Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label System Hack. Show all posts

Atomic Wallet Hit by North Korean Hackers

 

According to a recent blog post by Elliptic, a blockchain intelligence firm, users of Atomic Wallet may have been targeted by Lazarus, the notorious hacking group from North Korea. The post highlights that Atomic Wallet users could have potentially become victims of Lazarus. 

Group-IB, a cybersecurity firm, has released a report indicating that Lazarus, the notorious hacking group is allegedly behind various notable cryptocurrency thefts. Notably, the report links Lazarus to the infamous 2018 Coincheck hack, recognized as one of the largest cryptocurrency heists in history, where more than $500 million worth of digital currency was lost. 

On an early Saturday morning, the developers of Atomic, a non-custodial cryptocurrency wallet, disclosed that certain users had experienced security breaches resulting in the loss of funds from their wallets. The company clarified that the affected users constituted less than 1% of their "monthly active users." This announcement came in response to numerous Reddit posts where users expressed grievances about their depleted wallets. 

A claim made by a blockchain investigator named ZachXBT suggests that the recent security breach involving Atomic Wallet resulted in the unauthorized acquisition of users' digital assets. The stolen cryptocurrencies allegedly encompass bitcoin (BTC), ether (ETH), tether (USDT), dogecoin (DOGE), litecoin (LTC), BNB coin (BNB), polygon (MATIC), and USDT based on Tron. It is estimated that this incident has led to a financial impact of approximately $35 million. However, it is important to note that the credibility of ZachXBT's claim is unverified and should be treated with caution.

Atomic Wallet vulnerabilities highlighted by Least Authority: 

• Inadequate cryptography implementation 
• Insufficient adherence to wallet design best practices 
• Lack of comprehensive project documentation 
• Improper use of the Electron framework 

Insights from Hacken's CEO, Dyma Budorin: 

• Potential vulnerability in the generation of recovery phrases, making them susceptible to brute-force attacks 
• Possibility of mathematical derivation of private keys from Bitcoin blockchain data, as outlined in a recent research paper 
• Identification of an outdated and vulnerable dependency in the Android version of Atomic Wallet, specifically related to transaction signing 

Impact of the security breach: 

• Unauthorized access to users' funds 
• Potential theft of funds due to the identified vulnerabilities in Atomic Wallet 

Furthermore, the CEO of Atomic declined to provide any insights into the potential cause of the hack when he was approached for comment. However, Gladych investigative firm mentioned that a portion of the stolen funds has been identified on exchanges and subsequently frozen or blocked as a precautionary measure.

The Ransomware Gang Targets University Alert Systems

 


"RamAlert," an emergency broadcast system used by Bluefield University to communicate with its students and staff, has been hijacked by the Avos ransomware gang. The gang sent SMS texts and emails informing them that their data had been stolen and was in the process of being released. With more than 900 students and a small campus in Bluefield, Virginia, Bluefield is a private university.

In a recent announcement, a university in the Virginia area advises students to be cautious of texts received via the school's mass alert system. This was in response to a ransomware group alerting the entire campus that a cyberattack is taking place. 

It was announced on Sunday that Bluefield University, a private Baptist school in Bluefield, Virginia that serves approximately 1,000 students, had shut down its systems for an unknown period as a result of a recent cyber-attack and that their systems would remain down for an unknown period. 

According to hacker messages posted on Bluefield University's RamAlert, an app that sends text and email messages to students and faculty during school emergencies, hackers send a series of messages urging them to go over to the university's president and state their concerns. 

Students and faculty members of Bluefield University were informed of a cyberattack that took place on April 30. This attack affected their IT systems and personal information. Faculty and staff had access to most university apps and websites before the incident. As a result, no evidence of identity theft or financial fraud had been reported to the University at that time. 

Avos ransomware gang hijacked the university's emergency broadcast system, RamAlert, on May 1 in an attempted takeover of the system that is used for emergency broadcasts. It was done to inform students and faculty of data theft using texts and emails.  

Bluefield University filed a police report on Tuesday alleging that a ransomware group had used the RamAlert system used by the university to send threatening messages to all students and staff members.

If the university's president refused to pay the ransom demanded by the ransomware group, the ransomware group threatened to continue disrupting the university. 

Brett Callow shared the news on Twitter revealing that the hacker has approximately 1.2 TB of Bluefield's data. This is according to a message sent to Bluefield's student body and staff. Bluefield's president received an email alert from the hackers informing him to pay the full ransom demanded by them. The hackers instructed students and staff to pressure him to do so.  

In addition, Avos Ransomware Gang's final message, or AvosLocker, implored the recipients of this malware to share the information they obtained with news outlets. This was to protect their data from exposure to the dark web. There was also an additional message which read, "Call President David Olive and tell him to pay us as soon as possible otherwise, prepare for attacks." 

It is worthwhile to remember, however, that the group's goal is to leak samples of stolen data. In addition, it provides a link where users can find stolen data. 

The school announced on Tuesday acknowledging that the RamAlert system had been hacked. However, it warns students not to click on any links provided by hackers and urges them not to click on emails. 

Due to the sudden change in time and the school's inability to hold final exams on Monday, they were postponed and pushed back one day. They were held on Tuesday, Wednesday, and Thursday rather than Monday. School systems, including email, remain unavailable at this time. 

Bluefield School officials have sent an email to all students and staff advising them not to open or transmit any links to their school accounts. These links have been sent to them. Several school systems in the area were still unavailable until a couple of days before the university's final exams, which were held in May. 

It is not clear whether or not the university will consider paying the hackers, according to the spokesperson for the university.   

From double extortion to triple extortion, ransomware groups have used a variety of methods to raise the stakes of their attacks on their victims. The school can accomplish this by emailing its customers, calling its partners, contacting the competition, and setting up portals with a search feature on them. This will enable it to discover data leaks. 

Bluefield University was attacked by the ransomware gang known as AvosLocker, which is known for speaking Russian on underground forums. In forums such as these, a user called "Avos" has been seen recruiting hackers regularly, many of whom end up working on behalf of the organization. 

A leak site maintained by the group has a list of victims from around the world that had been attacked by the group for several years. There has been an advisory published by the Federal Bureau of Investigation in the United States regarding the threat of AvosLocker. In addition to details about how the group operated in the past, recommendations on how to mitigate attacks are also included in the report.

MSI Acknowledges Security Breach Following Ransomware Attack Allegations

 

MSI (short for Micro-Star International), a Taiwanese PC vendor, revealed today that its network had been compromised in a cyberattack in response to claims of a ransomware attack. 

The Money Message ransomware group earlier this week claimed to have infiltrated part of MSI's systems and taken files that will be released online the following week if the business declines to pay a $4 million ransom. 

MSI disclosed that particular sections of its information service systems had been impacted by a cyberattack that had been notified to the appropriate authorities in a Friday filing with Taiwan's Stock Exchange (TWSE), which was first noticed by PCMag. 

"After detecting some information systems being attacked by hackers, MSI's IT department has initiated information security defense mechanisms and recovery procedures. The Company also has reported [sic] the anomaly to the relevant government authorities," MSI stated.

No information was provided by the company regarding the attack's time frame, if any of the compromised systems were encrypted, or whether the attackers stole any client or corporate data as a result of the event. 

Nevertheless, MSI did claim that the cyberattack had no "significant" operational or monetary effects and that security upgrades had been put in place to guarantee the protection of data held on the compromised systems.

"No significant impact on our business in terms of financial and operational currently. The Company is also enhancing the information security control measures of its network and infrastructure to ensure data security," the company added. 

On Friday, MSI also released a statement cautioning users to make sure they only download BIOS and firmware upgrades from legitimate websites. 

"MSI urges users to obtain firmware/BIOS updates only from its official website, and not to use files from sources other than the official website," the company concluded. 

After learning that the organisation may have been involved in the hack of a well-known computer hardware provider, BleepingComputer published the first report on the Money Message ransomware operation's activities last weekend.

In conversations between the ransomware gang and an MSI representative that BleepingComputer was able to observe, the threat actors wanted a $4,000,000 ransom in exchange for access to what they claimed to have stolen from MSI's network, amounting to about 1.5 TB of data.

If MSI doesn't pay the demanded ransom, Money Message now threatens to release the purportedly stolen files sometime next week. The threat actors have added MSI to their list of companies whose data they are leaking, although they have only so far shared screenshots of what they claim are the PC manufacturer's Enterprise Resource Planning (ERP) databases and files with software source code, secret keys, and BIOS firmware.