There is quiet weeks in the security world, and then weeks like this.
Monday starts with Lapsus extortion gang $—A group of cybercriminals so bizarre and with high-profile goals that some suspect they are Russian state-sponsored hackers — claims that the group has violation of Oktaa company that provides a popular authentication service, just hours after it leaked the source code for Microsoft Bing Search, Bing Maps and Cortana voice assistant. Given that Okta is used by about 14,000 companies, the news sounds “really, really bad,” as one security expert told WIRED. Okta’s clumsy message around the incident only makes matters worse. Ultimately, the company says that hackers accessed the account of an employee at Okta’s third-party Sykes, potentially putting 366 customers at risk. However, as we’ll dive into below, that’s just the beginning of an eventful week for Lapsus$.
Meanwhile, Russia’s tragic war against Ukraine continues to overshadow all else. As the destabilizing devastation continues, we lanyard detail President Biden (and more broadly, the NATO alliance) must step up as Russian President Vladimir Putin grows increasingly isolated and the likelihood of Russia claiming control of Ukraine diminishes. We also looked back The biggest hack took place since the war started at the end of February. The attack, which targeted the terrestrial network of the KA-SAT satellite owned by the US-based company Viasat, damaged modems and disrupted some 27,000 customers across Europe. However, the mystery of who carried out the attack has been solved. (Hint: Russia.)
The unrelenting story of Russian hackers culminated on Thursday when the US Department of Justice unsealed a pair of indictments against alleged Russian government hackers who authorities say have targeted US and international energy companies around the world. An indictment focuses on three hackers allegedly working for the Russian intelligence agency FSB, who were part of a group known by security researchers as Berserk Bear, Dragonfly 2.0 and Havex. While Berserk Bear is accused of attacking targeted nuclear facilities in the US, the group is not known to have caused any physical destruction during its hacking activities. The same cannot be said for the Russian hacker group Xenotime, which security researchers say caused an outage at a Saudi oil refinery in 2017 and according to The second indictment, unsealed Thursday, targeted a US refinery with similarly dangerous intentions.
Stay tuned for the latest on these stories and more in this week’s compilation of security news.
Right after Lapsus $ claimed to have hacked Okta and leaked Microsoft’s source code (which Microsoft then confirmed), Bloomberg reported that Security researchers have identified The gang leader is a teenager from Oxford, UK, who is “adept at hacking – and so fast that researchers initially thought the activity they were observing was automatic.” Almost as quickly as the arrests followed: BBC report hours after a Bloomberg report that the City of London police arrested seven people, aged 16 to 21, in connection with the Lapsus$ operation, in addition to targeting Okta and Microsoft that allegedly hacked Samsung, Nvidia, EA and Ubisoft. The 16-year-old identified by security researchers may or may not be part of the arrest group. Regardless, the police reported released all seven without being charged, and the chaotic energy of the gang so far continue unabated.
The main lingering question surrounding the Viasat satellite attack, which disrupted communications between the Ukrainian military and tens of thousands of civilian and corporate customers across Europe, is who? The answer, as expected, is Russia, according to unnamed US officials who spoke with washington articles. Specifically, the attack is believed to be masterminded by the GRU, Russia’s military intelligence agency. While GRU is the home of SandwormsThe group of hackers responsible for carrying out devastating cyberattacks against Ukraine and unleashing the costly NotPetya cyberattack, it’s unclear if Sandworm hackers were involved in the Viasat hack.
The White House on Monday alert American companies are “developing intelligence that Russia may be exploring options for potential cyberattacks” in retaliation for US sanctions against Russia in the war against Ukraine. The White House offered few details but hinted at confidential meetings about potential targets and called on companies to implement stronger security safeguards. With the Biden administration’s tactic of liberate intelligence Before Russia’s invasion of Ukraine last month proved correct, many assumed an attack could be imminent. As the week passed, more details emerged: CNN report that the FBI had warned five US energy companies that Russian hackers had scanned their networks – an initial step often used to identify potential attack routes. And the US Infrastructure and Cybersecurity Agency organized a call with more than 13,000 industry “stakeholders” to answer their questions and further encourage stronger security across enterprise networks.
Russia is not the only country with busy hackers. This week’s Google Threat Analysis Team disclosure that North Korean hackers successfully exploited a zero-day vulnerability in the Chrome web browser about a month before the company released the patch. One campaign, dubbed Operation Dream Work by TAG researchers, targeted around 250 people in the media and tech sectors with fake recruitment emails that included a link, when prompted click, will start the miner. Another campaign, Operation AppleJeus, specifically targets 85 people in the crypto and fintech sectors using the same set of miners that were deployed in the Dream Job Campaign. While North Korean hackers have used similar tactics Previously, revelation served as a reminder keep your apps up to date.
Stories with WIRED are more amazing
