We have gathered the most important cybersecurity news of the week.
- The FBI dismantled the Snake spyware used by the FSB.
- U.S. authorities shut down 13 domains offering DDoS-for-hire services.
- A special CS:GO map featuring news about the war in Ukraine was created.
- A dark web monitoring feature will be added to Gmail.
\n
\n\n\n
FBI dismantles Snake spyware used by the FSB
\n\n\n
The U.S. Department of Justice said it dismantled an international network of computers infected with the Snake P2P botnet and involved in espionage by Russia. According to the department, the malware was distributed by the hacker group Turla, linked to the FSB.
\n\n\n
Russian FSB cyber actors are deploying cyberespionage malware targeting over 50 countries. Take action to keep FSB’s Snake malware out of your networks. Learn how to detect and mitigate associated malicious activities. https://t.co/hzzQpo1vBc pic.twitter.com/4eUb5oiums
— NSA Cyber (@NSACyber) May 9, 2023
For almost 20 years, Snake has been used to collect and steal confidential documents from governments, research organisations and journalists in at least 50 countries, including NATO member states.
\n\n
Turla command centres were located in Ryazan and Moscow.
\n\n
Using the FBI’s Perseus tool, technical specialists were able to remotely disable the malware on infected devices without affecting legitimate apps and files on them.
\n\n
Law enforcement is contacting victims and providing guidance on mitigating the consequences of the cyberattack.
\n\n
U.S. authorities shut down 13 domains linked to DDoS-for-hire platforms
\n\n
The FBI seized 13 domains linked to booter services and IP-stressers.
\n\n
This was the third operation by authorities to identify booter services and IP-stressers.
\n\n
Ten of the 13 seized domains were reincarnations of services that had been shut down during the previous crackdown in December 2022, which targeted 48 leading booter services, according to the Department of Justice.
\n\n
\n\n
Before the seizure, the FBI tested all services, confirming their effectiveness and assessing the impact of DDoS attacks on target computers. The agency noted that some attacks drove devices offline.
\n\n
Gmail adds dark web monitoring feature
\n\n
Gmail users will be able to scan the dark web for their email addresses using Google’s new Dark Web Report security feature.
\n\n
We’re committed to protecting you online. Learn about the newest ways we’re keeping you #SaferWithGoogle, strengthened by our advancements in AI #GoogleIO ↓
https://t.co/SRkUmaglD6— Google (@Google) May 11, 2023
Users will also be notified if their personal data, including name, address, phone number or Social Security number, appears on hacker forums.
\n\n
For now the feature is available only in the United States. Google plans to roll it out to all users in the future.
\n\n
A dedicated CS:GO map featuring news about the war in Ukraine
\n\n
Finnish newspaper Helsingin Sanomat created a dedicated map in Counter-Strike: Global Offensive (CS:GO) to bypass Russian censorship of reporting on the war in Ukraine, according to PC Gamer.
\n\n
User map de_voyna resembles the ruins of a Slavic city with a secret underground bunker.
\n\n\n\n
It features a curated set of key data about the war in English and Russian. This information includes statistics on Russian army losses from reliable sources, details of missile strikes and other crimes committed against civilians, and photos of incident sites.
\n\n
«The aim is to show Russians that the horrors of war are happening in places that seem very familiar to them», said representatives of the newspaper.
\n\n
The map was launched on May 3 and, at the time of writing, has more than 22,000 subscribers.
\n\n
Russians make up roughly a tenth of the CS:GO player base.
\n
Notable ransomware operators attempted to breach Dragos
\n\n
Dragos, an industrial cybersecurity firm, said that on May 8 a notorious hacker group tried to breach its defenses to deploy ransomware.
\n\n
It’s time to destigmatize security events. Yes it happens at security companies and here’s why we need to talk about it. #cybersecurity #icscybersecurity #otcybersecurity #industrialcybersecurity #criticalinfrastructureprotectionhttps://t.co/0haQOJilVs
— Dragos, Inc. (@DragosInc) May 10, 2023
The cybercriminals did not manage to breach the internal network, but they gained access to the company’s SharePoint cloud service and contract management system.
\n\n
The attack occurred via compromise of the email address of a new sales employee.
\n\n
After the breach, the attackers downloaded \”data for public use\” and gained access to 25 client reports.
\n\n
\n\n
Later the hackers sent a ransom note. Dragos disabled the compromised account, invalidated all active sessions and blocked the attackers’ access to its resources.
\n\n
The company does not intend to pay the ransom, though it does not rule out that the stolen information will be published on hacker forums.
\n\n
The investigation is ongoing.
\n\n
Also on ForkLog:
\n\n
- Ukraine, Chainalysis and the United States began tracking sanctions evasion by Russians.
- Media reported the granting of a €400,000 bail in the Do Kwon document-fabrication case. Terraform Labs’ pleaded not guilty.
- NBA star Shaquille O’Neal challenged service of a summons in the FTX case.
- Former Coinbase executive sentenced to two years in prison for insider trading.
- Sam Bankman-Fried asked the court to drop some charges.
- Media: a South Korean lawmaker suspected of illegal crypto transfers.
- The DeFi protocol Deus Finance was hacked for $6 million.
\n\n
What to read this weekend?
\n\n
In the educational section ‘Kryptorium’ we explain how not to fall victim to scammers when using a Bitcoin wallet.
“