Lazarus moves 1,580 BTC for alleged cash-out, Tesla insider leak and other cybersecurity events

We have gathered the most important cybersecurity news of the week.

North Korean Lazarus hackers moved 1,580 BTC for alleged cash-out

FBI agents tracked the movement of ~1,580 BTC worth over $40 million, stolen in Lazarus’s earlier attacks.

The funds were moved to six cryptocurrency wallets.

Law enforcement believes the hackers are preparing to cash out the assets.

The FBI has urged cryptocurrency companies to monitor further movements of the bitcoins and block transactions.

In Denmark, hosting provider lost customer data due to ransomware

On 18 August, the services AzeroCloud and CloudNordic, belonging to a Danish hosting provider, were hit by ransomware, resulting in the loss of most client data. The companies took down their own and customers’ sites, as well as emails.

The incident occurred during a data-centre migration as servers were connected to a broader network. Attackers encrypted all data storages and backup systems.

To date, IT teams have recovered only some affected servers, but the data on them was lost.

Representatives said they would not pay the ransom. An initial internal investigation found no signs of a leak.

Customers of the affected hosts were advised to restore sites and services themselves from local backups or Wayback Machine archives. They were also advised to switch to other hosting providers, such as Powernet and Nordicway.

According to local media, the attacks affected several hundred Danish companies, which lost cloud-hosted websites, mailboxes and documents.

Ransomware group BlackCat breached Seiko

The BlackCat hacking group claimed responsibility for the breach of the Japanese watchmaker Seiko, which occurred on July 28.

On August 10, the company confirmed that unauthorized individuals gained access to part of its IT infrastructure and stole data.

Now the attackers’ site contains a post with samples of information allegedly obtained in the breach.

In particular, the leak includes confidential technical schematics and designs of the watches, production plans, scans of employees’ passports, and the results of laboratory tests.

Seiko is investigating the incident.

Tesla blames insiders for leaking data of 75,000 employees

Tesla, after publication in the German outlet Handelsblatt, announced the data breach affecting more than 75,000 current and former employees.

The internal investigation showed that “two former Tesla employees unlawfully accessed information from the company’s systems and then handed it to the press.” Specifically, this concerns names, addresses, phone numbers and Social Security numbers of the affected individuals.

A copy of the letter was sent to the Maine Attorney General’s Office. Tesla, through a court, seized electronic devices belonging to those responsible for the leak, on which the corporate information presumably resides.

The company also secured an order prohibiting the former employees from further use, access or dissemination of the data under threat of criminal penalties.

Personal data of 2.6 million DuoLingo users reappeared on the dark web

Information on 2.6 million DuoLingo users was posted on the now-closed BreachForums hacker forum. The VX-underground community drew attention to this.

The dump contains usernames, emails, and a list of studied languages.

According to researchers, a similar data set appeared previously on BreachForums in January. But while back then the seller asked for $1,500, this time it was valued at only 8 credits (~$2.13).

Earlier, in a statement to the media, DuoLingo representatives said that the information was collected from user profiles using scraping.

Interpol-led operation disrupts over 20,674 cybercrime networks in Africa

In 25 African countries, an international operation led by Interpol concluded, disrupting more than 20,674 cybercrime networks.

They were involved in extortion, phishing, BEC-attacks, and fraud. The total damage from their activities exceeded $40 million.

Authorities arrested 14 suspects. In particular, three detainees in Cameroon are believed to be involved in art-fraud sales totaling $850,000.

Alongside this, authorities identified and blocked hundreds of IP addresses hosting malware.

Listening chip found in South Korea’s meteorological equipment

The National Intelligence Service of South Korea has discovered a spying chip with malware in weather-monitoring devices used by the meteorological agency. Local media report.

According to available data, the device was developed in China. It can exfiltrate device data and eavesdrop on surrounding radio frequencies.

The incident occurred four months ago, but details only surfaced now.

South Korea’s intelligence services have begun an investigation, planning to inspect more than 10,000 units of equipment from China used by government agencies.

Telegram fraud on the rise: account thefts masquerading as voting

Since the beginning of 2023, F.A.C.C.T. researchers have identified more than 2,000 phishing sites to steal Telegram and WhatsApp accounts.

Fraudsters send victims private messages requesting support for the sender’s goddaughter or niece in children’s art contests. The attached link leads to a phishing resource with a Telegram login form, through which attackers steal credentials.

Victims may also be invited to register on sites offering premium accounts in the messaging app, various bonuses, or extra likes on social networks.

In addition to users in Russia, scammers are targeting accounts of people in Italy, Armenia, Azerbaijan, Uzbekistan, and Malaysia.

Also on ForkLog:

• The Magnate Finance team disappeared with assets of about $6.4 million.
• A former FSB employee confessed to stealing 68 BTC from a hacker.
• FTX warned of a data breach of user data.
• The U.S. Drug Enforcement Administration accidentally sent 55,000 USDT to a scammer.
• The co-founder of Tornado Cash, arrested by the FBI, was released on bail. Lawyers pointed to inconsistencies in the crypto mixer case.
• PEPE fell 20% amid suspicions of a scam.
• Israeli businessman was charged with a crypto scam worth $290 million.
• Balancer co-founder’s top executive lost cryptocurrency worth $6.3 million due to SIM swap.
• Balancer team urged users to withdraw funds from pools.
• Bitcoin developers called the fraudulent suit ‘pseudo-Satoshi’.
• Users warned about WinRAR vulnerabilities.
• The Terra project site was hacked to steal seed phrases. After this, developers released an internal-wallet update.
• Friend.tech data of 100,000 users was leaked on X.
• The attacker attacked Harbor Protocol’s storage.

What to read this weekend?

In a special feature, we examine the most popular attack vectors targeting the decentralized finance sector.