Cybersecurity Highlights: Fake Roaring Kitty Scam, Telegram Data Leaks, and More

We have compiled the most significant cybersecurity news of the week.

122 GB of Stolen Credentials Extracted from Telegram Channels

Anonymous researchers have provided the data breach aggregator Have I Been Pwned with 122 GB of credentials gathered from various cybercriminal Telegram channels, according to the service’s owner, Troy Hunt.

New breach: Last week, 361M unique email addresses were collated from malicious Telegram channels. Data also included passwords and often, the website they were entered into, captured by info stealer malware. 58% were already in @haveibeenpwned. More: https://t.co/5DSTy4xfLN

— Have I Been Pwned (@haveibeenpwned) June 3, 2024

According to him, the dump contains 361 million email addresses, 151 million of which were not previously in the database. The data also included passwords and, in many cases, the websites they were associated with.

Due to the vast amount of information, it is impossible to fully verify its legitimacy. However, Hunt confirmed the connection of some leaked email addresses to websites through password reset forms.

Hacked Microsoft X Account Promoted Fake Crypto Presale Under Roaring Kitty’s Name

Fraudsters hacked a Microsoft X account in India, which had a gold verification checkmark, to advertise a fake cryptocurrency presale supposedly under the name of financial analyst and trader Keith Gill, known as Roaring Kitty.

His recent return caused a stir, which the perpetrators sought to exploit. They posted a link to a phishing site for over 211,000 followers, offering to purchase GameStop cryptocurrency in the presale for amounts ranging from 0.1 to 0.5 ETH. However, their main goal was to empty users’ wallets.

The campaign gained additional traction through numerous retweets from bot accounts.

FBI Warns of Cryptocurrency-Stealing “Recruitment Agencies”

U.S. residents are advised to be cautious of remote job offers, as scammers have begun using them to find victims for cryptocurrency theft.

Posing as recruiters for legitimate companies, fraudsters offer simple work-from-home tasks like rating restaurants or “optimizing” services through interaction with a platform.

The payment structure for these tasks is convoluted. Users supposedly see their earnings in a personal account, but to withdraw them, they must top up a cryptocurrency wallet. In some cases, they are asked to pay to “unlock” new tasks. However, the scheme is designed so that all funds go to its organizers.

Advance Auto Parts and LendingTree Allegedly Latest Victims of Snowflake Attack

A user named Sp1d3r claimed to possess customer data from automotive giant Advance Auto Parts, as well as financial company LendingTree and its subsidiary QuoteWizard — 380 million and 190 million records, respectively. The announcement of the data sale was posted on the recently revived hacker forum BreachForums, reports Wired.

The seller claims both dumps were obtained by hacking an employee account at the cloud storage company Snowflake. Previously, this incident was linked to breaches at American ticket operator Ticketmaster and Spanish bank Santander.

The hacker demands $1.5 million for 3 TB of Advance Auto Parts data and $2 million for 2 TB of LendingTree and QuoteWizard files. The potentially affected companies have not publicly confirmed any security breaches.

In a recent comment on the situation, Snowflake representatives stated that hackers used credentials stolen via info stealers to access their systems. The campaign targeted users with single-factor authentication.

The investigation into the incident is ongoing.

Law Enforcement Obtains 7000 Decryption Keys for LockBit Victims

FBI officials announced they have more than 7000 decryption keys from the LockBit hacker group, which can help ransomware victims recover their data.

This pertains to victims from June 2022 to February 2024. During this period, cybercriminals earned up to $1 billion.

Previously, law enforcement seized the gang’s infrastructure and revealed the identity of the ransomware administrator.

Reports: Bangladeshi Police Suspected of Selling Citizens’ Data via Telegram

Two high-ranking officials from Bangladesh’s counter-terrorism police are allegedly selling personal information of citizens, obtained from a secret government database, to criminals via Telegram, reports TechCrunch citing a letter signed by a local intelligence officer.

Potentially, criminals could have accessed citizens’ national identification data, mobile phone call records, and other “secret information.”

According to the letter, the police agents were suspected of criminal activity because they frequently requested access to logs from the NTMC systems.

An investigation is underway.

Also on ForkLog:

• Sky Mavis recovered $5.7 million in stolen funds.
• Cosmos Hub resumed operations after a four-hour outage.
• A Chinese student contested a prison sentence for withdrawing token liquidity.
• DMM Bitcoin to raise $350 million to compensate hack victims.
• Tether CEO warned of an email service hack.
• The right to speak and the fear of AGI. AI company employees raised concerns.
• SlowMist identified main causes of user fund losses.
• Lawyers reported mass arrests of P2P traders with Bybit in Moscow.
• A media company executive accused of $67 million cryptocurrency fraud.
• A Binance user lost $1 million due to a Chrome plugin, exchange blamed the client.
• Deepfake Elon Musk “gave away” bitcoins on YouTube.
• Frax Finance team linked X account hack to a social media insider.
• DEX Velocore lost $6.8 million in an exploit.

Weekend Reading Suggestions

Together with the company “SHARD,” we discuss popular NFT scam schemes.