The guards at the Ukrainian nuclear power plant mined cryptocurrency and divulged state secrets


The attackers used the resources of the South Ukrainian nuclear power plant for mining digital currency. The Security Service of Ukraine (SBU) stopped the activity of criminals.

Agents of the SBU, checking objects of the nuclear power plant, found computer equipment, illegally connected to the systems for mining. On July 10, the employees of the Department searched and seized the media converter, fiber optic and part of the network cable.

It’s important to note that information about the physical protection of the station, which is a state secret, leaked to the network due to the unauthorized placement of computer equipment in the territory of a nuclear power plant.

Specialists of the Security Service of Ukraine have information according to which members of the National Guard of Ukraine may be involved in illegal mining. The SBU has achieved the initiation of criminal proceedings against them.

It is an interesting fact that recently it became known that in Ukraine the authority that controls the quality of equipment for the South Ukrainian nuclear power plant since 1992 will be eliminated. Employees of the structure carried out examinations, as well as participated in tests of the equipment.

The decision was made after the evaluation of the enterprise. The work of the center was deemed ineffective.

However, it can be assumed that this is due to the fact that someone was mining cryptocurrency on the territory of the South Ukrainian nuclear power plant.

In addition, this week the police discovered an underground farm for the production of cryptocurrency in Ingushetia. Its owners were engaged in illegal and unaccounted electricity consumption. During the inspection of this room, law enforcement officers found that more than 1.5 thousand devices for receiving crypto currency, a laptop, two system units, a video recorder of a video surveillance system, as well as two transformer points with a capacity of 1.6 thousand kW each were connected to the power supply system without appropriate documentation.

Recall that in May 2018 it became known that the police in the Ukrainian city Rovno were mining cryptocurrency directly at the workplace. Since Ukraine does not have legislation regulating the circulation and mining of cryptocurrencies, an investigation was conducted into the theft of electricity.

This was not the first case of using the official position for cryptocurrency mining. In September 2017, Crimean government officials were fired for mining bitcoins in the workplace, and on February 2018 it became known that employees of the Ministry of Finance of Kazakhstan used office computers and department servers for cryptocurrency mining.


Indian Healthcare Website Hacked, stolen data for sale





US-based cyber-security firm FireEye discovered a hack into a leading Indian healthcare website, stealing more than 68 lakh data of both doctors and patients.

The FireEye did not name the website but said that the cybercriminals mostly from China are selling the stolen data in web portals around the world.

"In February, a bad actor that goes by the name "fallensky519" stole 6,800,000 records associated with an India-based healthcare website that contains patient information and personally identifiable information (PII), doctor information and PII and credentials," FireEye said in its report shared with IANS.

According to FireEye, in between October 1, 2018, and March 31, 2019, their intelligence team stumbled upon on multiple healthcare-associated databases which were for sale in $2,000.

"In particular, it is likely that an area of unique interest is cancer-related research, reflective of China's growing concern over increasing cancer and mortality rates, and the accompanying national health care costs," the cyber-security agency noted.

"Targetting medical research and data from studies may enable Chinese corporations to bring new drugs to market faster than Western competitors," the report claimed.


Fashion designer lost business after her Instagram account got hacked

Twenty-three-year-old Bree Kotomah almost gave up on a burgeoning career in fashion design when hackers compromised her business's Instagram account in November 2018.

"Unfortunately, at the time I ran everything on Instagram, so when that was gone, that was the whole business gone," she told BBC Radio 5 Live.

At least half of micro businesses - companies with fewer than nine employees - in the UK are victims of cyber-attacks every year, compared to just a third of other companies, according to the Association of Independent Professionals and the Self-Employed (IPSE).

Ms Kotomah, whose business Boresa Kotomah is based in London, had not studied fashion. She taught herself to sew and began designing clothes in 2018. Due to interest on Twitter in her fashion styles, she started an Instagram account and gained 5,000 followers in seven months, after a photo of a dress she made went viral.

Interested customers would send her a direct message on Instagram enquiring about prices, and commission her to make the dresses.

Ms Kotomah would invoice her customers using PayPal and mobile app Invoice2go, and her reputation grew by word of mouth and through shares of her outfits on Instagram and Twitter.

But then it all stuttered to a halt.

"I woke up one morning and my account was deleted. I received an email from Instagram saying I had violated some terms and I had done certain things that I know I didn't do," she said.

"My business at that time was my livelihood. That was what I was doing full-time. I'm self-employed. So if I'm not making money from working, I'm not making money at all so I was just thinking like, 'What am I going to do?'"

Ms Kotomah's designs have been worn by actors, influencers, singers, models and dancers.

Ms Kotomah was so disheartened that she stopped designing for two months and considered other jobs. But then she decided to give it one more try. She started a new Instagram account, learned more about running a business, and set up a website showcasing her work that offered ready-to-wear clothing available for immediate purchase.

Phishing Attacks: Via Scraping Branded Microsoft Login Pages!


Phishing Attacks: Via Scraping Branded Microsoft Login Pages!



The latest phishing attack attacks using the targets’ company-branded Microsoft 365 tenant login pages just to make it look more believable.

Microsoft’s Azure Blob Storage and the Azure Web Sites cloud storage solutions are also under usage for finding solutions to host their phishing landing pages.

This helps the users think that they’re seeing a legitimate Microsoft page. This aids the cyber-con to target Microsoft users and get their services credentials.

This phishing campaign is mostly about scraping organizations’ branded Microsoft 365 tenant login pages just to fool the targets.

The above observations were made as a part of s research of the Rapid7’s Managed Detection and Response (MDR) service team, say sources.

The cyber-criminals actually go through the list of validated email addresses before they plan on redirecting the victims to the phony login pages.

They put up actual looking logos of the brands that they want to copy and that’s what helps them to scrape the tenant login page.

In case the target organization doesn’t have a custom branded tenant page, the phishing kit is designed to make use of the default office 365 background.

The same campaign’s been launched at various different companies and organizations including in financial, insurance, telecom, energy and medical sectors.


There are several points at hand that hint at the phishing campaign still being active. In fact someone may be updating it for that matter at different times.

The “phisher” behind the campaign could easily be exploiting the “Lithuanian infrastructure”.

Besides the using the phony Microsoft phony page and stealing credentials the campaign also is up for exploiting cloud storage services.

For landing page hostings also, the campaign works perfectly. Phishing kits were discovered in April this year.

IPFs gateways were also abused by phishing attempts by using TLS certificates issued by Cloudflare, last year in October.

Per sources, the following advises and measures should be taken at once by organizations using the Microsoft office 365:
·       Multi-factor authentication via Office 365 or a third party solution for all employees.
·       Enrolling staff in phishing awareness training programs.
·       Training to help the employees spot and report phishing attacks.


Teen Hacker Elliott Gunton Taking Cryptocurrency for Stolen Data


In April 2018, Elliott Gunton, a teenager from Norwich, England, was caught by the police on the charges of hacking and his PC was taken hold of by the authorities.

He was convicted at Norwich Crown Court where he admitted five charges which included illegal data exchanges, computer exploitation and money laundering offences.

Gunton was subjected to a three and a half year community  order which kept him from using internet and software and he was made to pay a sum of £407,359 by the court order.

On the charges of stealing sensitive information of people and selling it in exchange of pounds in cryptocurrency, the Norwich Crown Court sentenced him to 20 months imprisonment and let out owing to the time spent on remand.

On the examination of Gunton's computer, it was found that he had scheduled supplies of stolen data of people which included their contact information for malicious purposes like texts to carry out fraud.

At the age of 16, Gunton hacked a telecommunications firm and was found guilty of the same.

The teen made constant and sophisticated efforts to conceal his fraudulent acts and hide the payments from police and therefore he dealt in Bitcoin instead of hard currency. However, he happened to leave behind some parts of conversations where he negotiated criminal deals.

Referencing from a tweet made by Gunton last year, "Having lots of money is cool… but having lots of money without people knowing is cooler." He called himself as a "full-time crypto trader."