We have collected the most important news from the world of cybersecurity for the week.
- The FBI destroyed the Snake spyware used by the FSB.
- US law enforcement officers closed 13 sites for ordering DDoS attacks.
- CS:GO has created a special map with news about the war in Ukraine.
- Gmail will add a darknet monitoring service.
The FBI destroyed the Snake spyware used by the FSB
US Department of Justice informed on the liquidation of an international network of computers infected by the Snake P2P botnet and involved in espionage by the Russian Federation. According to the department, the malware was distributed by the Turla hacker group associated with the FSB.
Russian FSB cyber actors are deploying cyberespionage malware targeting over 50 countries. Take action to keep FSB’s Snake malware out of your networks. Learn how to detect and mitigate associated malicious activities. https://t.co/hzzQpo1vBc pic.twitter.com/4eUb5oiums
— NSA Cyber (@NSACyber) May 9, 2023
For almost 20 years Snake used to collect and steal confidential documents from governments, research organizations and journalists in at least 50 countries, including NATO member countries.
Turla command centers were located in Ryazan and Moscow.
Using the FBI-created Perseus tool, technicians were able to remotely disable malware on infected devices without affecting legitimate applications and files on them.
Law enforcement officers are now contacting the victims and providing recommendations on how to eliminate the consequences of a cyber attack.
US law enforcement officers closed 13 sites for ordering DDoS attacks
FBI confiscated 13 domainsrelated to platforms for DDoS– attacks for hire.
This is the third operation of law enforcement officers to identify booter-services and IP stressors.
Of the 13 seized domains, 10 were reincarnations of services that were shut down during a previous sweep in December 2022 that targeted 48 leading booter services, the Justice Department said.
Before being captured by the FBI tested all services, confirming their effectiveness and evaluating the impact of DDoS attacks on target computers. The department noted that some attacks took devices offline.
Gmail will add a darknet monitoring service
Gmail users will be able to scan the dark web for their email addresses with new protective function Dark Web Report by Google.
— Google (@Google) May 11, 2023
Customers will also be alerted if their personal information, including name, address, phone number, or social security number, is posted on hacker forums.
For now, the feature is only available in the US market. In the future, Google plans to expand it to all users.
CS:GO created a special map with news about the war in Ukraine
The Finnish newspaper Helsingin Sanomat created a special map in Counter-Strike: Global Offensive (CS:GO) to bypass Russian censorship about the war in Ukraine. This is reported PC Gamers.
Custom map de_voyna resembles the ruins of a Slavic city with a secret underground bunker.
It presents a selection of key data about the war in English and Russian. This information includes statistics on Russian military casualties from reliable sources, details of rocket attacks and other crimes committed against civilians, and photographs of incident sites.
“The goal is to show the Russians that the horrors of war are taking place in places that seem very familiar to them,” the newspaper said.
The card launched on May 3 and has over 22,000 subscribers at the time of writing.
Russians make up about tenth from the total player base of the CS:GO shooter.
Known ransomware tried to hack the information security company Dragos
Industrial cybersecurity company Dragos reported that on May 8, a well-known hacker group attempted to break into its defenses to deploy a ransomware.
It’s time to destigmatize security events. Yes it happens at security companies and here’s why we need to talk about it. #cybersecurity #icscybersecurity #otcybersecurity #industrialcybersecurity #criticalinfrastructureprotectionhttps://t.co/0haQOJilVs
— Dragos, Inc. (@DragosInc) May 10, 2023
The cybercriminals were unable to break into the internal network, but they gained access to the SharePoint cloud service and the company’s contract management system.
The attack occurred by compromising the email address of a new sales employee.
After the SharePoint hack, the attackers downloaded “public data” and gained access to 25 customer reports.
The hackers later sent a ransom note. Dragos disabled the hacked account, canceled all active sessions and blocked attackers from accessing their resources.
The company does not plan to pay extortionists, although it does not exclude that the stolen information will be published on hacker forums.
The investigation is ongoing.
Also on Cryplogger:
What to read on the weekend?
In the educational section “Cryptorium” we tell you how not to become a victim of scammers when using a bitcoin wallet.
Found a mistake in the text? Select it and press CTRL+ENTER
Cryplogger Newsletters: Keep your finger on the pulse of the bitcoin industry!