Search This Blog

Showing posts with label Hacker attack. Show all posts

Kaspersky has reported hacker attacks on COVID-19 researchers

The hacker group Lazarus attacked the developers of the coronavirus vaccine: the Ministry of Health and a pharmaceutical company in one of the Asian countries

Kaspersky Lab reported that the hacker group Lazarus has launched two attacks on organizations involved in coronavirus research. The targets of the hackers, whose activities were discovered by the company, were the Ministry of Health in one of the Asian countries and a pharmaceutical company.

According to Kaspersky Lab, the attack occurred on September 25. Hackers used the Bookcode virus, as well as phishing techniques and compromising sites. A month later, on October 27, the Ministry of Health servers running on the Windows operating system was attacked. In the attack on the Ministry, according to the IT company, the wAgent virus was used. Similarly, Lazarus previously infected the networks of cryptocurrency companies.

"Two Windows servers of a government agency were compromised on October 27 by a sophisticated malware known to Kaspersky Lab as wAgent. The infection was carried out in the same way that was previously used by the Lazarus group to penetrate the networks of cryptocurrency companies," said Kaspersky Lab.

Both types of malware allow attackers to gain control over an infected device. Kaspersky Lab continues its investigation.

"All companies involved in the development and implementation of the vaccine should be as ready as possible to repel cyber attacks," added Kaspersky Lab.

The Lazarus group is also known as APT38. The US Federal Bureau of Investigation (FBI) reported that their activities are sponsored by the DPRK authorities.

Recall that in July, the National Cyber Security Centre (NCSC) and similar departments of the United States and Canada accused the hacker group APT29, allegedly associated with the Russian special services, in an attempt to steal information about the coronavirus vaccine. Dmitry Peskov, press secretary of the Russian President, denied the Kremlin's involvement in the break-ins.

Hackers steal money from cards through the Uber and VTB applications


A resident of Russia Anna Kozlova, resting in Spain, lost 14 thousand rubles ($220). The money was stolen from her VTB Bank card through the Bank's mobile app and Uber.

At first, the woman was charged 2 rubles from the card, it looked like a standard check of the solvency of Uber customer, especially since the money immediately returned to the account.

However, immediately after this, 2829 rubles were debited from the card. The app’s notification said it was Uber service fee that Anna hadn’t actually used since she was sleeping.
Then notifications, according to the tourist, began to come one after another. After 22 minutes, when she woke up, the girl blocked her card, but by that time the cost of four more trips that she had not made was debited from the card.

Unknown stole from Kozlova 14 118 rubles and did not stop trying to withdraw money from her account even after blocking the card. It is curious that all write-offs were allegedly made by the international service Uber, which in Russia was merged with Yandex.Taxi.

When Anna contacted the support team of this company, the staff could not give her information about the write-offs. The VTB support service clarified that the last write-offs were made from Moscow, and then Anna appealed to Uber Russia.

The Russian company Kozlova explained that if she did not use a taxi, it means that someone received the data of her Bankcard, including CCV code, and used it for payment.
Kaspersky Lab experts explained that fraud schemes through taxi services are no longer uncommon.

According to them, there are channels in the messengers where you can order a taxi at a great discount. The scheme looks something like this: the passenger sends a message to such a channel indicating the details of the trip, and the attacker calls a taxi using the stolen account.

After completing the trip, the driver receives money from the owner of the stolen account, and the passenger transfers the money directly to the attacker. In order to remain unnoticed for as long as possible, attackers can track the owner of a hacked account on social networks and organize such trips at night when it is likely that a person is sleeping, or during the victim’s travel abroad.