We have collected the most important news from the world of cybersecurity for the week.
- The head of the FACCT department was detained in Kazakhstan at the request of the United States and arrested in absentia in the Russian Federation.
- Cryptographer LockBit has requested $70 million from semiconductor manufacturer TSMC.
- In Australia, a prisoner pulled off a $2 million bitcoin scheme.
- The FBI has seized several BreachForums-related domains.
The head of the FACCT department was detained in Kazakhstan at the request of the United States and arrested in absentia in the Russian Federation
On June 22, Kazakh authorities, at the request of the United States, detained Nikita Kislitsin, head of the Department for the Development of Solutions for Comprehensive Countermeasures to Complex Cyber Attacks at FACCT (formerly Group-IB). About it reported his colleagues.
Kislitsin will be held in custody while the grounds for extradition to the United States are being examined.
The charges against him became known back in 2020. Then the US Department of Justice made public a 2014 conclusion on the alleged involvement of a Russian in a conspiracy to sell credentials stolen from the Formspring forum in 2012 (before joining Group-IB).
In parallel with this, on June 28, the Tverskoy Court of Moscow authorized arrest in absentia of Kislitsin in the case of illegal access to legally protected computer information. He was put on the federal wanted list and intend to seek extradition to the homeland.
FACCT representatives said that the charges against Kislitsin are not related to the company itself and are related to the period of his work as a journalist and cybersecurity researcher. They are sure that there were no legal grounds for detaining their colleague.
Cryptographer LockBit asks for $70 million from semiconductor manufacturer TSMC
LockBit ransomware operators claim they successfully hacked the world’s largest semiconductor manufacturer TSMC and demanded a $70 million ransom. However, the company denied the leak, reports Bleeping Computer.
According to the originally published screenshots, the attackers gained access to a significant amount of email addresses and credentials allegedly owned by TSMC for various internal systems. This information was later removed, and a ransom message appeared instead.
As a TSMC spokesman explained, the hackers hacked into one of their IT equipment suppliers, Kinmax Technology. As a result, information was leaked regarding system installation and server configuration. Later, the company itself confirmed incident.
The attack did not affect TSMC’s business operations and the safety of customer data.
An investigation is currently ongoing with the participation of law enforcement officers. For the duration of the proceedings, the semiconductor manufacturer ceased work with the affected supplier.
In Australia, a prisoner pulled off a $2 million bitcoin scheme
Ishan Sinar Sappidine, who is serving a 12-year sentence in Australia for organizing a pyramid scheme, convinced at least six prisoners to transfer more than $ 2 million to accounts under his control under the guise of investing in bitcoin. This is reported Daily Mail.
The described events took place between 2020 and 2022. Sappidine said that he allegedly has extensive experience in the cryptocurrency market together with Australian billionaire Mike Cannon-Brooks.
Among the victims of the fraudster was the famous Australian rugby player Jarryd Hayne.
Due to the lack of Internet access, the prisoners turned to third parties outside the prison to transfer funds to the scammer. Despite assurances of a significant return on investment, the victims never received any payments.
The country’s authorities launched an investigation into this fact, and Sappidin was transferred to a prison with a stricter regime.
FBI seizes several BreachForums-related domains
U.S. law enforcement has gained control of the back-up domain of the hacker forum BreachForums on the net three months after its founder and administrator, Conor Brian Fitzpatrick, known as Pompompurin, was detained. Writes about it Bleeping Computer.
Breached.vc now displays a banner listing the departments involved in the operation, as well as Pompompurin’s handcuffed avatar.
In addition, the pompur domain was confiscated[.]in, which was personally owned by Fitzpatrick, and the BreachForums site on the dark web now displays an Nginx “404 Not Found” error.
The DNS servers of all captured domains have been changed to ns1.seizedservers.com and ns2.seizedservers.com, which are usually used by law enforcement officers in such cases.
The operation also affected one of the websites of the DataBreaches.net news resource, which was used to report data breaches – Breaches.net. The media have already turned to the FBI to challenge the seizure of the domain.
Tinkoff fined 70,000 rubles for a leak
The Savelovsky District Court of Moscow imposed a fine of 70,000 rubles on Tinkoff Bank for leaking personal data. This is reported RIA News”.
The bank denied the information about any violations. Representatives said that the court’s decision “is connected with a technical error in the process of servicing one of the bank’s clients.”
Experts have discovered a new Trojan from Andariel hackers
Andariel, a cybergroup that is part of Lazarus, has begun using the new remote access Trojan EarlyRat. This was reported in Kaspersky Lab.
Beyond DTrack #malware & Maui # ransomware: #Andariel expands its TTPs🌐
Log4j appeared to be the source of EarlyRat based on our initial investigations. However, while hunting for more samples, we found #phishing docs dropped #EarlyRat.
More details⬇️https://t.co/qVLbLway8f— Kaspersky (@kaspersky) June 29, 2023
Primary infection occurs using a Log4j exploit, or through links in phishing documents.
Upon activation, EarlyRat collects system information and transmits it to the C&C server. The data includes the unique identifiers of the infected machines and the requests that are encrypted using them.
The Trojan is simple and mostly limited to executing commands.
YouTube as part of the experiment began to block the player for AdBlock
Users Reddit reported a pop-up window on YouTube that notifies you of restrictions on video viewing when the AdBlock ad blocker is enabled.
Platform representatives confirmed mass mediathat these warnings are part of a “little experiment” with which the company encourages viewers to allow ads or try paid subscriptions.
They added that in “extreme cases” where users leave the blocker active, video playback can be temporarily disabled.
Also on Cryplogger:
What to read on the weekend?
In a special article, we analyze the thesis that some technologies are more prone to tyranny than others.
Found a mistake in the text? Select it and press CTRL+ENTER
Cryplogger Newsletters: Keep your finger on the pulse of the bitcoin industry!