Hacking, Security & Privacy

Microsoft has taken to its security blog to shine a light on the company's recent observations in the cybersecurity space, and according to the Redmond company, a known hacking group is now going after US government officials in a series of highly-targeted spear-phishing email waves.

According to Microsoft, the hacking group is Russian government-backed bad actors Midnight Blizzard, which have been on Microsoft's radar since October 22, 2024. Microsoft Threat Intelligence is quite familiar with Midnight Blizzard, as the hacking group targeted Microsoft servers on January 12, 2024, which ended up becoming compromised and Midnight Blizzard gaining access to federal government email accounts, Microsoft's corporate email accounts, and more.

At the time, Microsoft described these attacks by Midnight Blizzard as a "sustained, significant commitment of the threat actor's resources, coordination, and focus." Now, Microsoft has put out a new warning that Midnight Blizzard is sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other sectors. Microsoft writes this activity is ongoing, and the likely goal of this operation is to collect intelligence.

A cybersecurity researcher has discovered more than 100,000 United Nations-associated documents containing financial reports, audits, bank account information, staff documents, email addresses, and more in a non-password-protected text database.

vpnMentor cybersecurity researcher Jeremiah Fowler has published a new report revealing the discovery of a non-password-protected database that contained 115,000 records associated with the United Nations Trust Fund to End Violence against Women. The trust fund was set up to provide financial and technical support to local, national, and regional organizations working toward reducing gender-based violence. According to the report the database held 115,141 files that amounted to 228GB of data.

According to Fowler, many of the documents in the database were marked as confidential, with the cybersecurity researcher pointing out one .xls file contained a list of "1,611 civil society organizations, including their internal UN application numbers, whether they are eligible for support, the status of their applications, whether they are local or national, and a range of detailed answers regarding the groups' missions."

Federal authorities have charged two brothers with launching cyberattacks at some of the world's biggest technology companies, including streaming services and social platforms.

The US Department of Justice has alleged two brothers are behind the hacktivist group Anonymous Sudan, which launched thousands of powerful distributed denial-of-service (DDoS) attacks at some of the biggest tech companies in the world. Additionally, the group targeted government agencies such as the FBI, Department of Justice (DOJ), Pentagon, and FBI. The charges by the DOJ outline the two Sudanese brothers are also responsible for a series of cyberattacks against Microsoft, OpenAI, Riot Games, PayPal, Steam, Hulu, Netflix, Reddit, GitHub, and Cloudflare.

Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27, were charged with one count of conspiracy to damage protected computers. Ahmed Salah was separately charged with three counts of damaging protected computers and an attempt to "knowingly and recklessly cause death" after launching several cyberattacks at hospitals in retaliation for hospitals being bombed in Gaza. If convicted of all charges, Ahmed Salah will face a maximum sentence of life in federal prison.

The US Department of Justice has charged two brothers who were allegedly behind a series of cyberattacks launched at hospitals across various countries.

Reports indicate the Sudanese brothers are behind the hacktivist group Anonymous Sudan, which the US Department of Justice believes is behind a series of cyberattacks launched at various hospitals around the world. The Department of Justice recently unsealed the charges against the brothers, accusing them of launching more than 35,000 distributed denial-of-service (DDoS) attacks against hundreds of organizations. The targets of these attacks were websites, network systems, services, media companies, airports, and government agencies such as the Pentagon, FBI, and Department of Justice.

The indictment revealed the brothers had their own ideological reasons behind the attacks but were also making their services available for hire. This would include launching cyberattacks against entities on behalf of clients, and according to US prosecutors and the FBI, their victims include Microsoft's Azure cloud services, OpenAI's ChatGPT, video game companies, and even hospitals. The last point is a particular point of interest for the prosecution as the brothers are accused of launching attacks on Cedars-Sinai Health Systems in Los Angeles, which resulted in multiple hours of downtime and patients having to be moved to different hospitals.

A global quarterly analysis conducted by cybersecurity company Surfshark has revealed global data breaches have almost doubled in Q3 2024 compared to Q2 2024.

In an email to us, Surfshark explained that globally leaked accounts have almost doubled in Q3 2024 compared to Q2 2024, as the company's analysis indicated leaked accounts spiked from 215 million to 423 million. These statistics were acquired by Surfshark's global data breach monitoring tool, which also reveals the ten most breached companies in descending order. Those stats can be found below.

Moreover, Emilija Kucinskaite, Senior Researcher at Surfshark, provided a statement to us, saying that leaked account data still remains a "significant issue" and that zooming out on the data and looking at it over 20 years reveals an even more troubling statistic - there have been 68 billion data points exposed since 2004. Of those data points, 18 billion are email addresses, and on average, each leaked email address also comes with three additional leaked data points, such as passwords or phone numbers.

The Internet Archive was hit with a Distributed Denial-of-Service (DDoS) Attack on Wednesday afternoon, resulting in the service being knocked offline on Thursday.

Brewster Kahle, the founder and digital librarian of the Internet Archive, confirmed the platform experienced a major outage due to DDoS attacks, which resulted in the "defacement of our website" and a major breach that exposed 31 million user accounts. The breach exposed the usernames, emails, and bcrypt password hashes of 31,081,179 archive users, with Kahle confirming the news in a new X post that stated the Internet Archive suffered from "defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords."

As for the defacement Kahle referenced, the hacker/s injected this message into the platform, "Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!" HIBP is a reference to the website "Have I Been Pwned," which informs users if their account details have been leaked online due to a data breach. Moreover, HIBP did confirm the Internet Archive data breach, writing that 31 million records from Internet Archive users were stolen.

It was only a year ago that Casio was forced to repel cyberattackers that were probing its digital infrastructure, but now according to the company it has detected a breach.

The company took to its Japanese website to officially announce that it had detected a security breach after conducting an internal investigation. The breach was detected on October 5, 2024, and the investigation found that the unauthorized access had caused a system failure, "resulting in the inability to provide some services." Casio has already reported the breach to authorities and brought in a third-party security firm to investigate the breach and determine if customer data was stolen.

Judging by the hiring of a third-party security firm to look for any stolen files, it appears the breach may have been a ransomware attack. However, Casio hasn't confirmed that any data was stolen. Additionally, no ransomware groups have claimed responsibility for the hack.

UPDATE - "User security and privacy are top priorities for Pixel. You can manage data sharing, app permissions and more during device setup and in your settings. This report lacks crucial context, misinterprets technical details and doesn't fully explain that data transmissions are needed for legitimate services on all mobile devices regardless of the manufacturer, model or OS, such as software updates, on-demand features and personalized experiences," emailed a Google spokesperson

A new report from Cybernews has focussed on the web traffic between Google and its latest flagship smartphone, the Google Pixel 9 Pro XL.

The report states that cybersecurity researchers at Cybernews analyzed the Pixel 9 Pro XL's web traffic and determined that even before any app is installed, the smartphone sends private user data back to Google servers. More specifically, the analysis found "Every 15 minutes, Google Pixel 9 Pro XL sends a data packet to Google" and within this packet of data is private information such as a users email address, phone number, location, network status, and other telemetry data.

Keeping an ear to the ground in the world of scams can really benefit people whose lives are plugged into the digital world, particularly if they are involved in storing/trading digital assets such as cryptocurrency.

The cryptocurrency community is no stranger to scams of various kinds, but now researchers are sounding the alarm on a new type of scam that's been described as a world first. According to a report from investigators at Check Point Researchers (CPR), an app called WalletConnect appeared on the Google Play Store. WalletConnect assumed the identity of the legitimate app with the same name, but did come with some adjustments.

The fraudulent WalletConnect app was marketed to consumers as able to solve many of the problems voiced about the legitimate WalletConnect app. Additionally, the legitimate app wasn't on the Google Play Store, which meant when users when to search for WalletConnect they were presented with the malicious app. More than 10,000 people downloaded the app, and according to CPR approximately 150 wallet addresses were drained of their contents.

The Federal Beureua of Investigations (FBI) has said that it's pursuit of a China-based botnet resulted in Chinese operators of the botnet "burning down" their network once they figured out the FBI was on to them.

The botnet consisted of 260,000 various internet-connected devices that were used to gather intelligence on critical US infrastructure, government operations, academics, and more. Notably, the botnet was operated by the "Integrity Technology Group," who FBI director Christopher Wray said is linked to the People's Republic of China.

More than half of the total devices within the botnet were located in the United States, and following its discovery, the National Security Agency (NSA) and the FBI were called in to intervene. Wray said it was "all hands on deck" and after gaining court authorization, US officials took control of the botnet servers, which prompted a response by the People's Republic of China-linked group.