Here are the week’s most significant cybersecurity news stories.
- FBI hacked the smartphone of the individual who shot at Donald Trump.
- Russians confessed to attacks using the LockBit ransomware.
- AT&T paid hackers 5.7 BTC to delete stolen data.
FBI Hacks Phone of Trump Shooter
FBI agents, in collaboration with Cellebrite software developers, hacked the phone of Thomas Matthew Crooks, who attempted to shoot Donald Trump at a rally on July 13. Bloomberg reports.
The shooter used a new Samsung model running Android. Law enforcement accessed the phone’s contents in 40 minutes using an advanced version of Cellebrite for data extraction and analysis.
According to the Associated Press, Crooks’ phone contained photos of the former Republican president, President Joe Biden, and other officials. The FBI also found a search query for “information on major depressive disorder.”
Russians Admit to LockBit Ransomware Attacks
Russian nationals Ruslan Astamirov and Mikhail Vasiliev (also a Canadian citizen) pleaded guilty to conducting numerous cyberattacks worldwide using the LockBit ransomware. The US Department of Justice reports.
Astamirov (also known as BETTERPAY, offtitan, and Eastfarmer) used LockBit from 2020 to 2023, receiving a total of $1.9 million in ransom payments.
Vasiliev’s criminal activities (Ghostrider, Free, Digitalocean90, Digitalocean99, Digitalwaters99, and Newwave110) from 2021 to 2023 caused damages of at least $500,000.
Astamirov, arrested in June 2023 in Arizona, faces up to 25 years in prison. As part of a plea agreement, he will compensate victims, including $350,000 received in cryptocurrency from one victim.
Vasiliev, already sentenced to four years in Ontario for spreading LockBit, could face an additional 45 years.
Disney Investigates Potential Slack Channel Breach
Disney has launched an investigation into a possible leak from corporate Slack channels, as claimed last week by the hacker group Nullbulge. CNN reports.
The hackers claim to have accessed “thousands of Disney’s internal messaging channels,” including information on unreleased projects, raw images, source codes, and some logins. The total dump size is estimated at 1.2 TB.
Nullbulge cites an “insider” among Disney employees. However, Vx-underground researchers believe the breach was executed using an infostealer.
We’ve seen a lot of people discussing the Disney compromise. Let’s talk about it.
tl;dr prolly data stealer, not insider threat, leak is real but not going to destroy walt disney
First, the individual(s) who take credit for the compromise allege they had help from an insider.…
— vx-underground (@vxunderground) July 15, 2024
AT&T Pays Hackers 5.7 BTC to Delete Stolen Data
American telecommunications giant AT&T, whose call logs and text messages of 109 million subscribers were stolen in a breach of cloud storage company Snowflake, paid a ransom to the extortionists. Wired reports.
The compromised records did not include call contents or client names, but communication metadata could be used to correlate with other identifying information.
Initially, hackers demanded $1 million from AT&T but later agreed to a third of the amount. 5.7 BTC (over $370,000 at the time of the transaction) were transferred to the hackers’ wallet on May 17. The cryptocurrency was laundered through several exchanges and wallets.
After payment, AT&T received a video proving the deletion of the stolen data from the cybercriminals’ computer and cloud server.
Email Addresses of 15 Million Trello Users Leaked
A hacker known as emo published over 15 million email addresses linked to Trello accounts on a hacking forum. Bleeping Computer reports.
In a comment to the publication, emo stated that in January, they created a list of 500 million email addresses and matched it with associated accounts through an unsecured Trello REST API. Some of them matched.
The leak includes email addresses and information about the public Trello account, including the user’s full name.
The dump is currently available for eight site credits ($2.32). The information could potentially be used for phishing or doxing.
Trello’s parent company, Atlassian, confirmed the incident, adding that necessary updates to the API were made back in January.
Roskomnadzor Demands Unblocking of Over 200 Russian YouTube Accounts
Roskomnadzor sent a demand to Google LLC CEO Sundar Pichai to unblock more than 200 YouTube accounts of Russian media, authorities, and public figures. TASS reports, citing the agency’s press service.
According to Roskomnadzor, since 2020, the video hosting service has restricted access to 207 resources. Sanctions affected channels like RT, RBC, accounts of musicians Shaman, Oleg Gazmanov, Yulia Chicherina, writer Zakhar Prilepin, designer Artemy Lebedev, and others.
The agency called the restrictive measures a violation of “key principles of free information dissemination and unrestricted access to it.”
Also on ForkLog:
- Experts reported attacks on Russian users of Hamster Kombat.
- A global Windows system failure triggered a boom in themed meme coins.
- The LI.FI protocol lost at least $8 million in a hack. The team later revealed details of the incident.
- Indian Bitcoin exchange WazirX was hacked for $234.9 million. North Korean hackers were suspected in the attack.
- A Degen Chain user lost 90% of funds during a transaction.
- A suspected Trickbot hacker was arrested in Moscow.
- The former head of Galaxy Interactive lost $3.6 million intended for launching a crypto casino.
- An expert tracked transfers of assets stolen from DMM Bitcoin.
What to Read This Weekend?
Together with the exchange aggregator BestChange, we explain how to check the cleanliness of funds using its AML service.