Cybersecurity Highlights: AirDrop Reveals iPhone User, Alfa-Bank Data Breach, and More

We have compiled the most significant cybersecurity news of the week.

Chinese Researchers Identify iPhone User via AirDrop

Staff at the Beijing Institute of Forensic Science decrypted Apple device logs for the AirDrop feature, gaining access to user personal data, according to Bloomberg.

Residents of China use AirDrop to send files bypassing state censorship. Researchers became interested in the feature after a group used it to distribute “unacceptable information” in the Beijing subway.

Using rainbow tables, they decrypted logs to reveal the device name, phone number, and email address of the sender.

This led to the identification of several suspects in illegal distribution.

Data of 24 Million Alfa-Bank Clients Leaked Online

The Ukrainian hacker group KibOrg released the full database of Russia’s Alfa-Bank to the public.

According to the hackers, the table contains 115,217,571 records with data on 24 million people who used the bank’s services, including their full names, birth dates, phone numbers, card and account numbers. Data on 13 million organizations is also available. The earliest records date back to 2004.

The publication “Important Stories” confirmed that the leaked information pertains to real residents of Russia. Alfa-Bank has not commented on the situation.

Hackers accessed this data in October 2023, initially releasing part of the information. At that time, the bank dismissed the leak as “fake.”

Creator of Babuk Ransomware Variant Arrested in the Netherlands

Dutch police identified and arrested the operator of the Tortilla ransomware, a variant of Babuk, in Amsterdam.

See more

We are proud to help release an updated version of the #Babuk #ransomware decryptor to include its #Tortilla variant, with the help of @Politie and @AvastThreatLabs https://t.co/oW6xX8dAhW pic.twitter.com/7kXNhw2Q1C

— Cisco Talos Intelligence Group (@TalosSecurity) January 9, 2024

The perpetrator attacked Microsoft Exchange servers using ProxyShell exploits.

Law enforcement collaborated with Cisco Talos researchers, who also managed to obtain a decryptor after extracting its keys from the executable file.

Vulnerability Found in Fast-Food Hiring Chatbot

The AI-based chatbot Chattr allowed unauthorized users to access its backend, used by fast-food franchises for hiring automation. This was reported by a group of researchers led by programmer Paul Bruh.

Using a special script, they discovered a vulnerable Firebase server configuration linked to the KFC network.

Researchers used it to access the database, allowing them to view names, phone numbers, email addresses, branch locations, messages, work schedules, and some passwords. The data pertained to franchise managers, job applicants, and Chattr employees.

Additionally, experts accessed the admin panel listing organizations using the chatbot, with options to accept or reject job candidates and refund payments made in Chattr.

The vulnerability was disclosed on January 9, and the Chattr team resolved the issue the following day.

Former BreachForums Head Re-arrested for Bail Violation

The creator and former administrator of the now-defunct hacker forum BreachForums, Conor Brian Fitzpatrick, was jailed for violating bail conditions.

Under a plea deal, he was prohibited from accessing the internet from devices without special monitoring software and using VPN services. Now, Pompompurin will remain in custody until January 19, when a court hearing is scheduled.

Fitzpatrick is accused of stealing and selling confidential personal information, conspiracy to commit fraud, and possession of child pornography. The former admin previously pleaded guilty to all three charges and posted a $300,000 bail.

He faces up to 40 years in prison, a $750,000 fine, and at least five years under government supervision after release.

Ukrainian Hackers Breach Moscow Internet Provider M9com

The hacker group Blackjack claimed to have hacked the major Moscow internet provider M9com, stealing confidential information from the company.

As proof, they shared a Tor URL for three ZIP archives containing employee and client credentials, including full names, logins, email addresses, unencrypted passwords, and 50 GB of call data.

The hackers also defaced the official M9com website.

Blackjack described the attack as “a continuation of a series of warm-up acts of retribution” for the hack of “Kyivstar.”

Virus Creator Arrested in Mykolaiv for U.S. Company Attack

Ukrainian cyber police, with Europol’s assistance, arrested a hacker who infected servers of a U.S. e-commerce company with a hidden miner.

According to case materials, since 2021, a 29-year-old resident of Mykolaiv brute-forced 1,500 accounts of a subsidiary firm. Using them, he gained control over the target service.

The hacker then infected server equipment with a mining virus and created a botnet of over a million virtual computers.

Over two years, the malware transferred about $2 million in cryptocurrencies to controlled wallets. Europol helped Ukrainian colleagues block these addresses.

Law enforcement seized computer equipment, flash drives, bank cards, and SIM cards from the suspect’s apartment.

Criminal proceedings have been initiated for unauthorized interference with information systems. Possible accomplices are being identified.

Also on ForkLog:

• The SEC’s X account was hacked to announce a fake Bitcoin ETF approval. The FBI is investigating.
• X accounts of CoinGecko, as well as Netgear and Hyundai, were hacked to promote scams.
• The Russian Ministry of Internal Affairs detailed Bitcoin seizure practices in drug trafficking cases.
• In the U.S., a promoter of the HyperVerse crypto scam was arrested.
• Media reported a data breach at the Bit24.cash platform.
• The U.S. charged operators and users of the darknet marketplace xDedic.
• Zengo Wallet challenged hackers to hack a wallet containing 10 BTC.

Weekend Reading Suggestions

Explore the biggest DeFi segment hacks of 2023 in our year-end article: