Β
π What’s the latest in the cyber world today?
Β DoNot Team, Israel, TLS, Russia, Grandoreiro Malware, Zero-Day, Kaspersky, BHI Energy, Philadelphia, Ireland, Ukraine, Alfa-Bank, University of Michigan, 1Password, Spain, Police, EU, Google, Indian, Police.Β
π¨Β Cyber Alerts
A cyber espionage group known as DoNot Team is making headlines with its new .NET-based backdoor called Firebird, primarily targeting victims in Pakistan and Afghanistan. Kaspersky, the cybersecurity company, unveiled these findings in its Q3 2023 APT trends report. The malware, which features a downloader named CSVtyrei, demonstrates ongoing development efforts, adding complexity to its capabilities.
Amid concerns of potential cyberattacks, Israel’s Ministry of Health has directed several hospitals to temporarily disconnect from the internet. The National Cyber Directorate and Health Ministry are working to enhance hospital cybersecurity and vigilance. These actions, which include internet disconnection, aim to protect hospital operations and patient data, following a series of cyber incidents that have targeted Israeli hospitals since 2021, exposing vulnerabilities in the healthcare sector’s cybersecurity preparedness.
A suspected government attempt to secretly wiretap a German instant messaging service, Jabber.ru, has been exposed due to the authorities’ failure to renew a TLS certificate. The expired certificate was found on a specific port used for encrypted TLS connections. Researchers believe the wiretap could have lasted up to six months, potentially compromising all communications within that period. While the hosting providers, Hetzner and Linode, are yet to respond to inquiries, it remains unclear whether the wiretap was a lawful government intercept or an intrusion targeting Jabber.ru’s internal networks.
A new version of Grandoreiro malware, previously known to target Brazil and Mexico, has expanded its reach to Spain. Researchers from Proofpoint have detected a surge in malicious activities directed at Spanish-speaking users in Spain, signaling an unusual increase in frequency and volume.
In a revelation by Kaspersky, the TriangleDB implant, used in Operation Triangulation to target Apple iOS devices, exhibits remarkable complexity, boasting four distinct modules for microphone recording, iCloud Keychain extraction, data theft from SQLite databases, and victim location estimation. This in-depth investigation unveiled the lengths to which the adversaries went to conceal their tracks and stealthily collect sensitive information.
π₯ Cyber Incidents
BHI Energy, a US energy services firm, has opened up about a cyberattack by the Akira ransomware group, providing intricate details on how the breach unfolded. The attack, which occurred on May 30, 2023, began with the threat actors using stolen VPN credentials from a third-party contractor to gain access to BHI Energy’s internal network. Over the subsequent weeks, the attackers exfiltrated a substantial amount of data, including personal information like Social Security Numbers and health data.
The City of Philadelphia has disclosed a data breach that occurred five months ago, in May. The breach was discovered in late May after suspicious activity in the City’s email environment, but the investigation revealed that unauthorized actors might have accessed certain email accounts for at least two months after its discovery. The compromised email accounts contained a mix of personal information, including demographic details, medical records, and limited financial data.
Sensitive documents linked to vehicle seizures by the Irish National Police have been exposed in a significant data breach that could affect thousands of vehicle owners. Cybersecurity researcher Jeremiah Fowler discovered an unprotected database containing over half a million records associated with vehicle seizures. The exposed database included a range of sensitive information, such as notices of automobile seizure, scanned identification documents, and more, posing potential privacy and security risks to affected individuals.
Ukrainian hackers known as KibOrg and NLB, in coordination with the country’s security services (SBU), successfully breached Russia’s largest private bank, Alfa-Bank. The hacktivist groups claimed to have accessed the personal information of over 30 million customers, including their names, dates of birth, account numbers, and phone numbers. Alfa-Bank, owned by Russian-Israeli billionaire Mikhail Fridman, who is under U.S. and European sanctions, has denied the data leak reports, and a source within Ukraine’s security service confirmed their involvement in the operation without disclosing further details.
10.University of Michigan Data Breach
The University of Michigan disclosed a data breach that occurred when hackers infiltrated its network in August. The breach compromised the personal, financial, and medical information of students, applicants, alumni, donors, employees, patients, and research study participants. The university responded by isolating its campus network from the internet upon detecting suspicious activity, and affected individuals have been informed, with the university offering complimentary credit monitoring services as a precaution.
1Password detected suspicious activity on its Okta instance after the Okta support system breach, although no user data was compromised. The breach involved a threat actor attempting to access an IT team member’s dashboard and manipulate authentication flows. Following the incident, 1Password implemented various security measures, such as tighter multi-factor authentication rules and restrictions on logins from non-Okta IDPs, to enhance protection.
π’ Cyber News
Spanish law enforcement has successfully dismantled a cybercriminal organization responsible for various computer scams that compromised the data of over four million individuals. This operation involved 16 targeted searches across multiple Spanish cities, leading to the arrest of 34 individuals connected to the criminal group. Authorities seized firearms, high-end vehicles, substantial amounts of cash, and computer systems containing data from the victims.
European lawmakers are grappling with various unresolved issues concerning new artificial intelligence rules, postponing any potential agreement until December, insiders report. The draft AI regulations must receive approval from the European Parliament and EU member states. Despite multiple discussions in trilogue meetings, including the regulation of foundation models and high-risk AI systems, a consensus remains elusive, leading to an additional trilogue in December.
Google is introducing a new “IP Protection” feature for its Chrome browser, aiming to bolster user privacy by concealing their IP addresses using proxy servers. This initiative recognizes the potential misuse of IP addresses for covert tracking, a concern related to online privacy. The IP Protection feature will reroute third-party traffic through proxies, rendering users’ IP addresses invisible to specific domains, thus enhancing user privacy while still enabling essential web functionalities.
The Indian Central Bureau of Investigation, with information provided by tech giants Amazon and Microsoft, dismantled tech scam fraud rings that had been operating for years across India. The scammers had been impersonating customer support from these tech giants, using pop-up messages to convince victims that their computers had technical issues and charging them hundreds of dollars for fraudulent fixes.
Β
Copyright Β© 2023 CyberMaterial. All Rights Reserved.
