TL; DR: Banks’ mistake costing several millions and fake Cyberpunk 2077 (50th week)

Several banks faced a sophisticated attack; the American school didn’t avoid ransomware; and the attackers targeted logistics as well. The disadvantages of converting the cybersecurity company to cybercrime company were clear to Canadian company Phantom Secure. Iranian hackers don’t spare Israeli companies; and all that glitters, it’s not Cyberpunk…

More in our regular summary.

Banks with an empty safe

Researchers from IBM Trusteer have uncovered a massive cyberattack on several banks through stolen accounts. The attack of high sophistication was executed with automation of 20 emulators, which emulated more than 16 thousand mobile devices with stolen bank accounts. Attackers with emulators pretended to be account holders by emulating device identifiers, GPS allocations and in some cases pretended to be account holders with new devices. The attack resulted in the theft of several million dollars in a few days.

Leaky browsers

The analytical team from Avast has revealed another malware, this time hidden in 28 extensions of Google Chrome and Microsoft Edge. Malware installed at more than 3 million users is used to redirect the traffic from legitimate websites to ads or phishing websites and also to steal personal data, such as names, birth dates, e-mail addresses and data about active devices. A full list of infected extensions can be found in sources.

Iranian hackers don’t rest

Following the attack on the Israeli insurance company Shirbit by the BlackShadow hacking group, other Israeli insurance, industrial and logistics companies are becoming a target. According to ClearSky Cyber Security Company, Pay2Key ransomware attacks were attributed to Iranian APT group Fox Kitten, also known as Pioneer Kitten and Parasite.

Hidden intentions

The authorities seized the equipment worth several million American dollars and another 4 million dollars from the capital of the Canadian cybercrime company Phantom Secure. Paradoxically, externally, they acted as a security company. The company cooperated with criminal syndicates, to which it provided encrypted telecommunications devices in order to evade security authorities while committing global drug trafficking. Vincent Ramos (CEO) was sentenced to 9 years in prison and other leaders of Phantom Secure will go to jail as well.

Joint intervention

FBI, Europol and other security agencies during “Operation Nova” shut down successfully the cybercrime network Safe-Inet and Insorg VPN used to host illegal operations, including ransomware, E-skimming, spear phishing and illegal account takeovers. The platform also provided VPN services.


  • Forward Air, a logistics company, has become a victim of Hades ransomware attack. It had to temporarily discontinue its operations and take all critical systems offline.
  • Roanoke College in Virginia has become a target of ransomware attack. Now, it is forced to delay the beginning of the semester by a month. The attacker and the system recovery duration are unknown yet.
  • Hackers have also chosen the British People’s Energy company as a target. The attack resulted in the theft of personal data of all the company’s customers. No financial information was leaked.

The fake application imitating the Cyberpunk 2077 game for Android is used to expand CorderWare ransomware from the Black Kingdom ransomware family. Cyberpunk Mobile (Beta) is distributed in an app store looking like the Google Play Store.

« Späť na zoznam