Hacking, Security & Privacy - Page 3

A group of hackers connected to the Russian government have launched cyber attacks at Starlink-connected infrastructure in Ukraine to target devices being used by Ukrainian soldiers on the frontline. Microsoft has confirmed the infrastructure has been compromised, and currently, investigators still don't know what vulnerability was exploited.

Microsoft has labeled the group as "Secret Blizzard," and according to reports and the latest Microsoft Security blog post, in at least one instance this year when Ukrainian frontline devices were targeted, Secret Blizzard used infrastructure created by a cybercrime group Microsoft tracks as Storm-1919. In another instance,e Secret Blizzard leveraged infrastructure from another group called Storm-1837, a Russian-based cybercrime group that targets Ukrainian drone operations.

So, how did they gain access to the infrastructure? Microsoft explains the cybercriminals between March and April this year used a bot swarm attack to install the XMRIG cryptocurrency app on targeted servers. Typically, hackers will install this malware and then use the device's resources to mine a cryptocurrency, which they then sell online for real money. However, Microsoft writes the ultimate objective of bot swarm malware was to install Tavdig, a backdoor Secret Blizzard used to conduct reconnaissance on the target device.

Microsoft Threat Intelligence has warned that a Chinese government espionage hacking group is targeting critical US infrastructure, such as telecommunications networks, financial and legal services industries, and government and non-government agencies.

Sherrod DeGrippo, the director of threat intelligence strategy at Microsoft, spoke with The Register, saying the new group Microsoft is tracking under the moniker "Storm-0227" began targeting critical US infrastructure as soon as yesterday. DeGrippo says the group has been active since January but didn't say its total number of victims. Notably, DeGrippo said the group's members have some overlap with Silk Typhoon, a notorious Chinese government-affiliated hacking group known for healthcare, law firms, higher education, defense contractors, and non-governmental organizations.

Furthermore, over the past 12 months, Microsoft has seen a significant increase in the frequency of attacks by Chinese hacking groups. As for how the hacking is done, The Register reports Storm-0227 typically infiltrates a system by exploiting security vulnerabilities in public-facing applications and spear-fishing emails that contain contaminated links or attachments. The objective of Storm-0227 is to get a victim to click on a document that automatically downloads SparkRAT, an open-source remote administration tool that enables the controller administrative access to a machine.

Last week, telecommunications executives sat in front of the Biden administration and discussed the exponential frequency of cyber attacks from China on the United States, with one Senator saying the attacks from China make severe cyber security events such as Solar Winds caused by Russia-affiliated bad actors look like "child's play."

The details come from Senator Mark R Warner, who spoke to the press and said that "my hair is on fire" with the ramping cyber attacks from China, which started increasing well before the recent US election. Additionally, the Senator stated the presence and nature of the attacks may require the replacement of "literally thousands and thousands and thousands" of routers, switches, and other potentially infiltrated hardware.

Furthermore, the Senator warned that the extent to which these attacks have affected US networks is currently unknown, describing the situation as follows: "The barn door is still wide open, or mostly open." More specifically, US telecommunications networks that have been infiltrated may provide Chinese state employees or affiliated hackers with the means of listening in on phone calls, even as high as President-elect Donald Trump.

In a recent interview with the Financial Times, Brad Smith, the vice chair and top legal officer at Microsoft, said that he is hoping President Trump and his administration push back harder against foreign cyber attacks, particularly those that originate from Russia and China.

Cyber attacks from Russia and China have become more and more frequent, with Microsoft only recently confirming that Russian state-backed hacking group Midnight Blizzard infiltrated its servers. Microsoft has since implemented security updates to mitigate the likelihood of breaches, but attacks are still increasing and only becoming more sophisticated. Brad Smith, Microsoft's vice chair and top legal officer, has called upon the Trump Administration to "push harder" against cyber attacks, saying the issue "deserves to be a more prominent issue of international relations".

Smith has said he hopes Trump is prepared to send a "strong message" to Russia, Iran, and any other nation that is launching cyber attacks on the US. It was only earlier this month US authorities accused China of launching widespread cyber espionage campaigns against the US, with a recent Microsoft-led study finding that more than 600 million cyber attacks are launched at its customers every day. Moreover, Microsoft found that criminal gangs are now increasingly teaming up with "nation-state groups" to launch operations against targets and share hacking tools.

Scammers are always looking for new ways to take advantage of unsuspecting people, and according to Switzerland's National Cyber Security Center (NCSC) there is a rise in a new method of scamming, and it involves the use of QR codes and the traditional postage system.

In a new statement issued by the National Cyber Security Center, hackers are attempting a new scheme to get malware into as many devices as possible, and it involves sending fake letters, such as the one above, to residents that request they download a "Severe Weather Warning App" for Android via the provided QR code. The letters were faked to look like letters sent from the nation's Federal Office of Meteorology and Climatology, and the app the scammers requested residents to download was designed to mimic the official Alertswiss weather app by using a similar name "AlertSwiss," and a slightly different logo.

The fraudulent app took users that scanned it to a third-party site and not the official Google Play Store, which, for those unfamiliar with the rules of the road when downloading apps - the general rule of thumb is don't download any application onto your device that isn't from the official app marketplaces. The scamming app contained a version of the Copper trojan, malware designed specifically for keylogging purposes, gathering two-factor authentication information, tracking notifications and SMSs, and stealing stored user credentials from other applications.

The FBI and CISA have posted a joint statement revealing that numerous commercial telecommunications organizations have been breached by a hacking group associated with the Chinese government.

The joint statement posted to the official FBI website states the US government is continuing its investigation into the People's Republic of China (PRC) targeting of commercial telecommunications infrastructure across the US, and that it can confirm the existence of a "broad and significant cyber espionage campaign." More specifically, the joint statement reads that US officials have identified PRC-affiliated actors that have "compromised networks at multiple telecommunications companies" to steal customer call data, information, and other data.

Notably, the group behind these attacks on US infrastructure is reportedly Salt Typhoon, which has gained access to customer call records data along with private communications of individuals within the US government. Furthermore, US officials can also confirm the group gained access to a US wiretap system, which is used by authorities to submit requests for court orders. It was only in September 2024 that Salt Typhoon targeted a selection of US internet service providers in what is believed to be a reconnaissance attack to gather information on potential targets for future heavier attacks.

Microsoft has taken to its security blog to shine a light on the company's recent observations in the cybersecurity space, and according to the Redmond company, a known hacking group is now going after US government officials in a series of highly-targeted spear-phishing email waves.

According to Microsoft, the hacking group is Russian government-backed bad actors Midnight Blizzard, which have been on Microsoft's radar since October 22, 2024. Microsoft Threat Intelligence is quite familiar with Midnight Blizzard, as the hacking group targeted Microsoft servers on January 12, 2024, which ended up becoming compromised and Midnight Blizzard gaining access to federal government email accounts, Microsoft's corporate email accounts, and more.

At the time, Microsoft described these attacks by Midnight Blizzard as a "sustained, significant commitment of the threat actor's resources, coordination, and focus." Now, Microsoft has put out a new warning that Midnight Blizzard is sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other sectors. Microsoft writes this activity is ongoing, and the likely goal of this operation is to collect intelligence.

A cybersecurity researcher has discovered more than 100,000 United Nations-associated documents containing financial reports, audits, bank account information, staff documents, email addresses, and more in a non-password-protected text database.

vpnMentor cybersecurity researcher Jeremiah Fowler has published a new report revealing the discovery of a non-password-protected database that contained 115,000 records associated with the United Nations Trust Fund to End Violence against Women. The trust fund was set up to provide financial and technical support to local, national, and regional organizations working toward reducing gender-based violence. According to the report the database held 115,141 files that amounted to 228GB of data.

According to Fowler, many of the documents in the database were marked as confidential, with the cybersecurity researcher pointing out one .xls file contained a list of "1,611 civil society organizations, including their internal UN application numbers, whether they are eligible for support, the status of their applications, whether they are local or national, and a range of detailed answers regarding the groups' missions."

Federal authorities have charged two brothers with launching cyberattacks at some of the world's biggest technology companies, including streaming services and social platforms.

The US Department of Justice has alleged two brothers are behind the hacktivist group Anonymous Sudan, which launched thousands of powerful distributed denial-of-service (DDoS) attacks at some of the biggest tech companies in the world. Additionally, the group targeted government agencies such as the FBI, Department of Justice (DOJ), Pentagon, and FBI. The charges by the DOJ outline the two Sudanese brothers are also responsible for a series of cyberattacks against Microsoft, OpenAI, Riot Games, PayPal, Steam, Hulu, Netflix, Reddit, GitHub, and Cloudflare.

Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27, were charged with one count of conspiracy to damage protected computers. Ahmed Salah was separately charged with three counts of damaging protected computers and an attempt to "knowingly and recklessly cause death" after launching several cyberattacks at hospitals in retaliation for hospitals being bombed in Gaza. If convicted of all charges, Ahmed Salah will face a maximum sentence of life in federal prison.

The US Department of Justice has charged two brothers who were allegedly behind a series of cyberattacks launched at hospitals across various countries.

Reports indicate the Sudanese brothers are behind the hacktivist group Anonymous Sudan, which the US Department of Justice believes is behind a series of cyberattacks launched at various hospitals around the world. The Department of Justice recently unsealed the charges against the brothers, accusing them of launching more than 35,000 distributed denial-of-service (DDoS) attacks against hundreds of organizations. The targets of these attacks were websites, network systems, services, media companies, airports, and government agencies such as the Pentagon, FBI, and Department of Justice.

The indictment revealed the brothers had their own ideological reasons behind the attacks but were also making their services available for hire. This would include launching cyberattacks against entities on behalf of clients, and according to US prosecutors and the FBI, their victims include Microsoft's Azure cloud services, OpenAI's ChatGPT, video game companies, and even hospitals. The last point is a particular point of interest for the prosecution as the brothers are accused of launching attacks on Cedars-Sinai Health Systems in Los Angeles, which resulted in multiple hours of downtime and patients having to be moved to different hospitals.

A global quarterly analysis conducted by cybersecurity company Surfshark has revealed global data breaches have almost doubled in Q3 2024 compared to Q2 2024.

In an email to us, Surfshark explained that globally leaked accounts have almost doubled in Q3 2024 compared to Q2 2024, as the company's analysis indicated leaked accounts spiked from 215 million to 423 million. These statistics were acquired by Surfshark's global data breach monitoring tool, which also reveals the ten most breached companies in descending order. Those stats can be found below.

Moreover, Emilija Kucinskaite, Senior Researcher at Surfshark, provided a statement to us, saying that leaked account data still remains a "significant issue" and that zooming out on the data and looking at it over 20 years reveals an even more troubling statistic - there have been 68 billion data points exposed since 2004. Of those data points, 18 billion are email addresses, and on average, each leaked email address also comes with three additional leaked data points, such as passwords or phone numbers.

The Internet Archive was hit with a Distributed Denial-of-Service (DDoS) Attack on Wednesday afternoon, resulting in the service being knocked offline on Thursday.

Brewster Kahle, the founder and digital librarian of the Internet Archive, confirmed the platform experienced a major outage due to DDoS attacks, which resulted in the "defacement of our website" and a major breach that exposed 31 million user accounts. The breach exposed the usernames, emails, and bcrypt password hashes of 31,081,179 archive users, with Kahle confirming the news in a new X post that stated the Internet Archive suffered from "defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords."

As for the defacement Kahle referenced, the hacker/s injected this message into the platform, "Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!" HIBP is a reference to the website "Have I Been Pwned," which informs users if their account details have been leaked online due to a data breach. Moreover, HIBP did confirm the Internet Archive data breach, writing that 31 million records from Internet Archive users were stolen.

It was only a year ago that Casio was forced to repel cyberattackers that were probing its digital infrastructure, but now according to the company it has detected a breach.

The company took to its Japanese website to officially announce that it had detected a security breach after conducting an internal investigation. The breach was detected on October 5, 2024, and the investigation found that the unauthorized access had caused a system failure, "resulting in the inability to provide some services." Casio has already reported the breach to authorities and brought in a third-party security firm to investigate the breach and determine if customer data was stolen.

Judging by the hiring of a third-party security firm to look for any stolen files, it appears the breach may have been a ransomware attack. However, Casio hasn't confirmed that any data was stolen. Additionally, no ransomware groups have claimed responsibility for the hack.

UPDATE - "User security and privacy are top priorities for Pixel. You can manage data sharing, app permissions and more during device setup and in your settings. This report lacks crucial context, misinterprets technical details and doesn't fully explain that data transmissions are needed for legitimate services on all mobile devices regardless of the manufacturer, model or OS, such as software updates, on-demand features and personalized experiences," emailed a Google spokesperson

A new report from Cybernews has focussed on the web traffic between Google and its latest flagship smartphone, the Google Pixel 9 Pro XL.

The report states that cybersecurity researchers at Cybernews analyzed the Pixel 9 Pro XL's web traffic and determined that even before any app is installed, the smartphone sends private user data back to Google servers. More specifically, the analysis found "Every 15 minutes, Google Pixel 9 Pro XL sends a data packet to Google" and within this packet of data is private information such as a users email address, phone number, location, network status, and other telemetry data.

Keeping an ear to the ground in the world of scams can really benefit people whose lives are plugged into the digital world, particularly if they are involved in storing/trading digital assets such as cryptocurrency.

The cryptocurrency community is no stranger to scams of various kinds, but now researchers are sounding the alarm on a new type of scam that's been described as a world first. According to a report from investigators at Check Point Researchers (CPR), an app called WalletConnect appeared on the Google Play Store. WalletConnect assumed the identity of the legitimate app with the same name, but did come with some adjustments.

The fraudulent WalletConnect app was marketed to consumers as able to solve many of the problems voiced about the legitimate WalletConnect app. Additionally, the legitimate app wasn't on the Google Play Store, which meant when users when to search for WalletConnect they were presented with the malicious app. More than 10,000 people downloaded the app, and according to CPR approximately 150 wallet addresses were drained of their contents.

The Federal Beureua of Investigations (FBI) has said that it's pursuit of a China-based botnet resulted in Chinese operators of the botnet "burning down" their network once they figured out the FBI was on to them.

The botnet consisted of 260,000 various internet-connected devices that were used to gather intelligence on critical US infrastructure, government operations, academics, and more. Notably, the botnet was operated by the "Integrity Technology Group," who FBI director Christopher Wray said is linked to the People's Republic of China.

More than half of the total devices within the botnet were located in the United States, and following its discovery, the National Security Agency (NSA) and the FBI were called in to intervene. Wray said it was "all hands on deck" and after gaining court authorization, US officials took control of the botnet servers, which prompted a response by the People's Republic of China-linked group.

A branch of Planned Parenthood has confirmed a ransomware group has gained access to it systems and stolen millions of people's sensitive data.

The CEO and president of Planned Parenthood of Montana, Martha Fuller, said in a recent statement to Recorded Future News the attack was internally discovered on August 28. Following the discovery the IT team at Planned Parenthood Montana responded by taking portions of their network offline, presumably as part of the investigation into the attack and to prevent any further known/unknown exploits in its system.

Fuller added that the organization is aware of the ransomware group known as RansomHub, which, upon a quick Google search, you will discover, is quite prolific in the space despite it only first appearing earlier this year. Reports indicate the hackers made off with 93GB of data, but when a spokesperson from Planned Parenthood was asked what the contents of that data were, they declined to comment.

A member of a hacking group is selling the personal Social Security numbers and other sensitive data to ALL Americans, with 2.9 billion records available online... for free.

In a report from BleepingComputer, a hacking forum became active after a user posted on the forum saying they had a massive collection of documents from the data brokerage National Public Data (NPD). NPD, which doesn't disclose how it collects data on its website, reportedly gathers information from publicly available records to create individual profiles that are usually used by private investigators for things like background and criminal record checks.

It's not just US residents that have to worry, but the hack of 2.9 billion files includes private information on citizens living in the United Kingdom and Canada, including personal information from all three of those countries. 2.9 billion files is a LOT of data, we don't need to underline that, but we will.

An Arizona tech school has informed Maine's attorney general in a recently filed report that nearly 209,000 individuals' data was potentially compromised in a hacking incident earlier in the year.

The tech school is East Valley Institute of Technology (EVIT), and according to the filing, the data of the 209,000 individuals is of current and former students, parents, guardians, and faculty. As for what data was leaked, reports indicate the compromised data included personal, health, and financial information.

The Register reports that nearly 50 types of personal information were stolen, such as student ID numbers, date of birth, race/ethnicity, grades, home phone numbers, email addresses, driver's license, health insurance information, medical information, allergy information, medical record number, passport numbers, prescription information and more.

Elon Musk teased an upcoming interview with former US President Donald Trump in X Spaces, and according to Musk the social media platform has been hit with a DDOS attack ahead of the interview going live.

Ahead of the historic interview, Musk said he was performing system scaling tests to ensure that X servers could host all of the expected listeners. The interview is currently live at the time of writing, but it didn't go live until 40 minutes after the scheduled time of 8 pm ET, as the site was showing "not available" even though Musk said X tested its servers for 8 million concurrent listeners earlier in the day.

It was presumed that X went down from the massive traffic spike for the interview, but Musk, less than 10 minutes later, posted that X was experiencing a DDOS (distributed denial-of-service) attack. Musk said the interview would continue but with a "smaller number of concurrent listeners." It appears X was a victim of a targeted DDOS attack to prevent Musk and Trump from having their conversation. At the moment, there are 1.2 million people listening in on the conversation.