Biden Administration Expected to Sanction Exchanges That Facilitate Ransomware Payments

$3m is stolen from SushiSwap, $12m stolen from pNetwork, OMIGOD attacks appear in the wild after PoC, Epik cops to major hack, Man found guilty of launching more than 200K DDoS attacks, much more

As part of the broader initiative by the Biden administration to clamp down on ransomware attacks, the Treasury Department is preparing to sanction financial exchanges that facilitate delivery of illicit digital payments to hackers, officials say.

The sanctions could begin as early as this week. “There is a concerted effort to identify tools that can disrupt the flow of money to ransomware operators,” one official said. (Ellen Nakashima / Washington Post)

Related: Cybersecurity|,, Wall Street Journal, Silicon UK, Engadget, Slashdot, Business Insider, The Verge,, Windows Central, Slashdot, CNN

SushiSwap, a community-driven decentralized finance (DeFi) platform that lets users swap, earn, lend, borrow, and leverage cryptocurrency assets, said that its newest offering, Minimal Initial SushiSwap Offering (MISO), was hit by a software supply chain attack, allowing the attacker to steal around $3 million in cryptocurrency.

The company CEO Joseph DeLong said that an "anonymous contractor" with the GitHub handle AristoK3 and access to the project's code repository had pushed a malicious code commit that was distributed on the platform's front end. The attacker inserted their own wallet address to replace the auction wallet at the auction creation, enabling them to move 864.8 Ethereum coins into their wallet. (Ax Sharma / Ars Technica)

Related: Today UK News, Hackerpom Threat Feed, Cointelegraph, Benzinga, The Block

pNetwork, a cross-chain decentralized finance (DeFi) protocol, announced that it suffered a hacker attack and lost 277 pBTC (worth over $12 million at prices as of Sunday night).

pBTC is a version of wrapped bitcoin in the pNetwork ecosystem, a token on the smart contract blockhain. Although details of the hack are scarce, pNetwork said that a hacker was able to leverage a bug in its codebase and drained pBTC from the BSC blockchain. pNetwork said it would offer a $1.5 million bug bounty to the attacker if they return the stolen funds. (Yogita Khatri / The Block)

Related: Crypto Briefing, Cointelegraph

Give a gift subscription

After security firm BadPackets released a proof-of-concept exploit on GitHub, threat actors began attacking Azure Linux-based servers using a recently disclosed security flaw named OMIGOD to hijack vulnerable systems into DDoS or crypto-mining botnets.

Microsoft addressed the bug revealed by cloud security vendor Wiz last week by releasing a new version for the OMI client on GitHub. But the company did not automatically install this update for OMI clients deployed across its infrastructure, leaving tens of thousands of Azure Linux servers open to attacks. (Catalin Cimpanu / The Record)

Related: Dark Reading, Security Week, Security Affairs, Sonatype Blog, Bleeping Computer,, Dark Reading, The Hacker News, Hackaday, The Register - Security

In a bizarre and chaotic video conference, Rob Monster, the CEO of right-wing domain registrar and web hosting company Epik, publicly admitted that his company had been breached, as hacktivist group Anonymous claimed.

During the video conference, independent journalist Steven Monacelli, who first broke the news of the Anonymous hack, persuaded Monster to take down a website that had doxed not only him and his family but also countless other journalists. (Mikael Thalen / Daily Dot)

Related: Techcrunch, The Daily Swig, Boing Boing, E Hacking News, WIRED, Daily Swig, Cyberscoop

Security researcher Zach Edwards discovered that multiple U.S. government sites using .gov and .mil domains had been hosting porn and spam content, such as Viagra ads, in the last year due to a flaw in a common software product provided by government contractor Laserfiche.

The product, Laserfiche Forms, contains a vulnerability that has allowed threat actors to push malicious and spam content on reputable government sites. Laserfiche released a cleanup tool for impacted customers to help remove unauthorized uploads. (Joseph Cox / Motherboard)

Related: Bleeping Computer, Reddit - cybersecurity, Threatpost

Hacking software from a company that Kaspersky Labs calls Moses used by a government agency known as Bitter APT was supplied by an Austin, Texas, zero-day exploit broker called Exodus Intelligence. Moses was used in a cyberespionage campaign targeting Microsoft Windows PCs at government and telecom entities in China and Pakistan,

Bitter APT, the Moses customer, is India, one source said. Exodus Intelligence’s main product is like a Facebook news feed of software vulnerabilities, without exploits, priced at up to $250,000 a year. (Thomas Brewster / Forbes)

Related:, Washington Post

Follow Us on Twitter

A jury in California found Matthew Gatrel guilty on three felony charges for his role as the administrator of two distributed denial-of-service (DDoS) operations that launched more than 200,000 attacks on targets in the private and public sectors.

Gatrel ran two sites. The first, DownThem, sold subscriptions for his DDoS services.AmpNode offered “bulletproof” server hosting options to customers that needed servers pre-configured with DDoS attack scripts and lists of vulnerable systems that could amplify the assault. (Ionut Ilascu / Bleeping Computer)

Related: Security Week, Justice Department, Reddit

A nation-state cyber-espionage group has gained access to the IT network of the Alaska Department of Health and Social Service (DHSS), potentially exposing the state’s residents’ financial and health information.

Although the attack was discovered on May 2 and made public on May 18, and the government published two updates in June and August, the agency did not reveal any details about the intrusion until last week, when it officially dispelled the rumor that this was a ransomware attack. (Catalin Cimpanu / The Record)

Related: Government Technology, Fairbanks Daily News-Miner, Governing Magazine, The Daily Swig

Security company Clario Tech and cyber security researcher Bob Diachenko discovered a vulnerability within EventBuilder, a virtual events integration tool for Microsoft.

More than one million JavaScript object notation (JSON) and comma-separated value (CSV) files, with personal information of event registrants using Microsoft Teams, were exposed. The personal data exposed were users' full names, e-mail addresses, phone numbers, and company designations. (IT Web)

Related: Clario

Malaysian web hosting service Exabytes said a ransomware attack hit it over the weekend. It claims that most of its services have since been restored.

According to reports, the attackers were demanding US $900,000 (RM3.77mil) as ransom in cryptocurrency. (The Star)


Career personnel at four U.S. government agencies disagree on putting the smartphone-maker, Honor, Huawei’s former smartphone company on the Commerce Department’s entity list, which bars exports of U.S. technology to the sanctioned firm without a department license.

Underscoring the ongoing struggle of dealing with Chinese tech companies, staff members at the Pentagon and Energy Department supported placing the company on the denylist. At the same time, their counterparts at the Commerce Department and State Department opposed it. Many experts believe that Chinese communications and internet technology are inherent security risks because of the control that the government of Beijing exerts over them. (Ellen Nakashima and Jeanne Whalen / Washington Post)

Related: Bloomberg

Photo by Dmitry Demidko on Unsplash