Cyber Threat Report | March 2024

March was certainly an eventful month for cybersecurity professionals and legislation-makers across the world.

  • The customer data of around 73 million AT&T customers leaked on the dark web.
  • Nation-state hackers continued to actively target Southeast Asian institutions, Hong Kong businesses, and U.S. and UK government organizations.
  • Two versions of XZ Utils have been infected, while a new, sophisticated Phishing-as-a-Service (PhaaS) platform is on the rise.

On a more positive note, Nemesis, the darknet marketplace website, was taken down.

  • Both the creator of E-Root Marketplace and a Lockbit ransomware affiliate were sentenced.
  • ​​CISA released the Secure Software Development Attestation Form.

Read on to discover the latest updates – about the most recent exploited vulnerabilities (including in AI), continuous breaches, and sentencing of nation-state actors – in the cybersecurity space!

Cybercrime Breaking News

​​Data of 73 million current and former AT&T customers was published on the dark web. In an official statement, the company stated that the “data appears to be from 2019 or earlier and does not contain personal financial information or call history”. Cybersecurity investigators are currently looking into the leak. 

A nation-state hacker believed to be connected to the government of China is said to be exploiting vulnerabilities (F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability CVE-2023-46747 and Connectwise ScreenConnect CVE-2024-1709) to target Southeast Asian institutions, Hong Kong businesses, and U.S. and UK government organizations.

The Cybersecurity and Infrastructure Security Agency (CISA) took offline two of its systems, as they saw activity that could be exploiting an Ivanti vulnerability in the agency’s products.

UN report observes cyber activities (between 2017 and 2023) perpetrated by the North Korean “cyberthreat actors subordinate to the Reconnaissance General Bureau (RGB), including Kimsuky, the Lazarus Group, Andariel and BlueNoroff”. The report observed key trends like how the actors continued to target the global defense sector; attack the supply chain; and disseminate malicious mobile apps and phishing emails (written by AI). The UN is also investigating about 58 attacks believed to have been conducted by North Korean hackers that have raked in over $3 billion in six years.

Fujitsu discovered malware on ‘multiple’ employee computers. The IT giant is currently investigating how the malware targeted its systems and whether data breaches have occurred.

IBM X-Force discloses an active phishing campaign that uses fake documents, imitating official government and non-governmental organizations in Europe, the South Caucasus, Central Asia, and North and South America. The campaign is believed to be spread by ITG05, a Russian state-sponsored group.

recovery-incident

Cybersecurity researchers:

​​CISA released the Secure Software Development Attestation Form to pinpoint a framework and requirements for secure software development for government products.

Cyberwar between Russia and Ukraine: Updates

The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Russian entities and individuals, from the financial and technology sectors, who helped other individuals evade US sanctions. In the words of Under Secretary of the Treasury for Terrorism and Financial Intelligence, Brian E. Nelson, “Russia is increasingly turning to alternative payment mechanisms to circumvent U.S. sanctions and continue to fund its war against Ukraine.” 

The news comes as Russia banned the entry of 227 US citizens (e.g. journalists, researchers, and government officials), who Kremlin believes are in support of Washington’s “Russophobic policies”.

Cybersecurity and AI

Researchers warned about vulnerability in Ray, an open-source AI framework to develop and deploy large-scale Python applications, used by companies like Uber, Amazon, and OpenAI. The flaw is said to have been actively exploited in the last seven months and could take over the system’s computing powers to leak sensitive data. The vulnerability currently has no patch.

An ex-Google employee is charged by the Department of Justice for his supposed role in trying to steal “proprietary information related to artificial intelligence (AI) technology” from Google, while undercover for China-based technological companies.

Cybersecurity Justice

German police have taken down Nemesis, the darknet marketplace website. Authorities have confiscated the marketplace’s servers; seized user data and around €94,000 ($102,000) in cryptocurrency assets.

Lockbit ransomware affiliate is sentenced by a Canadian court to four years of imprisonment and to pay $860,000 in restitution to his victims, after pleading guilty to eight charges (which includes the likes of cyber extortion, weapons possession, etc.). 

The US Department of Justice:

Ukrainian police have arrested three members of a suspected gang, believed to be behind the hijacking of 100 million email and Instagram accounts, belonging to users from all around the world. The said hackers used brute force – trying out different username and password combinations to gain access.

Individual pleads guilty to his involvement in a Business Email Compromise (BEC) scheme. His role supposedly entitles conspiracy to commit wire fraud and money laundering.

FinTech Updates

Blockchain researchers believe the Lazarus Group has resorted to old tactics to launder money – using the Tornado Cash mixer. The researchers have observed that in March, the North Korean hackers attempted to launder $23 million, which is believed to be part of the $112.5 million stolen in November from HTX cryptocurrency exchange. 

Cyberattack hits blockchain-based game, Munchables, and security firms believe around $62 million in cryptocurrency was stolen. In an official statement, the platform reached out to the hacker (who turned out to be a Munchables developer) who promised to return the stolen amount “without any conditions”.

Prisma Finance, was targeted by a cyberattack, which stole about $11.6 million from the DeFi platform. The perpetrator turned out to be a “white hacker”, reaching out on forums to the platform to say that it was carried out for research purposes and promising to return the funds.

Paysign, a financial services provider, investigated a data breach, after a hacker put up for sale 1.2 million records, said to belong to the firm’s customers.

Alongside cryptocurrency company, Tether, the U.S. Attorney seized about $1.4 million of Tether (USDT) cryptocurrency, as suspected fraud proceeds, part of a tech support scam. This was the first time the US recovered the currency from an unhosted virtual currency wallet.

The operator of a darknet cryptocurrency “Mixer” was convicted for his supposed part in laundering $400M in cryptocurrency. He said to have run Bitcoin Fog between 2011 and 2021.

Nigeria’s Economic and Financial Crimes Commision (EFCC) requested that the cryptocurrency exchange platform Binance provide it with information on all Nigerian users of the platform. The court order follows the detainment of two Binance employees, who are yet to be charged. These measures have been taken as the nation is trying to tighten its grip on its crypto exchange, and more specifically, decrease the speculations around its currency, the naira.

Cybersecurity News Across The Globe

Want to find out more about the Internet of Threats

Our latest article tackles some of the most common IoT device vulnerabilities and what you could do to stay protected against them.

AMATAS NEWS

Join AMATAS upcoming webinar “Rebound and Recover: The Critical 48 Hours Post-Cyber Attack” to get the essential knowledge, strategies, and actions to navigate the aftermath of a cyber attack.

The session looks into the pivotal first 48 hours following a cyber breach, a crucial period that can significantly influence the long-term impact on an organization’s operations, reputation, and financial stability. The speaker, Boris Goncharov, is the Chief Strategy Officer of AMATAS. Devoting over 18 years to his professional journey, he has earned recognition as a strategic thinker in information security.

AMATAS will continue to monitor this space and deliver salient information regularly. 

Stay tuned for our next report and if you are interested in any of our privacy and cybersecurity services, please do reach out through our website www.amatas.com or by e-mailing office@amatas.com.

As always – be vigilant, stay alert, and think twice.

Related Articles

Scroll to Top