, but it is speculated that this data might be for sale, although this remains unconfirmed. Importantly, such breaches are localized internally and do not affect the company’s customer data.

A source familiar with these matters noted that dark web forums have strong vetting processes to filter out scammers attempting to sell leaked content. However, IntelBroker has managed to navigate these processes and has a reputation for successfully doing so.

This group has a history of hacking attempts, including attacks on American governmental institutions and websites, demonstrating its capabilities. Apple has yet to release a statement regarding this breach and the theft of its source code.

Riot Games Hit by Data Breach

Riot Games reported last week that a social engineering attempt had infiltrated the systems in their software platform. Motherboard got the ransom note that was sent to Riot Games and reported that hackers demanded $10 million in exchange for keeping the stolen source code a secret and erasing it from their servers.

The LoL and TFT teams are investigating how to cheat developers who might exploit the data that was obtained to create new tools and evaluating whether any fixes are necessary to resist such nefarious attempts. According to the game creator, the game source code obtained during the security breach also includes certain unreleased features that might not make it to the release stage.

Hackers gave Riot Games two sizable PDFs as proof, claiming that they would demonstrate their access to Packman and the League of Legends source code. These files were also obtained by Motherboard, and they seem to display directories connected to the game's code. According to the ransom message, the hackers threatened to remove the code from their servers in exchange for payment and give insight into how the intrusion occurred and offer guidance on preventing future breaches.

The hackers indicated Riot Games could contact them through a Telegram chat, and they provided a link to that chat in the post. The motherboard has joined this channel. Its members contained usernames that corresponded to the names of Riot Games personnel.

No player or user information was taken during the attempt, as per Riot, but the company warned that it would take some time to adequately protect the systems and that patches might be delayed. The breach is the subject of an investigation by Riot Games. It appears that the attacker did not utilize ransomware but instead concentrated on stealing source code so they could demand money from the business.

Anonymous : 900,000 Emails From Russian State Media Were Leaked

 

Anonymous which has been trying to target Russia since the invasion of Ukraine has reported more attacks against critical infrastructure sectors, including one which used an "improved" version of Russian Conti ransomware, and has called for the targeting of companies for proceeding to do business in Russia after the slaughter of Ukrainian civilians in Bucha. 

More than 900,000 emails by the All-State Television and Radio Broadcasting Company were purportedly leaked by the NB65 or Network Battalion 65 group, which is linked to the famed hacker collective Anonymous (VGTRK). 

DDoSecrets, a non-profit whistleblower site for news leaks, has rendered the 786.2 GB cache accessible to the public as a torrent file after NB65 apparently shared the hacked emails with them on Monday. In this regard, Emma Best, a co-founder of DDoSecrets said, "An unprecedented expose of state-owned media and propaganda which the Russian government views crucial to the state security."

A hacker organization called NB65 has been infiltrating Russian entities, collecting private data, and exposing it online for the past month, claiming the attacks are related to Russia's occupation of Ukraine. The emails, according to the Everyday Dot, span more than 20 years of correspondence and include discussions about daily operations as well as sanctions put on Russia by many other countries in reaction to its invasion of Ukraine.

Tensor, the Russian space program Roscosmos, and VGTRK, the state-owned Russian Television and Radio broadcaster, are among the Russian organizations said to have been targeted by the hacking group. The stated theft of 786.2 GB of data, comprising 900,000 emails and 4,000 files, was released on the DDoS Secrets website following the attack on VGTRK. Since the end of March, the NB65 hackers have been using a new tactic that is attacking Russian institutions with ransomware assaults. 

Conti's source code was released after the company allied with Russia in the Ukraine invasion, and a security researcher obtained 170,000 internal chat conversations and source code for the company's operation. 

Threat analyst Tom Malka first alerted to NB65's activities but was unable to locate a ransomware sample, and the hacking gang refused to provide it. This changed when a sample of the NB65's updated Conti ransomware executable was published to VirusTotal, letting us see how it functions. 

On VirusTotal, almost all antivirus vendors identify this sample as Conti, and Intezer Analyze discovered it shares 66% of the code with other Conti ransomware samples. When encrypting files, gives NB65's malware a run for its money.

The All-Russian State Television and Radio Broadcaster (VGTRK) is Russia's largest media conglomerate, with five national television channels, two major international networks, five radio shows, and over 80 regional television and radio networks under its umbrella. The ransomware will also leave R3ADM3.txt ransom notes all over the encrypted device, with threat actors accusing President Vladimir Putin of invading Ukraine for the attacks. 

Amazon-owned Twitch Says Source Code Disclosed in Data Breach

 

Twitch, which is owned by Amazon.com Inc (AMZN.O), announced on Friday that last week's data breach at the live streaming e-sports platform includes documents from its source code. 

The streaming platform said in a statement that the users' passwords, login credentials, complete credit card numbers, or bank data were not accessed or disclosed in the breach. The platform, which is used by video gamers to communicate with users while live streaming content, attributed the breach to an issue in server configuration modification. 

During server maintenance, modifications to the server's configuration are made. A flawed configuration can allow unauthorized access to the data stored on the servers. 

Twitch said it was "confident" the incident affected only a small number of users and that it was contacting those who had been directly impacted. The platform has more than 30 million average daily visitors. 

Video Games Chronicle had reported that about 125 gigabytes of data was leaked in the breach.  Data includes details on Twitch's highest-paid video game streamers since 2019 such as a $9.6 million payout to the voice actors of the popular game "Dungeons & Dragons" and $8.4 million to Canadian streamer xQcOW. 

About the breach

On October 6, Twitch confirmed that it has suffered a major data breach and that a hacker accessed the company’s servers due to a misconfiguration change. 

A Twitch spokesperson stated on Twitter, “We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available.” 

The leaked Twitch data reportedly includes: 
  • The entirety of Twitch’s source code with commit history “going back to its early beginnings” 
  • Creator payout reports from 2019 
  • Mobile, desktop, and console Twitch clients 
  • Proprietary SDKs and internal AWS services used by Twitch 
  • “Every other property that Twitch owns” including IGDB and CurseForge 
  • An unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios 
  • Twitch internal ‘red teaming’ tools (designed to improve security by having staff pretend to be hackers) 
It is advised that Twitch users use two-factor authentication, which implies that even if the password is hacked, the user will still need to use the phone to confirm the identity via SMS or an authenticator app.

Babuk Ransomware Full Source Code Leaked On A Russia-Speaking Hacking Forum



The complete source code for the Babuk ransomware has been leaked by a threat actor on a Russian-speaking hacking forum, this week. It allows easy access to a sophisticated ransomware strain to competitors and threat actors planning to sneak into the ransomware realm with little effort. 

The full source code of Babuk ransomware posted on the hacking forum comprises all things that one would require for a functional ransomware executable. The leaked file contains "various Visual Studio Babuk ransomware projects for VMware ESXi, NAS, and Windows encryptors," as per Xiarch Security. The leak has been confirmed to be legitimate by various ransomware experts. Apparently, the leak also includes decryption keys for the gang's past victims. 

Babuk ransomware gang made certain changes into their operations as they announced they will longer encrypt information on networks, but will rather "get to you and take your data" they said on hacker-forum. "..we will notify you about it if you do not get in touch we make an announcement." They announced in advance that their source code will be publically available as Babuk changes direction and plans to shut down. "We will do something like open-source RaaS, everyone can make their own product based on our prouduct." They further told. 

In April, earlier this year, the Babuk group attacked Washington D.C police with a ransomware attack wherein they stole over 250 gigabytes of data from the Metropolitan Police Department of the District of Columbia (MPD). It included police reports, internal memos, and PII of confidential informants, and employees. Following the attack, the gang heavily criticized MPD for huge security gaps and threatened the law enforcement agency to publish the data if the ransom demand is not met. 

MPD acknowledged the unauthorized access on their server, and it started working with the FBI to investigate the matter. Meanwhile, the U.S. law enforcement agency reviewed the activity to determine the full impact of the attack. 

Post MPD attack, there are reports of strife within the group members of Babuk. The 'Admin' wished to leak the data stolen from the MPD attack for advertising, however, the other members were against the idea as they felt it was too much even for them (the bad guys). As a result, the group disintegrates and the initial 'Admin' went on to launch the 'Ramp' cybercrime forum while others began Babuk V2, where they continue carrying out ransomware attacks with little or no difference. After a while, the original admin accused his gang members of attempting to make his new site unusual by subjecting it to a series of DDoS attacks. 

"One of the developers for Babuk ransomware group, a 17 year old person from Russia, has been diagnosed with Stage-4 Lung Cancer. He has decided to leaked the ENTIRE Babuk source code for Windows, ESXI, NAS." A user going by the Twitter handle @vxunderground tweeted.

Windows Source Code leaked Online


The source code for Windows XP SP1 was leaked online today as a torrent. The person behind the leak claims he spent two months collecting the 43GB source code and leaked it today on the 4chan forum as a torrent.

The leaked file contains not only Windows XPs code but also Windows Server 2003 and other older versions. 

 Files in the torrent include:
  •  MS-DOS 3.30
  •  MS-DOS 6.0
  •  Windows 2000
  •  Windows CE 3
  •  Windows CE 4
  •  Windows CE 5 
  • Windows Embedded 7
  •  Windows Embedded CE 
  • Windows NT 3.5 
  • Windows NT 4

The torrent file also contains some videos regarding conspiracy theories about Bill Gates. There's also a smaller zip version of the file containing just the source code is being distributed over the Internet. 

Microsoft has yet to say anything on the matter publicly but Bleepingcomputer.com asked the tech giant and they said they "are investigating the matter". Apparently, this is not the first time a source code of Microsoft was leaked- the alleged to leak the source code claims that the Windows XP code had been with hackers for years now but never publicly shared until now.

 "The source code for Windows 10 internal builds was leaked online in 2017, and just recently Microsoft private GitHub repository was hacked and private projects leaked", reports Bleepingcomputer.com. 
Does the leak raises security issues? 

Even though Windows XP was released 20 years ago, if any code is used in the present versions of Windows then it could very well be threatening. With the source code, it becomes easier to know how the Windows is run and if a big issue exists in XP and the same code is used in Windows 10, then hackers could exploit this vulnerability.

Then again, released source code could give birth to replicas but for some enthusiasts, it might just be a way to learn more about Microsoft Windows All in all, the risk is low but extant.