Plus: Apple patches newly discovered vulnerabilities in NSO Group spyware, North Korean hackers targeting security researchers, and more.

Last week, Wired published an in-depth investigation into the Russian ransomware gang Trickbot. This week, US and UK authorities sanctioned 11 suspected members of Trickbot and its associated organization Conti, including Maksim Galochkin (aka Bentley), whose true identity we confirmed through our investigation. coincide? perhaps. Either way, this is a big deal.

In addition to the U.S. and U.K. sanctions, the U.S. Department of Justice filed an indictment in three U.S. federal courts against Galochkin and eight other alleged Trickbot members, charging them with running ransomware against entities in Ohio, Tennessee and California. attack. However, since everyone charged is a Russian national, it is unlikely that they will be arrested or face trial.

While Russian cybercriminals generally enjoy immunity, the same may not be true for the country’s military hackers. The International Criminal Court (ICC) will begin bringing charges for cyber war crimes, its chief prosecutor said. Prosecutor Karim Khan did not name Russia, but the move comes after the Human Rights Center at the University of California, Berkeley School of Law formally petitioned the International Criminal Court to prosecute the Russian Sandworm hackers for war crimes. As part of Russia’s GRU military intelligence agency, Sandworm was responsible for causing the blackout in Ukraine, the only known cyberattack to shut down the power grid. Sandworm also released NotPetya malware targeting Ukraine, which eventually spread globally and caused an unprecedented $10 billion in losses worldwide.

Russia is far from the only country pursuing an offensive cyberwarfare strategy. China-backed hackers have repeatedly targeted the United States and other countries, and they could use some help finding unpatched vulnerabilities. A law passed by China in 2022 requires any cyber technology company operating in the country to share details of vulnerabilities in its products with the Chinese government within two days of discovering them. Information about these vulnerabilities may be shared with hackers in China. It’s unclear how many Western companies complied with the law or provided enough information to allow Chinese hackers to exploit flaws in their products.

Also Read:  Apple's Decision to Kill Its CSAM Photo-Scanning Tool Sparks Fresh Controversy

Speaking of Chinese hackers, Microsoft this week finally explained how Chinese government-backed hackers stole keys that allowed attackers to successfully access the Outlook email accounts of at least 25 organizations, including U.S. government agencies. According to Microsoft, hackers used token-stealing malware to break into the accounts of company engineers. They then used that account to access a cache of crash data, which accidentally contained signing keys that they subsequently stole and used to conduct Outlook hacks. None of this is possible, and Microsoft says it has corrected several flaws in the system that allowed the attack to occur.

Before Yevgeny Prigozhin died in a mysterious plane crash last month following a failed coup against Russian President Vladimir Putin, he was not only He is the leader of the Wagner Group mercenaries. He was also the head of the notorious Internet Research Agency (IRA), a Russian agency responsible for a wide range of disinformation campaigns. The IRA has reportedly been shut down, but new research suggests pro-Prigozhin trolls are continuing to push his agenda. A number of accounts spreading false information on X (formerly Twitter) have been banned. But since when did that stop them?

Elsewhere, we explain how to conduct on-the-fly injection attacks on generative AI chatbots like ChatGPT by exploiting hard-to-fix flaws. We detail how difficult it is to choose not to allow Facebook to use your data to train its artificial intelligence. We’ve provided an overview of Proton Sentinel, a suite of tools similar to Google’s products but with a strong emphasis on privacy and security. We also co-published a story with The Markup about Axon’s quest to build Taser-equipped drones. We also have inside information on a meeting between top US espionage and civil liberties groups regarding Section 702 of the Foreign Surveillance Intelligence Act, which is set to expire at the end of this year.

But that’s not all. Each week, we round up security and privacy news that we don’t cover in depth ourselves. Click on the title to read the full article. And stay safe out there.

Also Read:

Your new car is a privacy nightmare

A new report from the Mozilla Foundation finds that car companies are collecting and selling incredibly detailed personal data from drivers who can’t truly opt out. Researchers spent hundreds of hours studying 25 privacy policies from major car brands and found that none met the foundation’s minimum standards for privacy and security.

According to the report, modern cars have sensors on their roofs that collect more information about you than any other product in your life. They know where you go, what you say and how you move your body. For example, Nissan’s privacy policy allows the company to collect and share drivers’ sexual activity, health diagnostic data and genetic information, the report said.

84% of the brands studied by the researchers share or sell such personal data, and only two of them allow drivers to delete their data. While it’s unclear exactly who these companies are sharing or selling data to, the report points out that there is a huge market for driver data. An automotive data broker named High Mobility mentioned in the report has partnerships with nine car brands studied by Mozilla. It promotes various data products on its website, including precise location data.

This is not only a privacy nightmare, but also a security nightmare. Volkswagen, Toyota and Mercedes-Benz have all recently suffered data breaches or breaches, affecting millions of customers. According to Mozilla, cars are the worst privacy product category they’ve reviewed.

Update your iPhone: Apple fixes no-click zero-day vulnerability

Apple just released an iOS security update after Citizen Lab researchers discovered a zero-click vulnerability used to spread the Pegasus spyware. Citizen Lab, part of the University of Toronto, calls the newly discovered exploit chain Blastpass. Researchers say it is capable of attacking iPhones running the latest version of iOS (16.6) without the target even touching the device. According to the researchers, Blastpass was sent to the victim’s phone via iMessage and included an Apple Wallet attachment containing a malicious image.

The Pegasus spyware, developed by NSO Group, enables attackers to read a target’s text messages, view their photos and listen to phone calls. It has been used to track journalists, political dissidents and human rights activists around the world.

Also Read:

Apple says customers should update their phones to the newly released iOS 16.6.1. The vulnerability can also attack certain models of iPad. You can view details of the affected models here. Citizen Lab urges at-risk users to enable lockdown mode.

North Korean hackers target security researchers again

North Korea-backed hackers are targeting cybersecurity researchers in a new campaign exploiting at least one zero-day vulnerability, Google’s Threat Analysis Group (TAG) warned in a report released Thursday. The organization did not provide details about the vulnerability, which is currently unpatched. However, the company says it is part of a popular software package used by security researchers.

According to TAG, the current attack is similar to a January 2021 campaign that also targeted security researchers working on vulnerability research and development. As with previous campaigns, North Korean threat actors sent malicious files to researchers after spending weeks building relationships with targets. According to the report, the malicious file will perform “a series of anti-VM checks” and send the collected information back to the attacker, along with screenshots.

Georgia district attorney in Trump RICO case doxed

To protect future jurors from harassment, District Attorney Fani Willis asked the judge in Donald Trump’s racketeering trial to prevent people from taking or distributing any kind of images or Information about their identity. A motion filed Wednesday in Fulton County Superior Court shows that immediately after the indictment was filed, anonymous individuals on a “conspiracy theory website” shared the full names, ages and addresses of 23 grand jurors for the purpose of “harassing and harassing “. Intimidate them. “

Willis also revealed that she fell victim to doxxing when her and her family’s personal information, including their physical addresses and “GPS coordinates,” were posted on an unnamed website hosted by a Russian company. Willis, who is black, has previously revealed she faced racism and violent threats after announcing an investigation into the former president.

Categories: Security