TL; DR: Another cybersecurity success in Ukraine and the theft of cryptocurrencies (weeks 25 and 26)

Cybersecurity forces in Ukraine have made other successful arrests of cybercriminals, a Singaporean cybercriminal was convicted after pleading guilty to 11 felonies and two counts of identity theft, and an unknown attacker successfully stole $100 million in cryptocurrencies, but if he tells how he did it and returns it, he will receive a $1 million reward from the victim.

Warning against deepfake interviews

The U.S. FBI is warning employers about deepfake interview attempts by an attacker to obtain a job position remotely. Cybercriminals use deepfake voice modifiers in interviews, which manifests as voice desynchronization and lip movement. The phenomenon is especially observable when coughing and sneezing. The goal of cybercriminals is to gain access to their employer’s network and exploit it for various forms of cyberattacks.

Arrests of cyber criminals in Ukraine

Ukrainian security forces have successfully arrested a group of cybercriminals responsible for operating more than 400 phishing websites. The nine-member gang is responsible for more than $3 million in damages, stealing these funds from approximately 5,000 victims. The subject of the phishing was financial aid from the EU to Ukraine. They face a maximum sentence of 15 years in prison for their crimes.

MEGA vulnerabilities fixed

Security researchers from ETH Zurich have uncovered 5 vulnerabilities in the MEGA cloud storage system. The vulnerabilities were dependent on one previously remediated vulnerability that allowed RSA keys to be obtained and decrypted data stored on MEGA servers. The exploit required access to the MEGA servers and at least 512 logins of the user whose data the attacker wanted to access. Three vulnerabilities have already been patched and the remaining two will be patched in future updates. The patched vulnerabilities will not affect users of the service.

Ransomware attack

One of the branches of TB Kawashima, a parts supplier to car manufacturer Toyota, was the target of a ransomware attack. The company shut down the compromised facilities and declared that production was not restricted. The LockBit ransomware gang was probably behind the attack and posted encrypted company data on its website.

Identity theft

A cybercriminal from Singapore successfully stole the identity of the co-founder of Riot Games and gained access to Amazon Web Services (AWS) and Google Cloud. A cybercriminal also stole the identity of writer Harold Borland with which he was able to gain access to AWS. After pleading guilty to 11 charges (including methamphetamine use), he was sentenced to 10 years in prison.

The end of the Rsocks botnet

The U.S. Department of Justice successfully dismantled the Russian Rsocks botnet. The botnet, which had at least 325,000 devices in the US, rented proxy services to cybercriminals. The security forces discovered the botnet by paying for the Rsocks service and gradually identified all the infected devices. The cybercriminals’ services were costing $200 a day for 90 thousand devices.


  • The US NSA has published a guide on how to secure Windows devices from PowerShell exploit attacks,
  • the privacy-focused web browser Brave is growing in popularity. Since June 2021, when it had 8.1 million users, its user base has grown to 411.7 million users,
  • an unknown cybercriminal stole more than $100 million worth of BUSD, USDC, ETH and WBTC cryptocurrencies from California-based Harmony. The company is offering $1 million for the return of the cryptocurrencies and the provision of information about the exploited vulnerability to patch the disabled Horizon bridge,
  • the black market credit card industry has a new carding website “BidenCash”. It offered stolen credit card and other data for free as its promo. Analysis of the data revealed that there were more than 6.6 thousand cards in the database of nearly 8 million entries, and only 1.2 thousand of them were valid,
  • a former Amazon employee was found guilty of stealing the personal data of more than 100 million users of the banking institution Capital One. He carried out the attack in 2019 and faces a maximum sentence of 25 years in prison for the crimes,
  • Security forces managed to arrest nine members of the phishing gang responsible for the theft of millions of euros. A total of 24 houses were searched, leading to the seizure of weapons, ammunition, jewellery, electronic devices and funds in cash and cryptocurrencies,
  • Flagstar, a US bank, was the target of a cyberattack. The attack took place between December 3 and 4, 2021, and could potentially result in the theft of more than 1.5 million users’ data,
  • US company Residual Pumpkin Entity, which previously owned CafePress, was fined $500,000 for concealing the 2019 data leak of 23,000 customers.

« Späť na zoznam