Cyber Command Admits Military Has Taken Action Against Ransomware Operators
At least 11 State Dept. employees hacked by Pegasus spyware, Co-founder of Swiss password texting company allegedly sold mobile phone users' location data, Hackers stole $200m from Bitmart, more
General Paul Nakasone, the head of U.S. Cyber Command and the director of the National Security Agency, said that, abandoning its previous hands-off approach, the U.S. military has started taking actions against ransomware groups as part of its surge against organizations launching attacks against American companies.
Without describing the actions the military took, Nakasone said one of the goals of the actions was to “impose costs,” which is the term military officials use to describe punitive cyber operations. However, other officials have said that Cyber Command diverted traffic around servers being used by the Russia-based REvil ransomware group. Cyber Command and the N.S.A. also assisted the F.B.I. and the Justice Department in their efforts to seize and recover much of the cryptocurrency ransom paid by Colonial Pipeline. The first known operation against a ransomware group by Cyber Command came before the 2020 election when officials feared a network of computers known as TrickBot could be used to disrupt voting. (Julian Barnes / New York Times)
Four sources say that iPhones of at least nine U.S. State Department employees were hacked by an unknown assailant using Pegasus spyware developed by the Israel-based surveillance tech vendor NSO Group. A later report by the Washington Post revealed the number of employees affected was eleven.
Two of the sources say the hacks hit U.S. officials either based in Uganda or focused on matters concerning the East African country. NSO Group said in a statement on Thursday that it did not have any indication their tools were used but canceled access for the relevant customers and said it would investigate. (Chris Bing and Joseph Menn / Reuters)
Related: Washington Post, BNN Bloomberg, Arutz Sheva News, MacDailyNews, AppleInsider, Slashdot, Insider Paper, Haaretz.com, Reuters: World News, Al Jazeera English, protocol, iPhone Hacks, 9to5Mac, The Times of Israel, The Hill: Cybersecurity, Bleeping Computer, The Guardian, Engadget, iPhone in Canada Blog, DAILYSABAH, VICE News, DAWN.COM, WebProNews, Digital Journal, Reddit - cybersecurity, Cyberscoop, The Sun, Algemeiner.com, AppleInsider, SiliconANGLE, Slashdot, Insider Paper, CNN.com - Politics, The Verge, Cult of Mac, iPhone in Canada Blog, Ars Technica, CNET, Forbes, TribLIVE, Associated Press Technology, Bleeping Computer, Motherboard, MacRumors, Explica, Voice of America, The New Arab, Presstv, ibtimes.sg : Top News, IBTimes India, Neowin, The Chosun Ilbo, Telecomlive, The Chosun Ilbo, New York Times, Vox
Ilja Gorelik, the co-founder of Mitto AG, a company that has been trusted by technology giants including Google and Twitter to deliver sensitive passwords to millions of their customers, sold access to Mitto’s networks to secretly locate people via their mobile phones.
Four former employees say that the notion Mitto’s networks were also being used for surveillance work wasn’t shared with the company’s technology clients or the mobile operators Mitto works with to spread its text messages and other communications. Mitto issued a statement saying that the company had no involvement in a surveillance business and had launched an internal investigation “to determine if our technology and business has been compromised” and that it would take “corrective action” if necessary. (Ryan Gallagher and Crofton Black / Bloomberg)
Related: Bureau of Investigative Journalism
Blockchain security and analytics company Peckshield said that crypto exchange Bitmart lost nearly $200 million in a hot wallet compromise hosted over the Ethereum and Binance Smart Chain blockchains.
Further investigation from the team revealed a concurrent hack of $96 million over the crypto exchange’s BSC reserves. (Arijit Sarkar / Cointelegraph)
Related: CryptoPotato, City A.M. - Technology, The Block, HackRead, CNBC Technology, The Persian Pasdaran, Newseek, Databreaches.net, TechCentral.ie, Seeking Alpha, Security Affairs, Security Week, Decrypt, BBC News, Silicon Republic, The Hacker News, Daily Swig, Finance Magnates, Telecomlive.com, KrASIA, Business Insider, Bitcoin News, CryptoSlate, TheDigitalHacker, MSSP Alert, The Record by Recorded, Slashdot
Sheldon Xia @sheldonbitmart1/3 We have identified a large-scale security breach related to one of our ETH hot wallets and one of our BSC hot wallets. At this moment we are still concluding the possible methods used. The hackers were able to withdraw assets of the value of approximately USD 150 millions.
Dozens of Maryland health department services and resources were unavailable following a network security incident involving the Maryland Department of Health.
Officials did not disclose the nature of the incident but said that the took the systems “offline out of an abundance of caution and other precautions have and will be taken.” (Dan Diamond / Washington Post)
In a Flash Alert, the FBI said that the operators of the Cuba ransomware have earned at least $43.9 million from ransom payments following attacks carried out this year.
The Bureau said that the gang “compromised at least 49 entities in five critical infrastructure sectors, including but not limited to the financial, government, healthcare, manufacturing, and information technology sectors.” It traced attacks with the Cuba ransomware to systems infected with Hancitor, a malware operation that uses phishing emails, Microsoft Exchange vulnerabilities, compromised credentials, or RDP brute-forcing tools to gain access to vulnerable Windows systems. (Catalin Cimpanu / The Record)
As further evidence that Russia harbors cybercriminals, cybersecurity researches have traced the millions of dollars American companies, hospitals and city governments have paid to online extortionists in ransom money to Federation Tower East, the tallest skyscraper in the Russian capital of Moscow.
Researchers at Recorded Future have counted about 50 cryptocurrency exchanges in Moscow City, a financial district in the capital, that in its assessment are engaged in illicit activity. (Andrew Kramer / New York Times)
Business software provider Zoho urged customers on Friday to update their ManageEngine servers and apply a software fix that patches a zero-day vulnerability, CVE-2021-44515, that is currently being exploited in the wild.
The bug would have allowed attackers to bypass authentication and run malicious code on Desktop Central servers. (Catalin Cimpanu / The Record)
In at least the second report in as many weeks from someone claiming they sent a Google phone in for repair, game designer and author Jane McGonigal said that after sent her Pixel 5a to Google for repair, someone allegedly took and hacked her device.
Someone at Google who received her phone seems to have used the “missing” phone to clear two-factor authentication checks and log in to several of her accounts, including her Dropbox, Gmail, and Google Drive. The activity triggered several email security alerts to McGonigal’s backup accounts. Google said it is investigating this claim. (Emma Roth / The Verge)
Jane McGonigal @avantgameUpdate: I have heard from individuals via backchannel, not officially from Google, that Google is looking into it and it's getting escalated. I have not been officially contact by anyone with information or offer to help yet.
Jane McGonigal @avantgameYeah, don't send your Google phone in for warranty repair/replacement. As has happened with others, last night someone used it to log into my gmail, Drive, photos backup email account, dropbox, and I can see from activity logs they opened a bunch of selfies hoping to find nudes
Researchers at Immersive Labs discovered two now-patched arbitrary code execution vulnerabilities affecting a number of Netgear routers aimed at small businesses that could allow someone with remote access to the router to pwn the device's underlying OS, threatening the security of data passing through the router.
Users that haven’t changed default login credentials for their Netgear routers are most at risk of these flaws being exploited so admins are urged to check to see that those default logins are no longer used. (Gareth Corfield / The Register)
Canadian police announced that car thieves have been using AirTags to track vehicles they want to steal.
York Regional Police north of Toronto revealed that it has investigated five incidents in the past three months in which thieves have hidden AirTags on vehicles parked in public. Later, the thieves tracked down their targets to steal the cars at their leisure. (Jonathan Gitlin / Ars Technica)
The Biden Administration said that it would launch an initiative with friendly nations to establish a code of conduct for coordinating export-licensing policies to limit exports of surveillance tools and other technologies that authoritarian governments can use to suppress human rights, an alleged practice in China.
The initiative will be announced during the inaugural Summit for Democracy, a virtual gathering scheduled for Dec. 9-10, that will bring together more than 100 democratic governments seeking to form a bulwark against authoritarianism. China and Russia, which weren’t invited, have jointly criticized the meeting, saying it would “stoke up ideological confrontation and a rift in the world.” (Yuka Hayashi and Alex Leary / Wall Street Journal)
Independent security researcher Joseph Harris, also known as Doc, discovered a way to brute force Verizon PINs by entering many concurrent requests to guess a target’s PIN at the same time, meaning they could potentially break into Verizon customer accounts.
Verizon removed the web pages that enable these brute force guesses after Harris reported the issue to the company. (Joseph Cox / Motherboard)
Ilya Sachkov, founder of Russian cybersecurity firm Group-IB, who was arrested in September and now faces up to 20 years in a Russian labor camp, is accused of giving information to the U.S. government regarding GRU’s threat group “Fancy Bear” and its efforts to influence the 2016 U.S. presidential election.
Sources say that the information Sachkov disclosed helped the U.S. government identify GRU agents involved in the hacking. (Irina Reznik, Henry Meyer and Jordan Robertson / Bloomberg)
Israeli cryptocurrency security company Fireblocks raised $400 million in a Series E venture funding round.
The round was led by Sequoia Capital, Stripes, Spark Capital, Coatue, DRW VC and SCB 10X. (Kate Clark / The Information)