This week’s security news: North Korean group Lazarus behind $540 million ronin theft

- Advertisement -


At the beginning of this week, The Ukrainian Computer Emergency Response Team and the Slovak cybersecurity company ESET have warned that notorious Russian GRU hackers Sandworm attacked high-voltage electrical substations in Ukraine using a variant of their Industroyer shutdown-inducing malware, also known as Crash Override. A few days later, the US Department of Energy, the Cyber ​​and Infrastructure Security Agency, the NSA and the FBI jointly issued a recommendation for a new set of tools for hacking industrial control systems of undetermined origin, dubbed Pipedream, which does not appear to have been used against targets, but which industrial system operators must actively block.

- Advertisement -

Russia’s war with Ukraine has led to massive data breaches involving spies, hacktivists, criminals and ordinary people seeking to support Ukraine. captured and released vast amounts of information about the Russian military, government and other Russian institutions.. And apart from the conflict, WIRED took a look at the true impact of source code leaks in the overall picture of cybercrime violations.

- Advertisement -

Also, DuckDuckGo finally released a desktop version of their privacy browserand WhatsApp is expanding to offer a Slack-like group chat organization chart called Communities.

And that is not all! We’ve compiled all the news that we haven’t disclosed or covered in detail this week. Click on the headings to read all stories. And stay safe there.

- Advertisement -

Blockchain analysis researchers from Elliptic and Chain analysis said on Thursday that they traced a huge amount of cryptocurrency stolen last month from the Ronin network bridge to the North Korean hacker group Lazarus. The US Treasury also announced extended sanctions against North Korea, Lazarus and the group’s affiliates. The attackers stole a large amount of Ethereum currency and several USDC stablecoins, totaling $540 million at the time. (The value of the stolen funds has since exceeded $600 million.) The Lazarus hackers were on a cybercriminal rampage for yearshacking companies, running scams, and generally raising profits to fund the Hermit Kingdom.

NSO Group, the Israeli developer of the powerful and widely used Pegasus spyware, was found “worthless” in a British court this week. The estimate, described as “totally clear,” came from the third-party consulting firm Berkeley Research Group, which manages the fund that owns the NSO. As a staggering number of autocrats and authoritarian governments have acquired the NSO’s tools to fight activists, dissidents, journalists and others at risk, the spyware maker has been convicted and sued (repeatedly) by tech giants in an attempt to limit its reach. Targeted surveillance is big business and the link where espionage and human rights converge. Reuters informed this week, for example, that last year senior EU officials were attacked with unidentified Israeli-made spyware.

T-Mobile confirmed it was hacked last year (behind what felt like a million times) after hackers put the personal data of 30 million customers up for sale for 6 bitcoins, or about $270,000 at the time. However, newly disclosed court documents show that the telecommunications company hired a third-party firm as part of its response, and the firm paid the attackers about $200,000 for exclusive access to the treasure chest in hopes of containing the crisis. Paying hackers through third parties is a well-known but controversial tactic to combat ransomware attacks and digital ransomware. One of the reasons it is frowned upon is that it often fails, as was the case with T-Mobile data, which the attackers kept selling.

AT report Researchers at Cisco Talos said this week that a new type of information-stealing malware called “ZingoStealer” is rapidly spreading on the Telegram app. A cybercriminal group known as the Haskers Ganghe distributes malware for free to other criminals or anyone who wants it, the researchers say. The group, which may be based in Eastern Europe, often shares updates and tools on Telegram and Discord with the “community” of cybercriminals.


More Great WIRED Stories

.


Credit: www.wired.com /

- Advertisement -

Stay on top - Get the daily news in your inbox

DMCA / Correction Notice

Recent Articles

Related Stories

Stay on top - Get the daily news in your inbox