Here\’s the week\’s most important cybersecurity news.
- Eleven Trickbot hackers were sanctioned by the United States and the United Kingdom.
- A Google service was used to attack cryptocurrency holders.
- A company linked to the British military was breached through a Windows 7 computer.
- Graphic designers were targeted by hidden miners.
Trickbot hackers sanctioned by the US and UK
U.S. and UK authorities imposed sanctions on eleven Russian nationals linked to Trickbot ransomware operations. OFAC announced in OFAC.
In addition to seven previously named defendants, administrators, managers, developers and programmers of the group were added to the list.
All entities in the UK and the US are barred from conducting financial transactions with these individuals, including paying ransoms.
According to the U.S. Treasury, Trickbot hackers have ties to Russian intelligence services. Their attacks targeted government agencies and critical infrastructure entities worldwide, including American hospitals.
Separately, the U.S. Department of Justice unsealed charges against nine individuals linked to Trickbot and the Conti ransomware group.
Google Looker Studio used to attack cryptocurrency holders
Cybercriminals are turning to Google’s legitimate Looker Studio to carry out phishing attacks against cryptocurrency holders. Check Point researchers noted this.
A cyberattack involving Google #LookerStudio is making the rounds ⚠️
Here\’s how hackers are using it to create fake crypto pages and how the attack occurs: https://t.co/Lzzoan7gkb
— Check Point Software (@CheckPointSW) September 7, 2023
Looker Studio is designed for creating customised reports based on third-party sources. Because the service enjoys a strong reputation, attackers embed the URLs of these pages in phishing emails to bypass email security checks.
The message is sent on behalf of Google and includes the company’s letterhead with a notice that the user allegedly won about 0.75 BTC (roughly $19,300 at the time of writing).
The link in the email directs victims to a phishing page where they are asked to enter credentials for their crypto wallet. In the end, all information goes directly to the attackers.
Researchers reported these abuses to Google on August 22, but it is unknown whether the company took any action.
A UK military-linked company hacked via Windows 7 computer
Ransomware group LockBit published gigabytes of confidential data from Zaun, a UK firm that manufactures fencing for prisons, military bases and other critical facilities. The vendor confirmed the breach.
Investigators found the breach occurred via a Windows 7 computer running industrial equipment software. Extended support for this OS ended in 2020.
The cyberattack occurred on August 5–6. While Zaun’s specialists prevented encryption, hackers stole 10 GB of non-secret information, including some emails, orders, drawings and project files.
The incident is under investigation.
Graphic designers targeted by stealth miners
Cybercriminals are using the legitimate Windows-based installer Advanced Installer to infect graphic designer machines with cryptocurrency miners, according to Cisco Talos researchers.
We are actively tracking a new campaign in which adversaries are targeting graphic designers and other users of 3-D modeling software with #cryptocurrency mining malware. (As you may have guessed, it\’s because these users have large GPUs) https://t.co/bala5vWMXY pic.twitter.com/iQnAbMeNAB
— Cisco Talos Intelligence Group (@TalosSecurity) September 7, 2023
Malware is embedded inside installers for popular 3D modelling and graphic design software, such as Adobe Illustrator, Autodesk 3ds Max and SketchUp Pro.
This choice of apps is driven by designers, animators and video editors relying on machines with powerful GPUs, making cryptojacking more lucrative.
The campaign has been active since at least November 2021. Most victims are in France and Switzerland, with infections also reported in the United States, Canada, Germany, Algeria and Singapore.
North Korean hackers hit defence and government targets in Russia
Microsoft researchers said that North Korean hacking groups have breached several Russian government and defence facilities since early 2023 to harvest intelligence.
The report does not name specific victims, but outlines when some of the attacks occurred.
According to experts, in March three independent groups hacked the Russian Institute of Aerospace Studies, compromised a device belonging to one of the Russian universities, and organised a phishing campaign targeting diplomatic government bodies.
Phishing \”Gosuslugi\” services found on Telegram
Fraudsters created a closed Telegram channel bearing the logo of the Russian government portal Gosuslugi, promising various \’benefits\’ worth up to 100,000 rubles. RIA Novosti reports.
Users who submitted a payout request are redirected to a bot that reports an error and directs them to another link.
That link leads to a phishing page — through it, attackers attempt to hijack the account or gain access to other data on the victim\’s phone.
Also on ForkLog:
- Experts warned about crypto-phishing on Discord.
- The betting service Stake was hacked for $41 million, with Lazarus hackers implicated by the FBI.
- The former head of Thodex was sentenced to 11,196 years in prison.
- A Moscow Bitcoin investor reported police extortion.
- A market maker lost $24 million due to phishing.
- Two Russians face up to 50 years in prison for cryptocurrency-related fraud in Thailand.
- A white-hat hacker explained the cause of the Euler Finance exploit worth $200 million.
- Co-founder of Tornado Cash refused to plead guilty.
- In South Korea, the creators of a cryptocurrency pyramid were arrested over an $82.5 million scheme.
- The Connext Network airdrop came under attack.
- The DemHack hackathon dedicated to internet freedom opened applications.
- Journalists uncovered a phishing scheme targeting MetaMask users.
- Media: South Korea plans to freeze North Korea\’s crypto assets.
- Loss from Bitcoin pyramids in Russia exceeded $50 million in six months.
- French regulator examined Worldcoin offices in Paris.
What to read this weekend?
An interview with a man who worked on fraudulent schemes and advises against repeating his path.