This week’s most significant cybersecurity news.
- The largest hack in the DeFi sector and the industry at large: the hacker withdrew $611 million in various cryptocurrencies. The breach was the largest in DeFi history and in the industry overall.
- Researchers have discovered a new Trojan spreading via Telegram.
- 77% of Russians are confident that they are being tracked through smartphones.
Hacker stole $611 million in cryptocurrencies from Poly Network, and later returned the funds to the project
The week’s main event was the attack on the Poly Network cross-chain protocol, in which the hacker withdrew $611 million in various cryptocurrencies. The breach was the largest in DeFi history and in the industry overall.
However, already the next day the hacker stated his intention to return the stolen funds. At the time of writing, he reimbursed Poly Network all stolen funds with the exception of $33 million in USDT, which Tether froze after the attack.
The hacker explained that he hacks for fun, but ForkLog experts believe that he decided to return the funds because his personal data was exposed. Slowmist specialists said they were able to track the hacker and learned his email address, IP information and device fingerprint.
Later it became known that the hacker refused the $500 000 reward offered by Poly Network for the return of the funds.
In Belarus, authorities order blocking accounts on popular social networks
Several Telegram channels reported that based on a decision by Belarus’s Ministry of Information, several accounts on TikTok, Facebook, Instagram, VKontakte and YouTube should be blocked in the country.
As the channel «За BYnet» reports, all services continue to operate in the country.
“The thing is there is no reliably functioning technology that can block individual pages or channels on social networks and messengers, and at the same time not kill half the rest of the Internet. So providers have a choice — block all social networks or simply ignore it,” the channel’s authors noted.
Study: 77% of Russians think they are being tracked through smartphones
A vast majority of Russians believe their actions are tracked via mobile devices, according to a survey by ESET, reported Gazeta.Ru.
40% of respondents say their personal data are collected through their search history, 25% believe that all actions are tracked, 14% believe they are monitored via microphone and camera.
To avoid potential monitoring, 45% of Russians disable geolocation, 39% block apps’ access to certain functions.
LockBit 2.0 ransomware attacked Accenture
The consulting firm Accenture was attacked by the LockBit 2.0 ransomware. The attackers posted the information on their site. They also claim they gained access to Accenture’s systems via an insider.
In comments to the publication ZDNet representatives confirmed the attack, but said that they “immediately localized the problem, isolated the affected servers and fully restored the affected systems”.
Hudson Rock, a firm that investigates cybercrime, said that hackers compromised around 2,500 computers of employees and partners of Accenture.
Cyble said the attackers demanded a $50 million ransom for about 6 TB of stolen data.
The threatactors have alleged to gain databases of over 6TB and demanding $50M as a ransom. They also alleged that it’s an insider job, by someone who is still employed there (unlikely though).
— Cyble (@AuCyble) August 11, 2021
Subsequently, the hackers published Accenture files, which largely contain various marketing materials.
FatalRAT Trojan spreads in Telegram
AT&T’s security researchers discovered a Telegram-spreading Trojan FatalRAT.
According to experts, attackers seek victims through channels and chats. The malware is delivered via malicious hyperlinks. Using the trojan, hackers infect victims’ devices and gain access to users’ actions, and can also make changes to systems without owners’ knowledge.
Universal decryption key for files affected by Kaseya attack surfaces online
A cybersecurity researcher found on a hacker forum a decryptor key for files affected by the Kaseya attack by the REvil group.
#kaseya master key?
OgTD7co7NcYCoNj8NoYdPoR8nVFJBO5vs/kVkhelp2s=https://t.co/yq820cMkAg pic.twitter.com/4OBJ4i3UAh
— pancak3 (@pancak3lullz) August 10, 2021
Bleeping Computer confirmed that the key works, but it is suitable only for Kaseya clients, not all REvil victims.
As a reminder, the hackers attacked Kaseya in early July. Among the companies that the attackers gained access to were IT-support providers, potentially threatening thousands of other firms. For decrypting REvil’s files, they demanded $70 million in Bitcoin.
In the night of July 13, the dark web sites of the hacker group went offline, and later it was revealed that Kaseya received the decryptor key for the files affected by the attack. The company says it did not pay the attackers.
Also on ForkLog:
- Russia ranked fourth in the world in losses from hacker attacks.
- Unknown actors used Telegram for covert Monero mining.
- Hackers withdrawed more than $7 million in USD Coin from the DAO Maker platform.
- Cybercriminals created a service to check “dirty” Bitcoins.
What to read this weekend?
Ransomware more often targets organizations worldwide, prompting authorities to pay even closer attention to cryptocurrencies in which hackers demand ransoms. We explain why ransomware operators have intensified and what this means for the crypto industry in ForkLog’s feature.
Read ForkLog’s Bitcoin news in our Telegram — cryptocurrency news, prices and analysis.