Attack on NATO portal, malware in blockchain games and other cybersecurity events

We have gathered the week’s most important cybersecurity news.

Founder of Group-IB sentenced to 14 years in prison

On 26 July, Ilya Sachkov, founder of Group-IB, the company specialising in preventing cyberattacks, was sentenced to 14 years in a high-security prison for treason. This was reported by BBC.

The case was heard in camera, so it is unclear what exactly is charged. He did not admit his guilt.

According to some sources, Sachkov about the Russian hackers Fancy Bear involved in attacks before the 2016 presidential election. This allegedly helped the United States identify 12 “GRU agents” involved in the attacks.

The entrepreneur arrested in September 2021. Previously he was among cybercrime experts in committees at the State Duma, МИД of the Russian Federation, the Council of Europe and ОБСЕ.

Sachkov’s defence intends to appeal the verdict and approach the president of the Russian Federation.

SiegedSec hackers claim breach of NATO portal

The hacker group SiegedSec said in its Telegram channel that it breached the COI — a non-classified information-sharing environment for NATO organisations and alliance member states. The incident drew the attention of experts CloudSEK.

According to their data, the total volume of files purportedly leaked amounts to 845 MB. They contain about 8,000 lines of confidential user information, non-secret documents, and access credentials.

The files include:

• full names;
• the company or division name;
• information about the workgroup;
• position;
• corporate email ID;
• residential address;
• photos.

CloudSEK noted that the leak could affect 31 countries.

Representatives of the alliance are investigating the incident. The hackers themselves said the breach was a “retaliatory strike against NATO countries for their attacks on human rights.”

Malware that steals cryptocurrency embedded in blockchain games

SentinelOne researchers detected Realst malware in fake blockchain games, designed to steal cryptocurrency from macOS users.

In addition, the Rust-based malware can take screenshots, steal saved passwords from browsers, and exfiltrate information from the Telegram messenger.

The attackers promote counterfeit games on social networks and invite users to test them as part of paid collaborations. Each has its own site, as well as accounts on X (formerly Twitter) and Discord. In total, researchers identified 16 variants and 59 Realst samples.

Hackers send access codes for downloading fake game clients via direct messages, helping to avoid attention from information-security researchers.

BreachForums database put up for sale

A user under the nickname breached_db_person is offering on the dark web the BreachForums database of the recently shuttered hacker forum BreachForums for $100,000–150,000. This is reported by Bleeping Computer, citing the Have I Been Pwned data breach aggregator.

A 2 GB dump dated November 29, 2022 contains 212,000 records, including usernames, IP- and email addresses, as well as private messages, hashed passwords and payment transaction information.

The forum’s current administrator under the nickname Baphomet confirmed the authenticity of the leak, calling it part of a “continuing campaign to destroy the community.”

U.S. law enforcement closed BreachForums in March 2023. Its founder and administrator Conor Bryan Fitzpatrick, known by the nickname Pompompurin, arrested. In late June the FBI gained control over the forum’s backup domain on the clear web.

Russian telecom regulators barred from providing communications services without installing TSPU

On 26 July the State Duma, in final reading, adopted a law requiring owners or other holders of traffic exchange points to install technical threat countermeasures (TSPU).

Non-compliance with the new rules would lead to the revocation of the telecom operator’s licence.

In addition, passing traffic around TSPU without authorization risks fines from 1 million to 5 million roubles for providers, and 1.5 million roubles for the company leadership.

Experts describe crypto laundering schemes through online gambling

Online gambling platforms are used by criminal syndicates to launder stolen or fraudulently obtained cryptocurrencies. This is stated in a report by analytics firm Bitrace.

According to their data, in 2022 more than $7.6 billion in USDT linked to online gambling was moved to hot wallets.

A significant portion of these funds originated from addresses involved in fraud and phishing.

Of 20 other wallets selected for analysis, more than 40% of the total earnings of payment services had links to money laundering and illicit activity.

Analysts attribute this trend to the lack of proper Know Your Customer / anti-money laundering (KYC/AML) mechanisms in crypto-processing services that enable settlements with online gaming platforms.

Also on ForkLog:

• Experts warned of the risk of cryptocurrency losses when trading through Telegram bots.
• The French regulator doubted the legality of Worldcoin’s biometric collection.
• SlowMist uncovered a new type of attacks on Bitcoin exchanges.
• Blockchain firms will be required to inform the SEC about breaches.
• Spanish crypto billionaire was found dismembered in Argentina.
• The US prosecutors urged to keep Sam Bankman-Fried in custody, while his lawyers urged to limit witnesses’ extrajudicial statements.
• A user lost bitcoins due to a key generator.
• Lazarus Group suspected of hacking CoinsPaid for $37 million.
• Australia fined Meta $14 million for covert collection of personal data.
• Study: the number of cryptojacking attacks tripled.
• South Korea formed a task force to combat crypto crime.
• USDT recognised as property in the Bybit case.
• A US family organised a pyramid scheme “Blessing through Cryptocurrency.”
• DeFi protocol EraLend was hacked for $3.4 million.
• Azimut Group refused to pay ransomware BlackCat.
• Losses from the Alphapo breach were estimated at $60 million.
• Kazakhstan uncovered a scheme to buy cryptocurrency with counterfeit dollars.
• App Store found malware to bypass 2FA and steal cryptocurrency.
• Arkham users announced a bounty for discovering Do Kwon’s wallets.
• A court sentenced an American woman who paid for her husband’s murder with Bitcoin.
• Unknown actors posing as the FBI stole cryptocurrency from couples in New York.
• Delio warned of a potential closure after asset seizures.
• Attackers stole more than $23 million in cryptocurrencies from Alphapo.
• The U.S. Department of Justice will widen investigations into cryptocurrencies.
• TRM Labs confirmed the use of cryptocurrency by ISIS supporters.
• Defendants in the Bitfinex bitcoin laundering case pleaded guilty.

What to read this weekend?

In a special feature, we explain how crypto-scam channels operate in Telegram.