Cyber Threat Report | May 2024

With May 2024 behind us, our roundup will look at some of the biggest breaking news and updates in the cybersecurity space.

The good news is that this month, international operations shut down botnets and took down fraud call centers, while court proceedings led to the sentencing of malicious actors.  

On the justice side, discover more about the

  • “largest ever operation against botnets”;
  • disruption of politically charged disinformation campaigns, abusing AI;
  • disruption of 911 S5;
  • LockBit ransomware group leader’s identity.

Our newsletter will disclose the latest data breaches, vulnerabilities, and malicious campaigns, providing you with the latest updates on the

  • ransom paid by UnitedHealth Group;
  • new APT actor, LilacSquid;
  • compromised court recording software.

Cybercrime Breaking News

A hacker breached Dropbox, gaining access to passwords and authentication information. The breach is initially believed to have affected the cloud storage company’s Dropbox Sign infrastructures, with no evidence as to other product environments being accessed.

UnitedHealth Group CEO confirmed in front of the U.S. Senate Committee on Finance that the company paid a ransom of $22 million to protect patient data to the BlackCat/AlphV gang, amidst the cyberattack that took place earlier this year.

Cisco Talos revealed information about LilacSquid, an advanced persistent threat actor (APT) carrying out data theft and espionage campaigns against IT, manufacturing, energy, and pharmaceutical entities in the United States, Europe, and Asia, since 2021. Talos noted a minimum of three successful compromises. 

The auction house Christie’s website was taken down by hackers days before a $840 million auction. RansomHub claimed responsibility for the hack and threatened to release the data of nearly 500,000 company clients. 

Hackers compromised Justice AV Solutions (JAVS), a recording software used in courtrooms, jails, and prison facilities. Hackers discovered a backdoor vulnerability that allowed them to gain control of the affected systems.

GitHub rolled out a patch for a vulnerability with maximum severity in its GitHub Enterprise Server (GHES). The flaw allows hackers to bypass authentication.

Kaspersky disclosed critical vulnerabilities in Telit Cinterion cellular M2M modems, that allow hackers to execute arbitrary codes remotely via SMS.

Monday[.] com removed its “Share Update” as it was abused by hackers in phishing attacks.

Cybersecurity and AI

OpenAI disrupted five AI-abusing disinformation campaigns conducted by malicious actors, located in China, Iran, Israel, and Russia. The campaigns used the company’s AI models to “generate short comments and longer articles in a range of languages, make up names and bios for social media accounts, conduct open-source research, debug simple code, and translate and proofread texts”. Due to OpenAI’s actions, the campaigns haven’t had an increase in their audience engagement or reach, as of May 2024.

Cybersecurity Justice

Europol and international law enforcement agencies shut down over 100 malware servers, linked to 15 ransomware groups like BlackBasta and REvil, in the “largest ever operation against botnets” in Operation Endgame. The infrastructures are said to be linked with malware loader operations like IcedID, SystemBC, PikaBot, SmokeLoader, Bumblebee, and TrickBot. As a result of the actions, four were arrested, while over 2,000 domains were seized under the control of law enforcement

The FBI and its international partners disrupted 911 S5 – a botnet, said to have infected over 19 million IP addresses across 200 countries. The authorities have also arrested an individual, charged with having created and operated the botnet while deploying the malware.

A US court identified the LockBit ransomware group leader (LockbitSupp) as Dmitry Khoroshev and unsealed a 26-count indictment against him. An award of up to $10 million is offered to anyone with information that could lead to his arrest or conviction.

The US Department of Justice sentenced a REVil affiliate to 13 years and seven months in prison and a fine of $16 million in restitution to his victims. The hacker is said to have disseminated REvil ransomware, conducted +2,500 ransomware attacks, and demanded over $700 million in ransom from victims.

FBI, the Justice Department, and international agencies took down the BreachForums platform website and Telegram channel.

Operation PANDORA, carried out by German, Albanian, Bosnian-Herzegovinian, Kosovar, and Lebanese police forces and supported by Europol, took down 12 “fraud” call centers used to conduct thousands of scams.

A man was sentenced to +10 years in prison for carrying out business email compromise (BEC)  and romance fraud schemes and laundering over $4.5 million of victims’ funds.

FinTech Updates

A Dutch court convicted the co-founder of Tornado Cash, the cryptocurrency services platform, as guilty of laundering $1.2 billion in cryptocurrency, stolen due to at least 36 hacks. The co-founder has been sentenced to five years and four months in prison.

An operator of the world’s largest virtual currency exchange, BTC-e, pled guilty to conspiracy to commit money laundering. The exchange platform was active between 2011 and 2017 and is said to have processed over $9 billion worth of transactions. 

An individual pleaded guilty to stealing over $37 million by impersonating Coinbase cryptocurrency exchange platform.

After $20 million was said to have been stolen from Sonne Finance, the cryptocurrency lending platform, developers tried to contact hackers.

Over $22 million in cryptocurrency was stolen from the blockchain platform Gala Games.

Want to find out more about how to…

protect your devices against the most common IoT devices vulnerabilities;

take precautions to prevent data breaches from occurring;

decide which types of data to secure.

AMATAS will continue to monitor this space and deliver salient information regularly. 

Stay tuned for our next report and if you are interested in any of our privacy and cybersecurity services, please do reach out through our website www.amatas.com or by e-mailing office@amatas.com.

As always – be vigilant, stay alert, and think twice.

Related Articles

Scroll to Top