August brought significant updates in cybersecurity, revealing both escalating threats and crucial advancements.
This month’s edition of AMATAS’s Cyber Threat Report continues to reflect the current challenges and responses within the industry.
In breaking cyber news, discover more about:
- The reported breach in internal communications of the Trump campaign.
- Telegram’s CEO was arrested by national cybercrime agencies.
- The major cyber attack on semiconductor manufacturer Microchip Technology.
- Researchers disclose eight crucial vulnerabilities in Microsoft apps.
In justice-related updates, we’ll reveal:
- Largest BEC scam recovery in Singapore’s history.
- NIST’s post-quantum cryptography standards have been formalized.
- The returned $12 million that was previously stolen from the Ronin Network.
- Radar/Dispossessor Ransomware gang dismantled.
Stay informed with our latest newsletter as we explore these critical developments and more.
Cybercrime Breaking News
The Trump campaign reported that its internal communications were hacked, allegedly by Iranian operatives, and the FBI is investigating the incident. This comes after Microsoft revealed that Iranian hackers targeted a U.S. presidential campaign in June. Iranian officials denied involvement, and the FBI is also looking into potential targeting of the Biden-Harris campaign.
The FBI, CISA, and the Department of Defense Cyber Crime Center issued a joint advisory warning that Iran-based cyber actors, affiliated with the Iranian government, are collaborating with ransomware groups to target organizations in the U.S., Israel, Azerbaijan, and the UAE in the education, finance, healthcare, defense, and local governments sectors.
Telegram’s founder was arrested and is under investigation by national cybercrime agencies for alleged passivity in addressing cyber and financial crimes on the Telegram platform. Telegram stated that their CEO “has nothing to hide” as his detention was reportedly extended for further questioning, potentially lasting up to 96 hours.
National Public Data, a major background-check company, confirmed a data breach that leaked millions of Social Security numbers, including names, email addresses, phone numbers, and mailing addresses. The breach, caused by a third-party hacker, began in late December 2023, with data leaks occurring in April and summer 2024.
Styx Stealer malware developer made a critical operational security error, leaking personal data during debugging. This allowed researchers to gather significant intelligence, linking the developer to a Turkish hacker and a Nigerian individual involved in a related cybercrime campaign. Styx Stealer, derived from Phemedrone Stealer, can steal browser data, cryptocurrency, and instant messenger sessions.
U.S. oilfield services firm Halliburton reported a cyber attack that led the company to shut down certain systems at its Houston headquarters to contain the breach.
Microchip Technology, a U.S. semiconductor manufacturer, experienced a cyber attack that disrupted some of its servers and business operations. The Play ransomware gang claimed responsibility and threatened to release stolen data in a double-extortion attack.
Sable International, an immigration services firm, experienced a cyber attack that led to its servers and systems shutting down to protect client data. The hackers responsible have been directly emailing the company’s customers.
Home security systems company ADT Inc. reported that hackers accessed limited customer order information, but the company quickly blocked the breach and is investigating with cybersecurity experts.
- Researchers discovered eight vulnerabilities in Microsoft apps for macOS, including Teams, Outlook, and Word, that could allow hackers to access microphones, cameras, and other sensitive resources without users’ knowledge.
- Banshee Stealer is a newly discovered macOS malware, linked to Russian developers, that targets system information, browser data, and cryptocurrency wallets, posing a significant threat to Apple devices.
- Cybersecurity firm reported that an Android package called “Showcase.apk”, preinstalled on Pixel devices since 2017, makes phones vulnerable to cyber attacks by allowing unauthorized access and system-level code execution.
Cyberwar between Russia and Ukraine: Updates
Russia’s Federal Security Service has detained a physicist on charges of treason for allegedly conducting distributed denial-of-service (DDoS) attacks on Russian infrastructure on behalf of Ukraine’s intelligence agency.
Cybersecurity Justice
Singaporean authorities have recovered over $41 million from a business email compromise (BEC) scam, the largest such recovery in the country’s history. The BEC scam involved a fraudulent email impersonating a supplier, which led to the transfer of $42.3 million to a bank account in Timor Leste. INTERPOL’s Global Rapid Intervention of Payments (I-GRIP) mechanism helped trace and seize $39 million from the scammer’s account, with seven suspects arrested and an additional $2 million recovered.
The US National Institute of Standards & Technology (NIST) has formalized the world’s first post-quantum cryptography standards to help secure systems against future quantum threats.
The FBI has dismantled the Radar/Dispossessor ransomware gang, taking down servers and domains across the U.S. and Europe. The group, which emerged last year and targeted small-to-mid-sized businesses globally, used a dual-extortion model by encrypting and stealing data, putting significant pressure on victims to pay ransom.
UK’s National Crime Agency (NCA) arrested two individuals suspected of running the “Russian Coms” caller ID spoofing service, facilitating financial fraud worldwide, causing losses estimated in the tens of millions. The service, operational since 2021, was linked to over 1.3 million scam calls and allowed criminals to impersonate trusted institutions to defraud victims.
A high-profile Belarusian-Ukrainian cybercriminal known for developing the ransomware-as-a-service model, Reveton, has been arrested in Spain and extradited to the U.S. to face charges. The individual, along with co-conspirators, is accused of extorting around $400,000 monthly between 2012 and 2014 and is linked to several major ransomware strains and exploit kits.
A Russian national was sentenced to 40 months in prison for selling stolen financial information and login credentials on the criminal marketplace Slilpp. Between 2016 and 2021, the individual listed over 620,000 stolen credentials for sale and sold nearly 300,000 of them.
A Latvian national has been charged with money laundering, financial fraud, and extortion for his alleged involvement with the Russian Karakurt ransomware group. The group, known for stealing and threatening to release victim data unless paid in cryptocurrency, maintains a leak site and auction portal for its stolen data.
The U.S. and several European countries conducted a prisoner swap with Russia and Belarus, releasing eight individuals (Russian media notes that those were hackers, spies, and an assassin) in exchange for 16 individuals, including American and German prisoners.
A supposed perpetrator was charged with helping North Korean agents secure IT jobs at U.S. and British companies using stolen identities, operating a “laptop farm” to facilitate the scheme, and laundering payments to North Korean and Chinese accounts.
Five Chinese nationals have been arrested in connection with a large-scale fraud scheme that defrauded over 2,000 seniors of more than $27 million. The scheme involved contacting victims through various deceptive methods and using social engineering to gain access to their computers, leading to fraudulent financial transactions.
The U.S. State Department is offering up to $10 million for information on six Iranian hackers linked to attacks on U.S. water utilities, associated with Iran’s Islamic Revolutionary Guard Corps (IRGC). The hackers are accused of using the CyberAv3ngers group to compromise critical infrastructure and disrupt services. The attacks involved targeting programmable logic controllers (PLCs) used across various industries.
The U.S. Department of State is offering a $2.5 million reward for information leading to the arrest or conviction of a Belarusian national who is accused of distributing malware, including the Angler Exploit Kit, through online advertisements from 2013 to 2022. The Angler Exploit Kit was a major tool for cybercriminals, responsible for 40% of all exploit kit infections at its peak, targeting around 100,000 devices.
Biotechnology company, Enzo Biochem, agreed to pay $4.5 million to New York, New Jersey, and Connecticut following a 2023 ransomware attack that exposed the personal data of nearly 2.5 million.
FinTech Updates
A sophisticated phishing campaign was launched, targeting bank clients in Czechia, Hungary, and Georgia, using nearly identical fake banking apps on Android and iOS devices. These apps, distributed via third-party websites, bypassed traditional security measures, making them appear legitimate and difficult to detect.
Hackers who previously exploited a vulnerability in the Ronin Network returned $12 million worth of stolen cryptocurrency, acting in what appears to be good faith. The exploit targeted a crucial bridge component of the Ronin blockchain, used by the Axie Infinity game, which had been severely breached in 2022.
A Malaysian businessman accused of leading a $14 billion cryptocurrency pyramid scheme has been extradited from Thailand to China, marking the first such extradition under the 1999 treaty between the two countries. The scheme, involving over 10 million participants, promised high returns through a virtual currency and was investigated by Chinese authorities for nearly four years.
North Korean hackers, identified as “Citrine Sleet” by Microsoft, exploited a Chromium zero-day vulnerability (CVE-2024-7971) to target the cryptocurrency industry. The attack, linked to North Korea’s Reconnaissance General Bureau, involved shared tools with another group, “Diamond Sleet.” Google patched the vulnerability on August 21.
The founder of the unlicensed cryptocurrency exchange, Cryptonator, has been indicted for processing $235 million in illicit funds through his platform. Cryptonator, which operated from 2014 to 2023, facilitated international money laundering with inadequate anti-money laundering controls and was used by criminals for various illegal activities. The platform’s domain has been seized by U.S. and German authorities.
Argentinian police arrested a Russian national for allegedly laundering millions in stolen cryptocurrency from sources like child sexual abusers, terrorist financiers, and North Korean hackers. The suspect, who ran the operation from his apartment, converted the illicit funds into clean cryptocurrency and fiat currency using crypto exchanges.
Cryptocurrency company Unicoin reported to the SEC that a hacker gained access to its Google G-Suite account, locking all employees out of the system for nearly four days before access was restored.
A ransomware attack on India’s digital payment system, linked to the RansomEXX group, was traced back to a vulnerability in the Jenkins software used by a third-party tech provider.
Cybersecurity News Across The Globe
- A ransomware attack has affected the central computer system managing financial data for around 40 French museums, including the Grand Palais, though museum operations were not disrupted. The attack, which was detected at the Grand Palais during Olympic events, led to the theft of data and a ransom demand from the cybercriminals.
- Swiss manufacturing company Schlatter Group investigated a ransomware attack that shut down its IT network and stopped access to its email system.
- Orion, a Luxembourg-based carbon black supplier, has lost $60 million in a business email compromise scam.
- Australian gold mining company Evolution Mining reported a ransomware attack on its IT systems.
Want to find out more about:
- Cyber Resilience vs Cybersecurity: Understanding the distinctions
- What Is a Data Breach? Everything You Need to Know
- The Most Common Types of Cyber Attacks
- CREST Penetration Testing: What Is It and Why Is It Important?
- How to Spot a Phishing Email – Useful Tips
Don’t miss our free webinar, “Stronger Together: Uniting Advanced Security Solutions and Expert MDR for Holistic Cyber Defense,” on September 17th. Cybersecurity experts from AMATAS and Rapid7 will share key insights on strengthening your cyber defense strategy and ensuring compliance.
AMATAS will continue to monitor this space and deliver salient information regularly.
Stay tuned for our next report and if you are interested in any of our privacy and cybersecurity services, please do reach out through our website www.amatas.com or by e-mailing office@amatas.com.
As always – be vigilant, stay alert, and think twice.