Telegram enters Roskomnadzor’s registry of social networks, fake ‘Diia’ app and other cybersecurity events

We have compiled the week’s most important cybersecurity news.

Roskomnadzor added Telegram and LiveJournal to the registry of social networks

Roskomnadzor added Telegram and LiveJournal (“LiveJournal”) to the registry of social networks. The services were added because their daily audience exceeds 500,000 Russian users.

The registry already includes Facebook, Twitter, Instagram, TikTok, Likee, YouTube, VKontakte and Odnoklassniki.

As a reminder, on 1 February Russia enacted a law obliging social networks to identify and block illegal content.

Avast releases free decryptors for compromised AtomSilo, Babuk and LockFile files

Avast researchers published free tools to recover files encrypted by AtomSilo, Babuk and LockFile ransomware.

A common tool works for AtomSilo and LockFile, as the malware is similar.

Earlier in June, a Babuk ransomware builder template got into the public domain.

Creator of the fake ‘Diia’ app found and offered a job at Ukraine’s Ministry of Digital Transformation

In Ukraine, a copy of the ‘Diia’ app—a service with digital documents and a portal for public services—was created. It stores data on passports, driving licences, vaccination certificates and other documents.

According to the head of the Ministry of Digital Transformation, Mikhail Fedorov, through a fake Android ‘Diia’ app one could edit vaccination data, age and other information. The counterfeit was sold for 100 hryvnias (less than $4).

The hacker was quickly found. He turned out to be a 21-year-old resident of the Zaporizhzhia region. An open criminal case has been opened, and the suspect faces up to six years in prison.

However, he was given an opportunity to rehabilitate himself. As Fedorov said, the hacker was offered to work on a couple of socially significant projects at the Ministry of Digital Transformation before the trial.

Moscow authorities want to track residents via smartphone geolocation

The Moscow mayor’s office plans to collect information on residents’ location and movements via data from mobile operators, according to a tender on the state procurement portal. More than 405 million rubles are to be allocated for this.

The reports will contain data on population changes, density and movement dynamics. As reported by the Kommersant, anonymised geospatial analytics will allow verification of existing city data. The contract requires mandatory cooperation with all members of the ‘Big Four’ operators, the department notes.

Facebook sues Ukrainian national suspected of selling data on 178 million users

Facebook filed a lawsuit against Ukrainian citizen Alexander Solonchenko. It is alleged that he collected data on 178 million Facebook users through scraping and then sold it on a hacker forum.

Facebook seeks to bar the suspect from using its products and from selling the data he collected. The company also aims to recover damages, though the amount is not yet disclosed.

Hackers breached the UA-Parser-JS library and inserted malware for covert mining and password theft

The attackers compromised the UA-Parser-JS library and infected it with hidden miners and password-stealers.

UA-Parser-JS is used to analyse and obtain information about the user’s browser, system and device from User-Agent strings. As Bleeping Computer reports, the library is highly popular and is used in more than a thousand projects, including Facebook, Microsoft, Amazon, Instagram, Google, Slack, Mozilla, Discord, Reddit and many others.

Microsoft: Russia-linked Nobelium hacking group conducted more than 22,800 attacks

Microsoft researchers say that from July to October 2021 Nobelium conducted 22,868 attacks against IT industry targets.

According to the company, the attackers target intermediaries and other technology-service providers that configure and manage cloud services and other technologies on behalf of their clients. At least 14 organisations have already been compromised.

As Microsoft are convinced that Nobelium was also behind the SolarWinds breach.

Also on ForkLog:

• During Q3 2021, hackers stole more than $1 billion in cryptocurrency from blockchain projects.
• Came into action as DarkSide ransom bitcoins totaling $6.8 million.
• In Ukraine found suspects in selling USB drives with a virus to break into Bitcoin wallets, and launder funds for hackers.
• Mail services faced DDoS attacks. Hackers demanded a ransom in bitcoin.
• Law enforcement seized millions of euros in cryptocurrency during operations against darknet traders.
• Yearn.finance developers discovered a vulnerability in the DeFi project Robo Vault.
• Cream Finance DeFi protocol again was hacked.
• The US accused of creating the Trickbot botnet six Russians and one Ukrainian.

What to read this weekend?

Ransomware operators’ activity has risen sharply in recent years. They are now discussed at summits and in government agencies, as authorities have sharpened focus on the cryptocurrency hackers demand as ransom.

We analyse ransomware activity and its consequences for the crypto industry.

Read ForkLog’s bitcoin news on our Telegram — cryptocurrency news, prices and analysis.