Plus: A major hit on the FBI botnet, new Sandworm malware, cyberattacks on two major scientific telescopes, and more.
A months-long investigation published this week by Wired sheds light on the inner workings of the Trickbot ransomware gang, which targets hospitals, businesses and government agencies around the world.
The investigation stems from mysterious leaks posted last year on X (formerly Twitter) by an anonymous account called Trickleaks. The file library contains files on 35 suspected Trickbot members, including names, dates of birth, etc. It also lists thousands of IP addresses, cryptocurrency wallets, email addresses, and Trickbot chat logs. Armed with this information, we enlisted the help of multiple cybersecurity and Russian cybercrime experts to paint a vivid picture of Trickbot’s organizational structure and confirm the true identity of one of its key members.
Over the weekend, someone (more on that later) managed to disrupt more than 20 trains in Poland. The incidents were initially described as “cyberattacks,” but were actually something much simpler: radio hacks. The attack used equipment costing as little as $30 to bring the train to an emergency stop by exploiting the train’s unencrypted radio system.
On the dark web, cybercriminals are making money in an unexpected way: writing contests. The competition, with a total prize of up to $80,000, invites hacker forum members to write the best papers, many of which explain how to conduct cyber attacks and scams.
In December, Apple officially terminated its controversial Photo Scanning Tool (CSAM), which was used to detect child sexual abuse material, on iCloud, a month after it launched in August 2021 due to criticism from cybersecurity experts. , civil liberties advocates, and the tool was pulled from its launch. and others that the tool would violate users’ security and privacy. But the problem is far from solved. This week, a new child safety group called the Heat Initiative asked Apple to restore the tool. Apple responded with a letter, which it shared with WIRED, detailing for the first time the full reasons for discontinuing the tool. The launch of the Heat Initiative comes amid international pressure to weaken encryption for law enforcement purposes.
Elsewhere, we’ve detailed the big security patches you need to install to keep your device safe (for you, Google Chrome and Android users). We dive into the super-nerdy world of code-breaking competitions, where contestants compete to decipher the codes of German submarines from World War II. One team has a secret weapon.
But that’s not all. Each week, we round up security and privacy news that we don’t cover in depth ourselves. Click on a title to read the full text. And stay safe outside.
Two Polish men (not Russian hackers) arrested for radio hacking disrupting trains
When more than 20 trains in Poland were forced to stop running due to a so-called “cyber attack” last weekend, all eyes turned to Russia. After all, Poland’s railways are critical infrastructure supporting the war in Ukraine. But as we reported a day later, the outage was not caused by any sophisticated network intrusion, but by a simple radio hack that sent Polish trains through an unencrypted and unauthenticated system issued the “radio stop” command. “The frequency is known. The tone is known. These devices are cheap,” Polish-language cybersecurity researcher Lukasz Olejnik told Wired. “Everyone can do it. Even teenagers are getting into pranks.”
Well, not teenagers to be exact, but people in their twenties. This week, Polish police arrested a 24-year-old man and a 29-year-old man, both Polish citizens, for allegedly hacking radio trains. One of the two men lives in the city of Bialystok, near the Belarusian border, and is a policeman. According to Polish radio station RMF, ham radio equipment was found in one of their apartments, where the young man was found (reportedly in a state of intoxication).
The two men’s motives for sabotaging the train are still far from clear, especially considering they also played the Russian national anthem and clips of Russian President Vladimir Putin’s speeches between the “radio stop” orders. It is too early to rule out the possibility of Russian government involvement. But it’s also very possible that the hack was an extremely ill-advised political statement or hoax.
FBI Takes Down Qakbot Ransomware Botnet and Seizes Its Profits
The FBI and the US Department of Justice announced this week that they have shut down a major cybercrime network, the Qakbot botnet, which has infected more than 700,000 computers worldwide, including 200,000 in the United States. Qakbot’s operators used the network to provide initial access to ransomware operators, who received $58 million in payments in 40 ransomware attacks in the past 18 months alone, the Justice Department said. The FBI managed to redirect Qakbot’s control to the bureau’s own command and control server, which it then used to install software on victims’ computers that would remove Qakbot’s code. The FBI also successfully accessed the Qakbot operator’s cryptocurrency wallet and seized $8.6 million. For the FBI, Operation Qakbot was the largest cybercriminal botnet seizure in years, though the company has recently conducted similar botnet hijacks targeting malware used by state-backed Russian groups like Sandworm and Turla.
U.S. and U.K. warn Russia’s Sandworm of trying to infiltrate Ukrainian military Android tablets
Russian military intelligence hacker “Sandworm” has carried out some of the most reckless and destructive cyberattacks against civilian critical infrastructure, from Ukraine’s power grid to the 2018 Winter Olympics. Now, the U.S. government and the English-speaking alliance of intelligence agencies known as the Five Eyes are warning that Sandworm has shifted its focus to a more traditional target: Ukrainian military equipment. The Cybersecurity and Infrastructure Security Agency, the National Security Agency, the FBI, the UK’s National Cyber Security Center and other agencies jointly issued an alert this week warning that Sandworm was trying to infiltrate the Ukrainian military, echoing earlier statements by Ukraine’s security services . network. To do this, hackers installed a piece of malware rhR, which the agencies dubbed Inknown Chisel, on Android tablets used in the war. The malware is designed to steal photos, text files and other data on tablets via the Tor anonymity network, and IT departments may be relying on the lack of malware detection in the Android operating system to avoid detection.
Two of the world’s most advanced telescopes shut down due to cybersecurity breach
In early August, a mysterious hack targeting the National Science Foundation’s National Optical and Infrared Astronomy Research Laboratory shut down for weeks two major scientific telescopes: the Gemini North Telescope in Hawaii and the Gemini South Telescope in Chile. NSF has said little about the nature or origin of the breaches that led to these shutdowns. But just a few days ago, the US National Counterintelligence and Security Center issued a bulletin warning of the threat posed by foreign hackers and spies targeting US astronomy and space operations. “They view U.S. space-related innovations and assets as potential threats and valuable opportunities to acquire critical technology and expertise,” the announcement reads.
Chinese Spy Releases Fake Signal and Telegram Encrypted Messenger App
What would you do if your espionage target was using a messaging app whose encryption you couldn’t break? Trick them into using a similar deceptive app that intercepts all of their messages before encrypting and sending them. That’s what spies, apparently of Chinese descent, managed to put fake versions of the Signal and Telegram encrypted messaging apps into the Google Play store. These spy apps are designed to intercept all users’ messages before they are encrypted and sent (invisibly interacting with the real Signal and Telegram networks), and to read all decrypted messages received on the phone. Cybersecurity firm ESET, which discovered the fake apps, noted that the Signal app’s code had similarities to previous malware used to target individuals from China’s Uyghur minority, suggesting they may also have been targeted in this operation. Google removed these fake apps from its Play Store. But Samsung also hosts these spy apps on its App Store and has yet to remove them despite months of warnings.
Categories: Security
Source: thptvinhthang.edu.vn
