We have gathered the week’s most important cybersecurity news.
- Kazakhstan approved the extradition of the head of F.A.C.C.T.’s department to the Russian Federation.
- Researchers automated malicious prompts for AI chatbots.
- The number of phishing attacks using Google AMP has risen.
- A counterfeit Android app was implicated in stealing data from messaging apps.
Kazakhstan approves extradition of head of F.A.C.C.T. department to Russia
Kazakhstan authorities refused the United States’ extradition request for Nikita Kislytsin, head of F.A.C.C.T.’s solutions development department for countering sophisticated cyberattacks (formerly Group-IB), and granted consent to a similar request from Russia. The report is from TASS.
Representatives of the Russian Consulate General in Almaty added that Kislytsin “intends to return to his homeland” and is not considering seeking asylum in Kazakhstan.
In the United States the Russian is accused of involvement in a conspiracy to sell credentials stolen from the Formspring forum in 2012.
Russia sanctioned Kislytsin’s arrest in a case of unlawful access to protected computer information.
His was detained in Kazakhstan at the end of June at the request of the American authorities.
Researchers automated malicious prompts for AI chatbots
A group of researchers developed a method to bypass safeguards in ChatGPT, Bard and Claude, forcing AI to execute malicious prompts, including automated ones.
The essence of the attack lies in adding special sequences of seemingly unrelated words and symbols. Yet they interact with the so-called loss function, intended to optimise the machine-learning algorithm.
Thus, the researchers managed to induce AI to generate prohibited content, including bomb-making, digital identity theft, and theft of charitable funds.
The report notes that the ability to automatically generate phrases for such attacks could render many defensive and debugging mechanisms virtually useless.
Phishing attacks using Google AMP on the rise
Cofense researchers documented phishing operators leveraging Google Accelerated Mobile Pages (AMP) to bypass email protections.
This HTML framework speeds up content loading on mobile devices. And since pages served via it are hosted on Google servers, even phishing URLs can appear to originate from legitimate sites.
Hacking groups also use Cloudflare’s CAPTCHA to thwart automated analysis by bots, effectively preventing crawlers from reaching phishing pages.
Fake Android app implicated in stealing data from messaging apps
Hackers are using a counterfeit Android app named SafeChat to infect devices with spyware, according to CYFIRMA researchers.
The campaign targets users in South Asia.
After installation, SafeChat requests permission to use accessibility services. This gives it access to the victim’s contacts, SMS, call logs, external device storage and precise location data.
The malware is capable of stealing information from Telegram, Signal, WhatsApp, Viber and Facebook Messenger.
According to CYFIRMA, the Bahamut group is involved in creating the software, acting in India\’s interests.
White Snake stealer attacked Russian companies posing as Roskomnadzor emails
In the dark web, the White Snake stealer spread, aimed at Russian organisations. BI.ZONE researchers note this.
Hackers offer to rent the malware for $140 per month or buy unlimited access for $1950, with payments in cryptocurrency accepted.
After payment, the client receives a builder for creating stealer instances with various configuration options and access to a control panel for compromised devices.
As part of the observed campaign, victims were sent phishing emails posing as Roskomnadzor requirements.
White Snake can extract passwords, copy files, log keystrokes and gain remote access to the victim’s device.
U.S. intelligence agencies accuse China of preparing cyberattacks on military infrastructure
U.S. intelligence officials accuse the Chinese authorities of preparing widescale cyberattacks on civilian and military infrastructure. The report is from New York Times.
Officials say Chinese hackers are developing malware that they plan to deploy at facilities in the energy, water, and communications sectors around U.S. military bases worldwide.
According to American intelligence agencies, this is intended to slow military operations, especially in case of China taking military action against Taiwan.
Cl0p hackers publish information on 56 major companies on the dark web
The Cl0p ransomware gang dumped another batch of data on the dark web affecting 56 organisations, including Discovery, Honeywell, Choice Hotels, Radisson Americas, TomTom, Pioneer Electronics, Autozone and others. Telegram channel SecAtor reports.
The attackers presented screenshots of various stolen documents, ranging from payroll records to confidential user and corporate data.
As of writing, MOVEit Transfer incidents have been confirmed at more than 540 organisations. The damage is estimated at least $75 million.
Unknown attackers compromised Uralsib’s social networks
In the early hours of August 3, Uralsib’s social networks and several other unnamed banks’ accounts were hacked by attackers.
According to the financial institution, the hackers posted a message about a fake promo with 1win. They were attempting to steal card data.
The bank advised all users who followed the link from this post and entered their card details to temporarily block the card to prevent losses.
Uralsib is conducting an investigation into the incident and plans to strengthen access-control measures for its social media accounts.
Also on ForkLog:
- The author of a book on the OneCoin pyramid was threatened with violence.
- A hacker drained $47 million from Curve Finance liquidity pools, and by the end of the week the DeFi-sector infection was stopped.
- A verdict was delivered against the creators of the Bitcoin pyramid Sincere Systems.
- An award was announced for the FTX hacker on Arkham Intelligence.
- The SEC froze the assets of the mining company Digital Licensing.
- Those accused of laundering funds stolen from Bitfinex pleaded guilty.
- Experts tie Sam Bankman-Fried to the project the meme token BALD.
- In Ukraine a network of covert Bitcoin exchangers linked to Russia was shut down.
- LeetSwap halted trading due to a possible exploit.
- The German regulator initiated a probe into Worldcoin’s activities, while Kenya suspended activity of the project.
- The SEC brought suit against the founder of HEX.
- For July the Bitcoin industry lost $303 million due to hackers.
What to read this weekend?
We invite you to read a translation of the concluding chapter of Slovak hacktivist Juraj Bednár’s book Cryptocurrencies — Hack your way to a better life.