We have gathered the week’s most important cybersecurity news.
- Researchers in the United States have demonstrated geolocation via manipulation of SMS.
- The FBI has announced a $10 million reward for information about the Cl0p ransomware gang.
- A BreachForums darknet forum database has been leaked online.
- Russia enshrines fines for “illegal use of foreign messaging apps”.
U.S. researchers have demonstrated geolocation via SMS manipulation
American researchers from Cornell University, as part of the Freaky Leaky SMS attack, demonstrated high-precision geolocation of the recipient by inferring from the timestamps of delivery reports.
Information about the status of SMS is processed by the SMSC. In the course of propagation through network nodes, routing delays occur. The researchers’ machine-learning algorithm allows calculating the predictable travel time of standard signaling routes based on invariant characteristics of mobile networks.
Carrying out the attack requires several additional metrics, including the target’s known location.
The victim needs to send several SMS messages disguised as advertisements or “silent” messages, whose notifications are not displayed on the recipient’s device.
Delivery-time measurements for the SMS in each case are combined with the corresponding location signatures.
During the experiment, the authors dispatched batches of 20 messages every hour for three days to several test devices in the United States, the United Arab Emirates and several European countries, spanning about a dozen operators using different communication technologies.
They reported location accuracy of up to 96% across different countries and up to 86% for two locations within a single country.
Despite the attack’s complexity and several practical limitations, experts say it potentially threatens user privacy.
The FBI has announced a $10 million reward for information about the Cl0p ransomware gang
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have announced a $10 million reward for information about the Cl0p ransomware gang.
Advisory from @CISAgov, @FBI: https://t.co/jenKUZRZwt
Do you have info linking CL0P Ransomware Gang or any other malicious cyber actors targeting U.S. critical infrastructure to a foreign government?
Send us a tip. You could be eligible for a reward.#StopRansomware pic.twitter.com/fAAeBXgcWA
— Rewards for Justice (@RFJ_USA) June 16, 2023
The notice followed a major attack in May, which at the time affected 85 organizations, including PwC, Ernst & Young, Medibank and Metro Vancouver Transit Police.
Using a SQL vulnerability in MOVEit Transfer, hackers infected devices with malware and exfiltrated data from databases. Under threat of data leakage, attackers demand multi-million-dollar ransoms.
Authorities are gathering information on possible ties between Cl0p and other actors targeting U.S. critical infrastructure and foreign governments.
A BreachForums darknet forum database has been leaked online
On June 19, a table of registered users of the closed BreachForums darknet forum appeared online. This is reported by the Telegram channel “Leaks Information”.
A partial dump contains 4,202 records with usernames, hashed passwords, email addresses, and registration IP addresses.
Experts say the breach was orchestrated by rival groups.
In parallel, a court in Amsterdam sentenced 25-year-old hacker Erkan Sezgin to three years in prison for selling hacked data on another closed darknet forum RaidForums, phishing and laundering more than €700 000 in cryptocurrencies.
A US mobile accessories maker detected a breach two months after
Popular US mobile accessories maker iOttie reported a breach of its website. The incident occurred on April 12, but the company discovered it only on June 13.
During this time the site collected buyers’ credit card data as well as their personal information, including names, access codes and PINs for account.
iOttie said 241 people were affected.
Russia enshrines fines for “illegal use of foreign messaging apps”
The State Duma, in third reading, adopted a law introducing administrative liability for “illegal use of foreign messaging apps” when transmitting personal and financial information.
The act applies only to agencies and officials; ordinary users will not be affected.
The list of prohibited messaging apps includes:
- Discord;
- Microsoft Teams;
- Skype for Business;
- Snapchat;
- Telegram;
- Threema;
- Viber;
- WhatsApp;
- WeChat.
Officials face fines from 30,000 to 50,000 rubles; legal entities from 100,000 to 700,000 rubles.
The law comes into force from the date of official publication.
Experts find LockBit malware for different operating systems
LockBit ransomware operators have developed malicious samples for different operating systems. This was reported by Kaspersky Lab.
They found a ZIP file with modules for different platforms, including Apple M1, ARM v6, ARM v7, FreeBSD. All variants are based on an earlier version of the malware — LockBit Linux/ESXi.
Experts also found that, for a time, LockBit used code from other, lesser-known hacker groups, such as BlackMatter and DarkSide. This simplifies the activity of potential partners and expands the range of attacks of LockBit itself.
Recent data from the Kaspersky Threat Attribution Engine show that in the LockBit Green variant around 25% of the code was written by the now-defunct Conti ransomware group.
Also on ForkLog:
- 101 000 ChatGPT logins leaked on the darknet.
- Experts report cybercriminals moving from the darknet to Telegram.
- In the United States a group for combating crypto crime was created.
- Mystic Stealer malware targets dozens of cryptocurrency apps.
- Hackers used THORChain to launder assets of Atomic Wallet.
- In Belarus authorities spoke about criminal cases for illegal Bitcoin transactions.
- A Bitcoin bribe to a Moscow investigator was seized as state revenue.
- Do Kwon was found guilty of forging documents.
- In Ukraine authorities dismantled an illegal mining farm.
- Binance branded the Nigeria-based exchange of the same name as fraudulent.
- The meme token BOB collapsed after Elon Musk warned about fraud.
- In the United States a Russian was arrested on charges of distributing the LockBit ransomware.
What to read this weekend?
In a special feature, we examine best practices for protecting Bitcoin wallets.