The Good, the Bad and the Ugly in Cybersecurity

A naukri.com initiative

New

Home

Info. Security News News

The Good, ...

Sentinelone

350

Image Credit: Sentinelone

The Good, the Bad and the Ugly in Cybersecurity – Week 3

The US Department of Justice (DoJ) has indicted three Russian nationals for operating cryptocurrency mixing services Blender[.]io and Sinbad[.]io, alongside the theft of over $659m in cryptocurrency by North Korean cyber threat actors.
The FBI carried out an operation to remove the PlugX malware from over 4,200 infected computers worldwide. PlugX was mostly used by Chinese hackers to steal sensitive information, remotely control machines and infect more systems.
Evidence of a crowdfunding scam from 2016 has emerged showing DPRK’s fraudulent IT worker schemes were involved. A new report shows the 17 seized domains all impersonated IT service companies and were linked to the aforementioned fraud scheme.
UAC-0063 is a threat actor, suspected to be working with Russia’s GRU-backed APT28, that has been targeting Kazakhstan and neighboring countries with multi-stage infections to enable continuous data extraction.
The malware chain used by UAC-0063 involves spearphishing emails containing malicious Microsoft Office documents from Kazakhstan’s Ministry of Foreign Affairs which trigger an infection chain called “Double-Tap”.
The Visual Basic Script backdoor HATVIBE was used by UAC-0063 to pave the way for the Python-based CHERRYSPY backdoor that allows attackers to execute code from a C2 server.
Source of the documents used by UAC-0063 is still unclear, but it is likely to have been exfiltrated in a previous attack on the same system.
The GRU’s focus on intelligence gathering on Kazakhstan’s geopolitical alliances, trade routes, and strategic projects to maintain Russia’s influence in Central Asia is the motive behind the spearphishing attacks.
North Korean hackers and ransomware gangs laundered criminal proceeds, including ransomware payouts and stolen cryptocurrency, via Blender[.]io and Sinbad[.]io. Using cryptocurrency mixers is a part of how actors profit from crypto-heists and remains a significant threat to the global financial system's integrity.
Blender[.]io operated between 2018 and 2022 and helped Lazarus Group launder $500m of the $617m stolen in the Axie Infinity Ronin bridge attack. Sinbad[.]io emerged after Blender[.]io was shut down, offering similar services until seized in November 2023 in a law enforcement operation.

Read Full Article

21 Likes

Discover more

For uninterrupted reading, download the app