Hacker extortion against S.T.A.L.K.E.R. 2 developer, SpaceX contractor breach, and other cybersecurity events

We have compiled the weeks most important cybersecurity news.

LockBit ransomware group hacked a SpaceX contractor

The LockBit group claims to have hacked Maximum Industries, a supplier of SpaceX components, and stolen 3,000 proprietary drawings. This is reported by The Register.

The attackers threaten to put the documents up for sale if a ransom is not paid by March 20.

LockBit breaches Maximum Industries with a message to Elon Musk and SpaceX contractors.

/maximumind.com@elonmusk @SpaceX #cybersecurity #infosec #lockbit pic.twitter.com/voroB6hJET

— Dominic Alvieri (@AlvieriD) March 13, 2023

“I would say we’d be lucky if SpaceX contractors were more talkative. But I think this data will find a buyer very quickly. Elon Musk, we’ll help sell your sketches to other manufacturers, build your ship faster and take off,” wrote a LockBit spokesperson.

Judging by the message, Maximum Industries does not intend to pay the ransom. Journalists believe the drawings alone may not be highly valuable, since the parts still have to be manufactured and used without arousing suspicion.

SpaceX and Maximum Industries did not comment on the situation.

A covert Dero cryptocurrency miner attacked Kubernetes clusters

Kubernetes clusters with open API became the target of a cryptocurrency mining operation by Dero, marketed as a more profitable alternative to Monero, according to CrowdStrike.

CrowdStrike has discovered the first-ever Dero cryptojacking operation targeting Kubernetes infrastructure.

Learn more: https://t.co/iACE1vlAYx pic.twitter.com/ZOWCziA9Wv

— CrowdStrike (@CrowdStrike) March 15, 2023

According to researchers, since February attackers have been scanning for exposed and vulnerable clusters with anonymous Kubernetes API access. They then deploy a DaemonSet controller in the system that allows using the resources of all nodes to run covert mining. The mining power is funneled into a single pool, which then distributes rewards.

CrowdStrike also found that the attackers are concurrently battling rival groups that mine Monero on the same devices.

In Ukraine, the creator of a trojan that infected 10,000 computers was arrested

Cyberpolice officers arrested a 25-year-old resident of Khmelnytskyi region who, using a trojan he created, gained remote access to more than 10,000 computers.

According to the agency, the hacker distributed the malware as an application for computer games. On the victim’s device, the program allowed him to upload and download files, install and remove applications, take screenshots, intercept audio from the microphone and video from the camera.

He subsequently used this data to steal funds from electronic accounts. Authorities did not specify whether this referred to crypto wallets or online banking.

At the time of the search, the suspect controlled nearly 600 infected computers to which he could connect in real time.

The police seized equipment and opened a criminal case for unauthorized interference with information systems. The maximum penalty under the article is up to 15 years in prison. The investigation continues.

Infostealers detected in AI-generated YouTube videos

On YouTube, the number of AI-generated videos distributing malware, including infostealers Raccoon, RedLine and Vidar, is rising, according to CloudSEK.

On YouTube, the number of AI-generated videos distributing malware, including infostealers Raccoon, RedLine and Vidar, is rising, according to CloudSEK.

Additionally, using AI they create videos featuring people with specific facial features that seem more familiar and trustworthy to users. By using SEO poisoning techniques attackers achieve priority in search results.

FBI estimates 2022 cyberattack damage at $10 billion

In 2022 the FBI received more than 800,000 reports related to cybercrime, and total losses exceeded $10 billion. The IC3 report states this.

The most profitable for criminals was investment fraud—$3.3 billion in losses. The agency attributed this to the hype around cryptocurrencies.

Second was email compromise with losses of $2.7 billion.

Phishing, data breaches, non-payment fraud, extortion and tech-support scams also remain popular with cybercriminals.

Total losses from ransomware activity in 2022 exceeded $34 million — the FBI received over 2,300 such complaints.

Most often, attacks were orchestrated by operators of LockBit, BlackCat and Hive. Their victims included healthcare, critical infrastructure sectors, government agencies and IT companies.

Hackers demanded the S.T.A.L.K.E.R. 2 developer restore the Russian voice acting

The company GSC Game World, developer of S.T.A.L.K.E.R. 2: Heart of Chornobyl, became a victim of a cyberattack. Kommersant reports.

Hackers gained access to nearly 30 GB of information and demanded restoring the Russian localization in the game, as well as unlocking the profiles of Russian and Belarusian players on Discord.

The attackers have already published descriptions of storyline videos, game maps and some artwork for the game. If their demands are not met, they threaten to publish the entire archive.

Representatives of GSC Game World confirmed the breach that occurred through the hacking of a computer belonging to one of the employees.

A message from GSC Game World team pic.twitter.com/rqRM0tFZmO

— S.T.A.L.K.E.R. OFFICIAL (@stalker_thegame) March 12, 2023

The company asked people not to watch or share materials about the game to avoid spoiling the impression.

After the attack, a Ukrainian Twitter trend supporting GSC Game World emerged, with calls to buy the game. As of writing, users had pushed it to No. 4 on Steam’s global ranking.

Also on ForkLog:

• BlockSec prevented an attack on the NFT project ParaSpace.
• In the United States a Chinese businessperson was arrested for cryptocurrency fraud totaling $1 billion.
• US and German authorities seized the servers of the cryptocurrency mixer ChipMixer.
• Report: exchanges from Moscow-City help cash out USDT in the United Kingdom.
• GPT-4 identified a vulnerability in a smart contract on Ethereum.
• MetaMask fixed a privacy issue related to account merging.
• Halborn reported a serious vulnerability in Dogecoin.
• PeopleDAO had $120,000 stolen in Ethereum via Google Sheets.
• Euler Finance was hacked for $196 million. Some of the stolen funds passed through the Tornado Cash mixer, another portion went to the Lazarus Group address.
• OpenSea patched a vulnerability in users’ personal data.
• Rosfinmonitoring claimed surveillance of cryptocurrency holders.

What to read this weekend?

In a special feature we recount the FTX collapse and its parallels with the 2008 crisis.