With multiple vulnerabilities, exploited in the wild, April continued to see the rising cybersecurity risk posed by nation-state actors.
Cybersecurity experts saw:
- an espionage campaign on Cisco firewall products;
- the continued exploitation of Ivanti flaws;
- just how much Akira ransomware has extorted from victims.
On the other hand, after a year-long Europol investigation, the largest phishing-as-a-service platform was shut down. As well:
- Google filed a lawsuit against fake investment apps;
- Samourai Wallet founders were charged;
- OneCoin’s head of legal was sentenced.
Read on to discover the latest news in the cybersecurity space!
Cybercrime Breaking News
“ArcaneDoor” – a said espionage campaign, carried out by nation-states – is targeting Cisco firewall products, using its Adaptive Security Appliance (ASA). Cisco also alerted that one of its multifactor authentication (MFA) service providers, Duo, was breached by hackers.
Earlier last month, Google-owned security company, Mandiant, warned about hackers continuing to exploit vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. One of the hackers, which Mandiant assessed with “medium confidence”, is said to be the China-based hacking group Volt Typhoon, which has been targeting the US energy and defense sector.
A new CISA, FBI, Europol, and Netherlands’ National Cyber Security Centre report highlights how malicious actors disseminating Akira ransomware have extorted around $42 million.
Omni Hotels & Resorts confirmed a cyber attack on its systems happened at the end of March.
Targus – technology accessory manufacturer – operations were disrupted due to a cyber attack.
Frontier Communications, a telecom company, shut down some of its operations due to a cyber attack.
Hacker “IntelBroker” claims to have accessed federal agencies’ data, (from the State Department, Defense Department, and National Security Agency) by hacking technology consulting firm Acuity.
Greylock McKinnon Associates, a consulting firm that provides services for the Department of Justice, fell victim to a cyber attack. The personal data of 341,000 may have been leaked.
Researchers:
- Revealed how a botnet, operated by Romanian hacker group, RUBYCARE, has been active in the last decade.
- Find four new vulnerabilities, affecting LG TVs software (LG WebOS versions four through seven).
- Disclose around 30 phishing websites, posing as genuine E-ZPass ones. The news comes as the FBI releases information about how the agency has received +2K complaints about smishing texts, pretending to be from the road toll collection services.
Cyberwar between Russia and Ukraine: Updates
Ukraine’s state security service said it’s building a case against the hackers, who targeted the country’s biggest telecom operator, Kyivstar, to be presented at the International Criminal Court in The Hague.
Germany’s defense minister, Boris Pistorius, announced that a cyber branch will be implemented, as part of the country’s military restructuring. The branch aims to protect against cyber threats from Russia, targeting NATO state members.
The Ukrainian military sent awards to One Fist – a team of hackers, across the globe, who have stolen data from Russian military organizations and spied on troops via hacked cameras.
Hacktivists RGB-TEAM claimed to have hacked Russia’s prosecutor general website and obtained Russian criminal records from the past 30 years (between 1993 and 2022).
Cybersecurity Justice
Europol and law enforcement from 19 countries shut down the largest phishing-as-a-service platform, LabHost. The year-long investigation uncovered at least 40 000 phishing domains linked to LabHost’s 10 000 users.
The hacker, who breached a Finnish psychotherapy center, is sentenced to over six years in prison.
FinTech Updates
LockBit claimed to have hacked the D.C. Department of Insurance, Securities and Banking (DISB) and stolen 800GB of data.
Court convicts trader, behind $110 million theft from cryptocurrency exchange platform Mango Market.
Two individuals, behind an alleged scheme to distribute the Hive RAT trojan, have been arrested in the US and Australia.
The Department of Justice unsealed an indictment against a perpetrator believed to have carried out a cryptojacking scheme, during which he stole more than $3.5 million worth of computing resources from two cloud computing services.
Russia charged six believed hackers, who are said to be behind the theft of 160,000 credit cards from international digital stores.
Cybersecurity News Across The Globe
- One of the biggest lenses and optical gear manufacturers’, Japan-based Hoya Corporation, production may have been affected due to an “IT system incident”.
- Hacktivists, Belarusian Cyber-Partisans, claimed to have breached the country’s largest fertilizer manufacturer for its supposed role in political repression.
- A German database company’s, GBI Genios, operations were affected by a ransomware attack.
This month, AMATAS was recognized by HeartCount as a “High Team Satisfaction” achiever and top performer in seven categories (team satisfaction, well-being, feedback, output, allegiance, relationship, and delight).
AMATAS will continue to monitor this space and deliver salient information regularly.
Stay tuned for our next report and if you are interested in any of our privacy and cybersecurity services, please do reach out through our website www.amatas.com or by e-mailing office@amatas.com.
As always – be vigilant, stay alert, and think twice.