Cybersecurity Highlights: Avast’s Data Sales, German Police’s Darknet Sting, and More

We have compiled the most significant cybersecurity news of the week.

Germany Shuts Down Major Darknet Marketplace Crimemarket

Düsseldorf police halted the operations of Germany’s largest darknet marketplace, Crimemarket, and arrested six individuals, including the 23-year-old operator of the platform.

More than a hundred searches were conducted as part of the investigation. Seized items included mobile phones, computers, data carriers, a kilogram of marijuana, ecstasy tablets, approximately €600,000 in cash, and vehicles.

Crimemarket was a hub for trading illegal drugs, cybercriminal services, and guides on committing various crimes.

Police continue to search for the platform’s leaders and its users. To this end, they have not completely shut down the marketplace site and are collecting identifying and other compromising information through it.

LockBit Ransomware Resumes Operations

The LockBit ransomware gang, despite a partial infrastructure seizure by law enforcement, continues to carry out attacks and is setting up new leak and negotiation sites on the Tor network. 

ThreatLabz has observed new #Lockbit ransomware attacks following the law enforcement takedown operation last week.

The latest ransom note can be found in our GitHub repo: https://t.co/rZdficpiRJ pic.twitter.com/hEIqJWrEGI

— Zscaler ThreatLabz (@Threatlabz) February 27, 2024

The group has also updated its encryptors and ransom notes.

Bleeping Computer confirmed that negotiation servers are operational, but only for victims of new attacks.

At the time of LockBit’s shutdown, around 180 third-party partners were involved in extortion operations. Their current number is unknown.

Epic Games Finds No Evidence of Mogilevich Hack

The hacker group Mogilevich claims to have stolen 189 GB of files from Epic Games, including email addresses, passwords, full names, payment data, and source codes. However, the game developer denies any server breach. 

?ALERT?

Allegedly, #Mogilevich has breached Epic Games.

Country: #USA??
Threat Actor: Mogilevich
Company: Epic Games
Revenue: $5.8 Billion
Data Stolen: 189GB
Price: Unknown
Date: 2024-02-27#Ransomware #DarkWeb #DarkWebInformer #Leaks #Leaked #Cybersecurity #Cyberattack… pic.twitter.com/fLrqCGkYo2

— Dark Web Informer (@DarkWebInformer) February 27, 2024

The information about the attack spread on social media, yet the perpetrator has not provided any evidence. 

In a conversation with Bleeping Computer, the hacker stated they hope to sell the allegedly stolen data for $15,000 but are willing to share samples only with those who can prove they have enough cryptocurrency to make the purchase. 

According to Epic Games representatives, they continue to investigate but have found no evidence of a breach or data theft.

US Authorities Fine Avast for Trading User Data

The US Federal Trade Commission accused antivirus maker Avast of illegally collecting and selling user data without consent. 

According to the agency, from 2014 to 2020, the company sold search queries, browsing history, geolocation, and other confidential information through its subsidiary Jumpshot to dozens of marketing and analytics firms, as well as data brokers. 

Avast was ordered to pay a $16.5 million fine and cease the transfer of user data for advertising purposes.

Over 100,000 Malicious Repositories Found on GitHub

Unknown actors uploaded at least 100,000 malicious repositories to GitHub to infect developers with an infostealer, researchers at Apiiro discovered. 

Our security research team has detected more than 100,000 (presumably millions) of infected GitHub repositories. ?

Discover how this large-scale compromise of dev envs was pulled off using repo confusion and automation. ? https://t.co/PagNNzOQNx

— Apiiro (@ApiiroSecurity) February 28, 2024

The campaign began in May 2023 and spread widely due to automated branching. 

The infostealer BlackCap-Grabber, delivered to infected machines, steals login credentials from various applications, browser passwords, cookies, and other confidential information.

GitHub removed most of the malicious repositories after notification from researchers, but the attacks remain active.

Reports: Pro-Russian Hackers Breach Moldovan Government Sites

Several Moldovan government portals, including the site of President Maia Sandu, were hacked. The attack is attributed to the Russian group Just Evil (formerly KILLNET), according to local media.

Hackers leaked registries of civil servants, including names, email addresses, and phone numbers. 

They also claim to have accessed documentation from Moldova’s Ministry of Justice dating back to 2014. The archive is being sold for €40,000. For an additional fee, the perpetrators offer to make “subtle changes” to the files.

Government representatives have not commented on the incident.

Major Messenger Outage in Russia Blamed on Roskomnadzor

On February 27, users in many regions of Russia reported issues accessing major messengers and social networks — Telegram, YouTube, WhatsApp, Viber, and VKontakte. The cause was a reconfiguration of equipment by Roskomnadzor employees TSPU, writes Kommersant.

Meanwhile, some users gained access to Instagram and X, which are blocked in the country.

One official explained that Roskomnadzor was conducting work to ensure the blocking of services banned in Russia that day. 

Experts speculate that the outage may have occurred due to mass testing of technology Active Probing, which has been successfully used in China for internet censorship for several years.

Also on ForkLog:

• An Ordinals trader returned $13,000 mistakenly paid by a buyer.
• Russian university websites were hacked for cryptocurrency mining.
• Kyrgyzstan’s Four Dragons exchange reported a breach.
• A vulnerability in the Seneca protocol led to the theft of 1900 ETH.
• Coinbase resumed operations after a zero balance glitch.
• Authorities failed to convince the community of the unmasking of the LockBit admin.
• A backdoor was discovered in the IPFS version of Tornado Cash.
• Analysts revealed the movement of stolen KyberSwap funds.
• An expert speculated on a hack or scam at Bitforex involving $56 million.
• The first rug pull in Blast: RiskOnBlast developers withdrew $1.25 million.
• Users reported a data breach on Aleo.
• An OTCPro client disappeared with $650,000 received in error.
• Hackers compromised MicroStrategy’s X account for phishing.
• Kazakhstan confiscated 408,000 USDT from a pyramid scheme organizer.

Weekend Reading Suggestions

There is a belief that quantum computers might soon be able to crack blockchains and, for instance, destroy Bitcoin. These concerns are not unfounded, but there are nuances. More details: