Here are the week\u2019s key cybersecurity developments.<\/p>\n
Law enforcement in 10 countries seized $200m in fiat and cryptocurrencies and arrested 270 people allegedly tied to a large network of drug and weapons traffickers, the U.S. Department of Justice said<\/a>.\u00a0<\/p>\n Authorities confiscated more than two tonnes of drugs, 144 kg of fentanyl-laced substances and 180 firearms.<\/p>\n U.S. prosecutors charged several major vendors, including the operators of Nemesis<\/a> and Incognito Markets<\/a>, who used cryptocurrency to sell opioids and conceal proceeds.<\/p>\n Security researchers at DomainTools discovered<\/a> more than 100 malicious Chrome extensions masquerading as legitimate applications, including crypto utilities, YouTube tools, VPNs and AI assistants.\u00a0<\/p>\n Installing them risks account takeover, theft of personal data and monitoring of network activity. Ultimately they provide attackers with a backdoor into the infected browser, giving them broad scope for exploitation.<\/p>\n Stolen session cookies can enable compromise of legitimate VPN devices or company accounts, opening access to corporate networks for larger-scale attacks.<\/p>\n Google removed most of the extensions, though some remained in the Chrome Web Store at the time of writing.<\/p>\n U.S. agencies seized<\/a> the Lumma stealer\u2019s control panel; counterparts in Europe and Japan neutralised parts of the malware\u2019s infrastructure; and Microsoft, via court action, blocked<\/a> about 2,300 of its domains.<\/p>\n Active since late 2022, the threat spread via GitHub comments and deepfake-generation sites. Subscriptions ranged from $250 to $1,000.<\/p>\n After a breach, Lumma can steal data from browsers and applications, including crypto wallets, cookies, credentials, passwords and credit cards. The stealer has extensive detection-evasion capabilities.<\/p>\n Separately, Europol took down<\/a> about 300 servers, neutralised 650 domains and issued arrest warrants for 20 cybercriminals linked to Bumblebee, Lactrodectus, QakBot<\/a>, DanaBot, TrickBot and WARMCOOKIE. More than \u20ac21.2m was seized, including \u20ac3.5m in cryptocurrency.<\/p>\n Hackers who breached in early May a modified Signal client from TeleMessage intercepted messages from more than 60 senior U.S. officials, Reuters<\/a> reported.<\/p>\n Victims included first responders, customs officers, several members of the U.S. diplomatic corps, at least one White House staffer and a Secret Service member.\u00a0<\/p>\n According to the report, on 4 May the attackers compromised a TeleMessage server. The company makes encrypted modifications of well-known messengers. Access to internal infrastructure allowed them to dump 410 GB of user messages in under 20 minutes.\u00a0<\/p>\n The intruders also accessed internal correspondence of staff at the Coinbase cryptocurrency exchange. However, platform representatives said<\/a> they did not use the messenger to transmit critically important client information.<\/p>\n The organisation DDoSecrets<\/span> announced access<\/a> for researchers and journalists to a database including TeleMessage users\u2019 correspondence and metadata.<\/p>\n The Council of the EU added to its sanctions list<\/a> the web-hosting provider Stark Industries and two of its executives\u2014CEO Yuriy Nekuliti and owner Ivan Nekuliti\u2014for facilitating cyberattacks on behalf of Russia.\u00a0<\/p>\n \u201cThey acted as enablers of various actors sponsored by and linked to the Russian state to carry out destabilising activities, including interference in information manipulation and cyberattacks against the EU and third countries,\u201d the statement said.<\/p>\n<\/blockquote>\n Stark Industries is registered in the United Kingdom and provides VPS\/VDS<\/span> servers in the UK, the Netherlands, Germany, France, Turkey and the U.S. The provider accepts payments including bitcoin, Ethereum, Monero and Dash.<\/p>\n Experts link<\/a> numerous disinformation campaigns and DDoS<\/span> attacks in Russia\u2019s favour to servers operated by Stark Industries and other services provided by the Nekuliti brothers.<\/p>\n Also sanctioned was a Roskomnadzor entity \u2014 the FSUE<\/span> \u201cMain Radio Frequency Centre\u201d \u2014 for involvement in electronic warfare through GPS jamming and spoofing in the Baltic states, as well as for disrupting civil aviation.<\/p>\n Vietnam\u2019s technology ministry accused the Telegram messenger of refusing to cooperate with law enforcement and ordered it blocked nationwide by 2 June, Reuters<\/a> reported.\u00a0<\/p>\n Authorities say 68% of 9,600 channels and groups on the messenger in Vietnam violate the law, allegedly spreading \u201ctoxic\u201d information, publishing anti-government materials and facilitating crimes including fraud and drug trafficking.<\/p>\n The statement stressed that Telegram has not registered its operations in the country, does not remove prohibited content at police request and does not provide the government with user data for criminal investigations.<\/p>\n Also on ForkLog:<\/p>\n NoOnes P2P platform founder Ray Youssef told ForkLog about the project\u2019s security overhaul and offered advice for crypto maximalists.<\/p>\n","protected":false},"excerpt":{"rendered":" Here are the week\u2019s key cybersecurity developments. Authorities seized hundreds of millions of dollars in cryptocurrency from a drug-trafficking network. Malicious crypto utilities were found among Chrome extensions. Media reported dozens of U.S. government victims from a hacked Signal clone. Vietnam will start blocking Telegram over its refusal to cooperate. Authorities seize hundreds of millions […]<\/p>\n","protected":false},"author":1,"featured_media":24243,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1238,1233],"class_list":["post-24244","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybersecurity-digest","tag-industry-digests"],"aioseo_notices":[],"amp_enabled":true,"views":"20","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/24244","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=24244"}],"version-history":[{"count":0,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/24244\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/24243"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=24244"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=24244"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=24244"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Malicious crypto utilities found among Chrome extensions<\/strong><\/h2>\n
Lumma crypto-stealer loses thousands of domains and part of its servers<\/strong><\/h2>\n
Media report dozens of U.S. government victims from hacked Signal clone\u00a0<\/strong><\/h2>\n
EU sanctions web host Stark Industries and a Roskomnadzor unit<\/strong><\/h2>\n
\n
Vietnam to block Telegram over refusal to cooperate<\/strong><\/h2>\n
\n
What to read this weekend?<\/strong><\/h2>\n