Search This Blog

Showing posts with label Hacker group. Show all posts

Kaspersky Lab reports North Korean Hacker group Lazarus stealing cryptocurrencies using the Telegram messenger


A group of hackers calling themselves Lazarus modified their previous scheme to steal cryptocurrency which was used in 2018. Hackers use more effective tactics and act more carefully. According to Kaspersky Lab, now, not only users of the macOS operating system are at risk but also users of Windows.

Presumably, Lazarus hackers use malware that runs in memory and not on hard drives allowing it to remain undetected. The researchers believe that the group uses Telegram to spread the virus.

The new Lazarus attack was named Operation APpleJeus Sequel, which follows APpleJeus attack conducted in 2018. Principle of cryptocurrency theft remains the same as before: fake cryptocurrency companies are used to attract investors. The websites of these companies contain links to fraudulent

Telegram trading groups, through which malware that infects Windows computers is distributed.
Once the system is infected, attackers can gain remote access to it and steal the cryptocurrencies stored on the device. So far, researchers have been able to identify many victims of the new fraud across Europe and in China. A representative of Kaspersky Lab reports that it is known about the victims from Russia, China, Poland and the UK. At the same time, they include both individual traders and companies whose activities are related to cryptocurrency.

Kaspersky noted that currently, hackers from Lazarus have suspended their campaign using the messenger, but researchers suggested that in the future, attackers will use even more advanced methods.

Earlier, a closed UN report reported that North Korea finances the development of weapons through digital and Fiat currencies stolen from banks and cryptocurrency exchanges. Last fall, Group-IB said that a North Korean group of hackers stole $571 million in cryptocurrencies.

Group-IB reported on the five hacker groups threatening to Russian banks


The main hacker groups threatening Russian banks are Cobalt, Silence, MoneyTaker, Lazarus and SilentCards. They can hack a Bank, reach isolated financial systems and withdraw funds, said Ilya Sachkov, CEO and founder of Group-IB, a company specializing in preventing cyber attacks.

At the same time, hacker groups are shifting their focus from Russia to other countries.

According to the founder of Group-IB, "it is curious that three of the five groups (Cobalt, Silence, MoneyTaker) are Russian-speaking, but over the last year Cobalt and Silence began to attack banks mainly outside Russia".

"For example, Silence began its activities in Russia, but gradually shifted its focus to the CIS, and then entered the international market. Group-IB analysts have detected Silence attacks in more than 30 countries in Europe, Asia and the CIS for the current year," said Sachkov.

According to him, the pro-government hackers of developed countries are the most dangerous, since their activity is less noticeable, while they have a better arsenal for carrying out attacks.

"Our last year's forecast came true. The number of targeted attacks aimed at espionage, sabotage or obtaining direct financial benefits has grown significantly. So-called "digital weapons" or cyberweapons, which can stop production processes and disable networks of critical infrastructure and large commercial enterprises, are actively used. This is a serious problem. The number of cyber attacks will increase and it will be more difficult to resist them, " added Sachkov.

The head of the company Group-IB also said that cybercriminals began to use a new method of stealing money from Bank customers by installing remote access programs on smartphones. The monthly losses of large banks from this type of fraud can reach 6-10 million rubles.

He noted that the Secure Bank system monthly records of more than 1 thousand attempts to steal money from the accounts of individuals using this scheme.

Earlier it was reported about a new way of stealing from Bank cards. Hackers pose as Bank employees using the technology to substitute phone numbers.

These legit looking iPhone cables allow hackers to take charge of your computer

When they said you should be wary of third-party accessories and unbranded cables for charging your smartphone, they were serious. And the latest example of what a cable that isn’t original can do, should be enough to scare you. There is apparently a Lightning Cable that looks just as harmless as an iPhone cable should. But it has a nasty trick up its sleeve, which allows a hacker to take control of your computer, the moment you plug this in to the USB port. This cable has been dubbed the OMGCable.

A security researcher with the Twitter handle @_MG_ took a typical USB to Lightning cable and added a Wi-Fi implant to it. The moment this gets plugged into the USB port on a PC, a hacker sitting nearby with access to the Wi-Fi module hidden inside the cable can run a malicious code and take charge of a PC or remotely access data without the user even noticing.

“This specific Lightning cable allows for cross-platform attack payloads, and the implant I have created is easily adapted to other USB cable types. Apple just happens to be the most difficult to implant, so it was a good proof of capabilities,” said MG, as reported by the TechCrunch website.

The thing with phone charging cables is that no one really gives them a second look. You see one, you plug it in and you let it be. At the same time, a lot of users are wary about using USB drives, also known as pen drives or thumb drives, because they are popular as carriers of malware and viruses that can pretty much ruin your PC.

A Hacker Group, 'Barium' on a Supply Chain Hijacking Spree



One of the most fatal forms of hacking is a software supply chain attack as it involves illicitly accessing a developer's network and placing the malicious code into the software updates and applications that users consider and trust the most.

In a single attempt, supply chain hackers can potentially place their ransomware onto thousands or millions of computer systems, they can do so without even a single trace of malicious activity. With time, this trick has gained a lot of traction and has become more advanced and difficult to be identified. Supply chain attacks follow a similar pattern and have been used by the associated companies as their core tool.

Basically, supply chain attacks exploit various software dissemination channels and over the last three years, these attacks have been majorly linked to a group of Chinese hackers. Reportedly, they are popularly known as ShadowHammer, Barium, Wicked Panda and ShadowPad, the name varies along with the security firms.

The trick demonstrates the massive potential of ShadowHammer to destroy computer systems on a large scale along with exploiting vulnerabilities present in a fundamental model which governs the code employed by users on their systems, such destructive ability possessed by Barium is a matter of great concern for security researchers.

Referencing from the statements given by Vitaly Kamluk, the director of the Asia research team for security firm Kaspersky, "They're poisoning trusted mechanisms," "they’re the champions of this. With the number of companies they’ve breached, I don’t think any other groups are comparable to these guys."

"When they abuse this mechanism, they’re undermining trust in the core, foundational mechanisms for verifying the integrity of your system,"

"This is much more important and has a bigger impact than regular exploitation of security vulnerabilities or phishing or other types of attacks. People are going to stop trusting legitimate software updates and software vendors."

On being asked, Marc-Etienne Léveillé, a security researcher, said, "In terms of scale, this is now the group that is most proficient in supply chain attacks,"

"We’ve never seen anything like this before. It’s scay because they have control over a very large number of machines

"If [Barium] had deployed a ransomware worm like that through one of these attacks, it would be a far more devastating attack than NotPetya," said another expert on the matter.






Russia-linked hackers Fancy Bears leak data from International Luge Federation

A Russia-linked hacker group called “Fancy Bears” released a statement on Wednesday claiming to have leaked emails and documents that demonstrate violations of anti-doping rules, just two weeks before Winter Olympics 2018.

“The obtained documents of the International Luge Federation (FIL) show the violations of the principles of fair play: widespread TUE approvals, missed anti-doping tests and the double standards approach towards guilty athletes,” read the report.

This is the same group that was implicated in the 2016 Democratic National Committee (DNC) hack, and is also known by the names “Pawn Storm” or “APT 28”.

This is believed to be in response to Russia’s ban from the 2018 Winter Olympics following the controversy in the 2016 games where the same group is believed to have been responsible for the hack that leaked sensitive athlete data stolen from the World Anti-Doping Agency (WADA), which too was in response to the organization’s recommendation to ban Russian athletes from the 2016 games in Rio over allegations of state-sponsored doping.

The hacking group’s “About Us” on their website reads, “We are going to tell you how Olympic medals are won. We hacked World Anti-Doping Agency databases and we were shocked with what we saw.”

China Bank Network Website Defaced By Indian Cyb3r D3V!LS


Indian Hacker group named "Indian Cyb3r D3V!LS" has hacked into the China Bank website and defaced the main page of the website(www.bbyinhang.com).

The Bibi bank network independent website, co-founded by a number of financial professionals committed to universal access to financial expertise to help the general public understand the products and services provided by banks, to cultivate rational, smart and confident consumers of financial.

The hacker claimed to have breached the site by exploiting the Remote File Inclusion (RFI) vulnerability.

Hackers claimed to have compromised around 1000 credit card numbers but they are not going to release/misuse the details.

""Chinese Hacker defacing Many Indian government and colleges along with Pakistan hackers.  Don't mess with us we are greater than you.. no respect for your f** security.. " Hacker said.

Indonesian President website hacked by MJL007 from Jember Hacker Team


The official website of Indonesian president,Susilo Bambang Yudhoyono , presidensby.info, has been hacked and defaced by an Indonesian Hacker group known as Jember Hacker Team(JHT) .

The site was defaced by a hacker called "MJL007" from the group with a small message reading "This is a payback From Jember Hacker Team".

Few hours after the site got breached, the Indonesian Government restored the website. At the time of writing, the website works fine.

Detik cited the Indonesian minister of communications and information, Tifatul Sembiring, as claiming that the hacker didn't really hack into the website diverting the IP address that is in the existing DNS soft layer in Texas.

The mirror of the defacement can be found here:
http://www.zone-h.org/mirror/id/18912807

VandaTheGod hacks several Government websites


A Hacker named VandaTheGod from UGNazi hacker group, has breached several Government websites and other websites.

Recently, he hacked Ecuador government website "Technical Secretariat for Vocational Training (setec.gob.ec), Argentina govt site "Ministry of Education of the Province of Corrientes (mecc.gov.ar)", official site of Escalante City ,Philippines(escalantecity.gov.ph).

The hacked sites simply displays a text "Deface By @VandatheGod or @CosmoTheGod" with a email address of the hacker.

The hacker keep defacing more websites every minutes. He also hacked subdomain of "The International Bank for Trade and Finance(mail.ibtf.com.sy).  

Government of Mizoram (Dpar.mizoram.gov.in) site hacked and defaced by Anonymous

Mizoram government site hacked

Anonymous hacktivist has hacked into the Department of Personnel and Administrative Reform(DP&AR) sub domain(Dpar.mizoram.gov.in) belong to Government of Mizoram.

Mizoram  is one of the Seven Sister States listed as in North Eastern India, sharing borders with the states of Tripura, Assam, Manipur and with the neighboring countries of Bangladesh and Burma.

"This is Govt saying, they can still censor you if you speak against them. " Hacker posted the protest message in the defacement webpage.

"Free press is a myth in #India thanks to #ITAct #66A with latest modification the Govt will better control "

" The time to sit silently is gone. Call your friends and get them to protests sites"

The defaced page:
dpar.mizoram.gov.in/components/index.html

At the end of the defacement page, hackers mentioned  that the website is full of malware even before they hacked into the site.