We round up the week’s most important cybersecurity news.
- The FSB said US intelligence agencies hacked thousands of Apple phones.
- A 360-million-record Super VPN database leaked online.
- The Russian State Duma passed a law confiscating hackers’ assets.
- RaidForums user data surfaced on a new dark-net platform.
\n
\n\n\n\n
The FSB says US intelligence agencies hacked thousands of Apple phones
\n\n\n\n
The Federal Security Service of Russia (FSB) said it had uncovered an espionage operation by US intelligence services carried out by hacking thousands of Apple devices.
\n\n\n\n
According to the agency, the examined phones, through manufacturer-provided software vulnerabilities, were infected with unknown malware enabling surveillance of users.
\n\n\n\n
Among the affected were Russian subscribers, foreign diplomats based in Russia, former Soviet republics, NATO countries, Israel, Syria and China, as well as dozens of employees of cybersecurity firm Kaspersky Lab.
\n\n\n\n
The CEO of the latter, Eugene Kaspersky, described the incident as \”an extremely complex, professionally directed cyberattack\” targeting employees \”at the senior and middle levels.\”
\n\n\n\n
Researchers from Kaspersky Lab said they independently detected anomalous traffic in a corporate Wi-Fi network around the start of the year. However, the oldest traces of infection date back to 2019. The company passed this information to a computer emergency response team.
\n\n\n\n
Following the investigation, the FSB concluded there was \”close cooperation\” between Apple and the АНБ, but did not provide evidence that the company participated in or knew about the spying campaign.
\n\n\n\n
Apple denied the accusations in a statement to Reuters. The NSA declined to comment.
\n\n\n\n
A 360-million-record Super VPN database leaked online
\n\n\n\n
The popular free service Super VPN inadvertently exposed more than 360 million user records. This drew the attention of researcher Jeremy Fowler.
\n\n\n\n
The 133 GB database contained email addresses, original IP addresses, geolocation data and records of used VPN servers.
\n\n\n\n
\n\n\n\n
The leaked data also included secret keys, UUIDs, which can be used to obtain additional information (about phone model or device, operating system, type of internet connection and the VPN app version).
\n\n\n\n
Additionally, the database included payment information and links to sites visited by users.
\n\n\n\n
The total downloads of Super VPN on Google Play and the App Store exceed 100 million.
\n\n\n\n
After receiving notification from the researcher, the service owners reconfigured the database. Officially, they did not comment on the incident.
\n\n\n\n
The Russian State Duma passed a law confiscating hackers’ assets
\n\n\n\n
On May 30, the State Duma passed a law on confiscation of property obtained as a result of hacking and other crimes in the field of computer information.
\n\n\n\n
The procedure will apply in cases:
\n\n\n\n
- unauthorized access to legally protected computer information;
- impact on Russia’s critical information infrastructure;
- creation, use and distribution of malware;
- breaches of rules governing the storage, processing or transmission of computer information;
- if the act resulted in \”destruction, blocking, modification or copying of computer data\” and a large-scale damage.
\n\n\n\n
A number of experts told RBC that in theory cryptocurrencies could also fall under the law, as they are legally treated as property.
\n\n\n\n
RaidForums user data surfaced on a new dark-net platform
\n\n\n\n
One of the admins of the dark-net forum Exposed, going by the nickname Impotent, published the personal data of 478,000 users of the now-closed RaidForums. This was reported by Bleeping Computer.
\n\n\n\n
\n\n\n\n
The SQL file contains registration information from March 20, 2015 to September 24, 2020, including usernames, email addresses, hashed passwords and registration dates. Some data was removed from the dump, and its author is unknown.
\n\n\n\n
Journalists noted that the database was likely already accessible to law enforcement after RaidForums was seized and shut down in April 2022. However, the information could prove useful to cybersecurity researchers who profile attackers.
\n\n\n\n
Hackers claim theft from the \u201cVkusno — i tochka\u201d database
\n\n\n\n
Unknown actors posted an open-access file containing data on job applicants for the \u201cVkusno — i tochka\u201d network for the period from January 1, 2018 to May 25, 2023. This was reported by the Telegram channel in2security.
\n\n\n\n
The database consists of 295,914 rows, including full names, ages, nationalities, phone numbers (215,677 unique numbers), positions, place and employment status, test results for applicants and other operational information.
\n\n\n\n
\n\n\n\n
According to Russian outlets, the security service and IT department of the fast-food chain are already verifying information about the leak.
\n\n\n\n
Russia blocks the Medium platform
\n\n\n\n
On May 31, Roskomnadzor restricted access to all domains and subdomains of the Medium platform within Russia.
\n\n\n\n
In statements to the media, the agency attributed the block to \”not removing disinformation\” about the war in Ukraine.
\n\n\n\n
Medium was launched in 2012 by Twitter co-founders Evan Williams and Biz Stone. According to SimilarWeb, medium.com ranks among the top-500 most-visited sites with nearly 130 million unique users per month.
\n\n\n\n
Malware found in Google Play downloaded more than 421 million times
\n\n\n\n
Dr. Web researchers detected the Android.Spy.SpinOk trojan module in more than a hundred apps in the Google Play store, cumulatively downloaded more than 421 million times.
\n\n\n\n
The malware collects information about files stored on devices, transmits them to the attackers, and can also replace and upload clipboard contents to a remote server.
\n\n\n\n
The malware keeps users in apps with mini-games, task systems, and so-called prize draws.
\n\n\n\n
During initialization, the Trojan connects to a command-and-control server, sending a request with a wealth of technical information about the infected device, including sensor data. This allows attackers to adjust the malware’s operation to avoid detection.
\n\n\n\n
Researchers notified Google about the threat.
\n\n\n\n
Also on ForkLog:
\n\n\n\n
- TikTok blogger admitted to money laundering using Bitcoin.
- In May, the crypto industry lost over $45 million due to rug-pull schemes.
- Hackers breached the CTO of OpenAI to push a fake airdrop.
- In Multichain they lost contact with the project head.
- The founder of the crypto project Onfocoin was found dead.
- Journalists uncovered details of the report on the Bitfinex hack.
- Michael Saylor spoke about Bitcoin’s use in the fight against deepfakes.
- Hackers hacked the Twitter account of The Sandbox boss for a fake SAND airdrop.
- The Ethereum mixer Tornado Cash DAO regained control of governance.
- Hackers moved over $7.5 million from the DeFi project Jimbos Protocol.
\n\n\n\n
What to read this weekend?
\n\n\n\n
In an exclusive ForkLog feature, we explain how MiCA will change the tracking of cryptocurrency transfers in the EU and its impact on anti-money-laundering efforts.
“