We have collected the most important news from the world of cybersecurity for the week.
- LockBit ransomware hacked a SpaceX contractor.
- Hidden cryptocurrency miner Dero attacked Kubernetes clusters.
- In Ukraine, the creator of a Trojan that infected 10,000 computers was arrested.
- The hackers demanded that the developer of STALKER 2 return the Russian voice acting.
LockBit ransomware hacked SpaceX contractor
Ransomware group LockBit claims to have allegedly hacked SpaceX parts company Maximum Industries and stole 3,000 proprietary blueprints. Writes about it The Register.
The hackers are threatening to put the documents up for sale if they don’t receive the ransom by March 20.
LockBit breaches Maximum Industries with a message to Elon Musk and SpaceX contractors.
/maximumind.com@elonmusk @SpaceX #cybersecurity #infosec #lockbit pic.twitter.com/voroB6hJET
— Dominic Alvieri (@AlvieriD) March 13, 2023
“I would say that we are lucky if the SpaceX contractors were more talkative. But I think this data will find its buyer very quickly. Elon Musk, we will help sell your sketches to other manufacturers, build your ship faster and fly away, ”a LockBit representative wrote.
Judging by this message, Maximum Industries is not going to pay extortionists. Journalists of the publication believe that the drawings themselves may not be of great value, since the details still need to be made and then used without arousing suspicion.
SpaceX and Maximum Industries did not comment on the situation.
Hidden cryptocurrency miner Dero attacked Kubernetes clusters
Kubernetes clusters with open API became the target of a hacker campaign to mine the Dero cryptocurrency, which is positioned as a more profitable alternative to Monero. This was reported by CrowdStrike experts.
CrowdStrike has discovered the first-ever Dero cryptojacking operation targeting Kubernetes infrastructure.
Learn more: https://t.co/iACE1vlAYx pic.twitter.com/ZOWCziA9Wv
— CrowdStrike (@CrowdStrike) March 15, 2023
Since February, attackers have been looking for open and vulnerable clusters with the ability to anonymously access the Kubernetes API, according to researchers. After that, they deploy the DaemonSet controller in the system, which allows them to simultaneously use the resources of all nodes to start hidden mining. The capacities are directed to a single pool, which then distributes the rewards.
CrowdStrike also found that in parallel, hackers are fighting rival groups mining Monero on the same devices.
Creator of Trojan that infected 10,000 computers arrested in Ukraine
Cyber Police officers arrested A 25-year-old resident of the Khmelnytsky region, who, using the Trojan he created, gained remote access to more than 10,000 computers.
According to the department, the hacker distributed malware under the guise of an application to computer games. Once on the victim’s device, the program allowed him to download and upload files, install and remove applications, take screenshots of the screen, intercept sound from the microphone and video from cameras.
In the future, the attacker used this data to steal funds from electronic accounts. Law enforcement officers did not specify whether it was about crypto wallets or online banking.
At the time of the search, the defendant controlled almost 600 infected computers, to which he could connect in real time.
The police confiscated the equipment and opened criminal proceedings on the fact of unauthorized interference in the operation of information systems. The maximum penalty under the article is up to 15 years in prison. The investigation continues.
Infostealers found in AI-created YouTube videos
There is a growing number of AI-generated videos on YouTube that distribute malware, including infostealers Raccoon, RedLine and Vidar. Analysts have warned CloudSEK.
As a rule, such videos are disguised as tutorials on downloading hacked versions of Photoshop, Premiere Pro, Autodesk 3ds Max, AutoCAD, and others. Links to the malware are contained directly in the description under the video.
To distribute malware, hackers take over popular YouTube accounts.
In addition, with the help of AI, they create videos with people with certain facial features that seem more familiar and trustworthy to users. Using poisoning methods SEO attackers seek priority search results.
The FBI estimated the damage from cyber attacks in 2022 at $ 10 billion
In 2022, the FBI received more than 800,000 cybercrime complaints, and the total losses exceeded $10 billion. report IC3.
The investment fraud was the most profitable for the attackers – $ 3.3 billion in damage. The department explained this by the hype around cryptocurrencies.
In second place was an email compromise with $2.7 billion in damage.
Phishing, identity leaks, non-payment scams, extortion, and tech support scams are also popular with cybercriminals.
The total damage from the activities of ransomware in 2022 exceeded $34 million – the FBI received more than 2,300 complaints of this kind.
Most often, the attacks were organized by operators LockBit, BlackCat and Hive. Their victims were the healthcare sectors, critical manufacturing, government agencies and IT companies.
Hackers demanded that the developer of STALKER 2 return the Russian voice acting
GSC Game World, the developer of STALKER 2: Heart of Chornobyl, has been the victim of a cyberattack. This is reported “Kommersant”.
The hackers gained access to almost 30 GB of information and demanded to return the Russian localization to the game, as well as to unblock the profiles of Russian and Belarusian players in Discord.
The attackers have already made publicly available descriptions of story videos, game cards, and some art for the game. If their conditions are not met, they threaten to publish the entire archive.
Representatives of GSC Game World confirmed the leak, which occurred by hacking the computer of one of the employees.
A message from GSC Game World team pic.twitter.com/rqRM0tFZmO
— STALKER OFFICIAL (@stalker_thegame) March 12, 2023
The company asked not to watch or distribute materials about the game, so as not to spoil the impression.
After the attack in the Ukrainian segment, Twitter announced flash mob in support of the GSC Game World studio with a call to buy the game. At the time of writing, users have managed to raise it to 4th place Steam Global Ranking.
Also on Cryplogger:
What to read on the weekend?
In a special article, we talk about the collapse of FTX and its similarity to the 2008 crisis.
Found a mistake in the text? Select it and press CTRL+ENTER
Cryplogger Newsletters: Keep your finger on the pulse of the bitcoin industry!