We’ve gathered the week’s most important cybersecurity news.
- Fraudsters stole $305,000 in fake hacks of Uniswap and OpenSea.
- The FBI dismantled the IPStorm botnet; its creator pleaded guilty.
- BlackCat extortionists file SEC complaint against victim of their attack.
Fraudsters stole $305,000 in fake Uniswap and OpenSea hacks
On X, a number of fraudulent accounts appeared, presenting themselves as well-known blockchain security researchers, including CertiK, Scam Sniffer analysts, and on-chain sleuth ZachXBT.
Watch out for phishing scammers pretending there is a uniswap exploit tonight
There isn’t and that’s not the real @zachxbt, certik, etc pic.twitter.com/IK9Hp5UhP9
— hayden.eth ? (@haydenzadams) November 10, 2023
The criminals lure victims with posts about hacks of major cryptocurrency platforms such as Uniswap and OpenSea. They offer users to go to some site and connect their wallet, which supposedly will protect assets from theft. But after that they steal all the funds.
The tactic has been active since at least November 9. Since then the attackers have stolen more than $305,000 in crypto. The assets are stored in two wallets (1, 2).
The FBI dismantled the IPStorm botnet, its creator pleaded guilty.
The U.S. Department of Justice announced the takedown of the IPStorm proxy botnet, which has infected thousands of devices worldwide since 2019.
According to investigators, IPStorm targeted devices running Windows, Android, macOS and Linux, including IoT devices. The botnet spread via proxx.io and proxx.net as a service offering “more than 23,000 anonymous proxy servers”.
In September, the IPStorm creator, Sergey Makinin, a dual citizen of Russia and Moldova, pleaded guilty. He said he earned at least $550,000 from selling his proxy servers, and agreed to forfeit cryptocurrency obtained from the crimes.
He faces up to 30 years in prison.
BlackCat extortionists file SEC complaint against victim of their attack
The BlackCat extortion group filed an SEC complaint against MeridianLink, the attacked company, for violating the four-day disclosure deadline following the cyberattack. DataBreaches.net reports this.
MeridianLink provides digital solutions for a range of financial institutions.
Hackers breached its network on November 7, stealing data but not encrypting systems. In the SEC filing they noted that the public company did not notify the regulator about the incident affecting “customer data and operational information.”
Experts speculate that BlackCat used this to pressure the victim into paying a ransom.
MeridianLink was forced to confirm the cyberattack. However, according to preliminary findings the company did not find any evidence of unauthorized access to production platforms, and the incident led to only minor disruptions to business operations.
LockBit began leaking Boeing data
The LockBit group, which attacked the aircraft manufacturer Boeing in late October, published more than 43 GB of stolen files.
A substantial portion of the leak consists of backups of various systems, the most recent dated 22 October.
Also among the stolen were backups from Citrix devices, which may indicate the use of the recently discovered Citrix Bleed authentication bypass vulnerability.
I have no idea if LockBit gang really pwned Boeing with CVE-2023-4966 (CitrixBleed) as some people suggests, but Aviall / Boeing liked (and guess still like then) to decommission & patch their Citrix stuffs to for reasons like keeping the “environment healthy and compliant”…
?♂️ pic.twitter.com/twZbybL8gH— MalwareHunterTeam (@malwrhunterteam) November 10, 2023
Boeing did not disclose any technical details of the cyber incident.
MTS contractor insulted operator’s customers in an open Telegram group
Employees at one of MTS’s centers in Omsk created an open Telegram group in which they posted personal data of the operator’s mobile subscribers. This was reported by the Telegram channel Baza.
Representatives explained that the chat was run by the contractor responsible for supplying their SIM cards. Cooperation with this partner has been suspended.
The company is considering approaching law enforcement to hold the culprits to account for violations of data protection laws.
Roskomnadzor gains power to block sites with methods to circumvent restrictions
On November 17, the Russian government granted Roskomnadzor the power to block sites that provide methods of circumventing online restrictions.
Earlier Roskomnadzor developed criteria for such blocks. They directly concern VPN services, the Tor browser, anonymisers, and any information about how to bypass censorship.
Also on ForkLog:
- Canadian intelligence warned of the threat of deepfakes.
- A US presidential candidate criticized sanctions against Tornado Cash.
- OSCE taught Ukraine to track criminal Bitcoin transactions.
- Nocturne Labs launched an Ethereum solution to provide “privacy by default”.
- Bank of Russia: 68% of pyramid schemes are linked to cryptocurrencies.
- CertiK reported a “critical vulnerability” in a Solana smartphone.
- Unciphered highlighted risks of losses $2.1 billion in BitcoinJS wallets.
- Mutant Ape Planet creator pleaded guilty in a $3 million scam.
- For EAEU countries they will standardize the labeling of illicit Bitcoin transactions.
- Swan Bitcoin introduced a ban on crypto mixers. The community is preparing to defend privacy.
- Over six months, the “Ethereum wallet emptiers” stole $60 million.
- PrivatBank commented on the “blockage of cards due to cryptocurrency operations”.
- Hackers from China created a fake Skype to steal cryptocurrencies.
- Hackers announced the breach of a bankrupt Bitcoin ATM operator.
- An expert reported a $27 million crypto wallet hack.
- In Russia, Coinbase was fined a Bitcoin exchange.
- A hacker suffered losses in the DeFi project Raft.
What to read this weekend?
We cover fake token airdrops and related scams.