TL;DR: Recycling Differently (5th Week)

A ransomware gang has shown that they take unusual care of nature; users whom leaked data due to a T-Mobile attack and use Google Fi have been advised to change out their SIM cards; and security researchers have pointed to cooperation between companies to raise awareness of supply chain attacks. The source code of a Russian browser also leaked; a security researcher was rewarded for finding a major vulnerability; and Ukraine’s national news agency was targeted by five malware attacks at once.

Ransomware ecology

The LockBit ransomware gang recycled the encryption tool that leaked with other source codes of the Conti ransomware gang. The gang called its “new” encryption tool “LockBit Green” and started using random extensions instead of its standard .lockbit extension, e.g. 1.doc.fc59d76 or 1.jpg.fc59d76b (probably depending on the type of an encrypted file).

Ransomware attack

European independent car retailer Arnold Clark has become a target of the Play ransomware attack. The company data was also leaked during the attack, including names, contact details, dates of birth, vehicle details, identity documents (passports and driving licences), national insurance numbers (in limited cases) and bank account details.

More information on T-Mobile leak

In November 2022, along with the data leak of 37 million T-Mobile customers, the data of an unknown number of Google Fi communication platform users was also leaked. Google Fi users’ phone numbers, SIM card serial numbers and details of the paid service were exposed, which may increase the danger of SIM swapping attacks. The platform advises users to change out their SIM cards.

Attack on a fashion company

The UK sports fashion chain JD Sports disclosed that it has become a target of a cyberattack. The result was the data leak of ten million customers who placed orders between 2018 and 2020. Names, billing and delivery addresses, email addresses, phone numbers and the last four digits of payment cards were exposed.

Research on partnership between companies

Cyentia Institute data analysts and Security Scorecard researchers have published research on partnership between companies. For example, the data research found that 98% of 230,000 organisations do business with a company who suffered a data breach after a cyberattack, and that the average company has around 10 partners.


  • The source code of the Yandex search engine has been leaked on a hacker forum. The leak contains, for example, 1,922 factors the search engine uses in its search algorithm.
  • Gtm Manoz, a security researcher, received a 27,000 dollars bounty for having reported a two-factor authentication bypass vulnerability affecting social networks of Instagram and Facebook.
  • The US Cybersecurity and Infrastructure Security Agency (CISA) establishes a new supply chain risk management office. The office will also be tasked to help both public and private entities with putting security guidelines and policies into practice.
  • The Dutch central bank imposed a fine3 million euros on the cryptocurrency trading platform Coinbase for failing to comply with the national anti-money laundering statute.
  • Ukraine’s national news agency Ukrinform has become a target of five different data wiping malware attacks attributed to the Russian APT group Sandworm.

« Späť na zoznam