TL; DR: Emotet again active and leak from the government database in Albania (52nd week)

The Emotet infrastructure is gradually gaining strength and cooperation with the Trickbot botnet is also repeated. Security forces managed to arrest three cybercriminals, one sentenced; and a large database from the British security forces was donated to the Password Control Service Have I been Pwned.

Database in Ghana exposed

Due to misconfiguration, Ghana’s National Service Secretariate exposed database containing 55 GB of data. The data leakage concerned 700 thousand citizens involved in the government mandatory public service programme. The exposed data contained identity documents of the participants in the programme, documents for Ghana National Health Insurance Scheme, IDs according to the candidate’s placement, etc.

Vulnerability in US Federal Agency Network

Avast Threat Intelligence Team has found a vulnerability in the network of the United States Commission on International Religious Freedom. Abusing the vulnerability would allow the attackers to obtain full control of the system. The affected organisation did not respond and after several unsuccessful attempts to make them aware of the issue, Avast researchers released their findings.

Ransomware attack on Shutterfly

The website for creating photo books, postcards and photo uploading Shutterfly has suffered a vast Conti ransomware attack. The attackers managed to encrypt over 4 thousand devices and 120 servers. The gang is allegedly demanding millions of dollars for decryption keys as a ransom for stolen company data, such as legal agreements, bank account information, login credentials for corporate services and customer information, including the last four digits of credit cards.

Rebirth of Emotet infrastructure

A renewed spread of Emotet malware has also been detected in devices infected with TrickBot botnet. CheckPoint security researchers estimate that Emotet activity is at least 50 % of the level compared to January 2021 before Emotet had been taken down through a global action.

Data leak from the government database in Albania

Albanian Prime Minister Edi Rama apologised for the massive leak of personal records of 637 thousand people from the government database. Exposed data included the personal identity card numbers, employment and salary data. The attack is under investigation but preliminary findings indicate that it could be an internal infiltration rather than an outside cyberattack.


  • Three North Korean hackers were charged by the U.S. Department of Justice for stealing of $1.3 billion in form of cryptocurrency and cash.
  • Google removed a Joker malware app from Play Store. The Joker malware found in Color Message app had more than 500 thousand downloads.
  • French IT service company Inetum was hit by BlackCat ransomware attack. The attack allegedly had a limited impact on the business.
  • The UK’s security forces, the National Crime Agency and the National Cyber Crime Unit have contributed 225 million compromised e-mails with Have I Been Pwned, a free service that tracks stolen credentials.
  • A cybercriminal was sentenced to 48 months in prison for operating a “crypting” service used to conceal the Kelihos malware from antivirus software. It enabled hackers to infect hundreds of thousands of devices.

« Späť na zoznam