Earlier this week, The Ukrainian Computer Emergency Response Team and the Slovakian Cybersecurity Company ESET warn that the notorious Russian GRU Sandworm hacker targeted high voltage substations in Ukraine uses a variant of the blackout Industroyer malware, also known as Crash Override. A few days later, the US Department of Energy, the Cybersecurity and Infrastructure Agency, the NSA, and the FBI joined forces. give advice on new industrial control system hacking toolkit of unknown origin, known as Pipedream, is unlikely to be deployed against targets but should be proactively prevented by operators of industrial systems.
Russia’s war with Ukraine has resulted in massive data leaks in which spies, hackers, criminals and regular people seek to aid Ukraine. capture and make publicly available a large amount of information about the Russian military, government and other Russian organizations. And apart from the conflict, WIRED considered the real impact of the source code leak in the big picture of cyber breaches.
Plus, DuckDuckGo finally released a version of the privacy browser for desktopand WhatsApp is expanding to offer a Slack-like group chat organization called Community.
And so much more! We’ve rounded up all the news that we didn’t publish or cover in depth this week. Click on the title to read the full story. And it’s safe out there.
Blockchain analysis researchers from Elliptical and Chainalysis said on Thursday that it had traced large amounts of cryptocurrency stolen last month from the Ronin network bridge for North Korean hacking group Lazarus. The US Department of Treasury also announced extended sanctions against North Korea, Lazarus and its affiliates. The attackers stole large amounts of Ethereum currency ether and several USDC stablecoins totaling $540 million at the time. (The value of the stolen funds has since grown to more than $600 million.) Lazarus hacker turned cybercriminal rage for many yearsbreaching companies, staging scams, and generally profiting to move money into the Hermit Kingdom.
NSO Group, the developer of the powerful and widely used Pegasus spyware in Israel, has been declared “worthless” in a filing filed in a British court this week. The review, described as “very clear,” comes from third-party consulting firm Berkeley Research Group, which manages the NSO-owned fund. As a large number of autocrats and authoritarian governments have purchased NSO tools to target activists, dissidents, journalists and other at-risk people, producers Spyware has been reported and to sue (many times) by tech giants in an attempt to limit its reach. Targeted surveillance is big business and the nexus where espionage and human rights issues converge. Reuters report this week, for example, last year senior EU officials were targeted with unidentified Israeli-made spyware.
T-Mobile confirmed it was violated last year (because the feels like a millionth time) after hackers put the personal data of 30 million customers up for sale for 6 bitcoins, or about $270,000 at the time. However, recent unsealed court documents show that the telco hired a third-party company as part of its response, and that the company paid the attackers about $200,000 to get exclusive access to the trove in hopes of averting the crisis. Paying hackers through third parties is a known but controversial tactic to deal with ransomware attacks and digital extortion. One of the reasons it’s been deprecated is that it often fails, as is the case with T-Mobile data, which attackers keep selling.
In one report This week, researchers from Cisco Talos reported that a new type of information-stealing malware called “ZingoStealer” is spreading rapidly on the Telegram app. A cybercriminal group called Haskers Ganghe is distributing the malware for free to other criminals or anyone who wants it, researchers say. The group, possibly based in Eastern Europe, regularly shares updates and tools on Telegram and Discord with the cybercriminal “community”.
Stories with WIRED are more amazing
