Police in India Planted False and Incriminating Files on Activists' Computers to Arrest Them
UK's home secretary approves Assange's extradition to U.S., Russian spy tried to infiltrate International Criminal Court, Interpol arrests 2,000 social engineering scammers, more
New clues discovered by SentinelOne researchers on a case in India connect law enforcement to a campaign that used identification and hacking tools to plant false, incriminating files on targets’ computers that they then used as grounds to arrest and jail them.
SentinelOne’s new findings link the Pune City Police to the long-running hacking campaign, which the company has called Modified Elephant, and center on two particular targets of the campaign: Rona Wilson and Varvara Rao. Both men are activists and human rights defenders who were jailed in 2018.
Juan Andres Guerrero-Saade, a security researcher at SentinelOne who, along with fellow researcher Tom Hegel, will present findings at the Black Hat security conference in August, said, “This is beyond ethically compromised. It is beyond callous. So we’re trying to put as much data forward as we can in the hopes of helping these victims.” (Andy Greenberg / Wired)
Related: Slashdot, MediaNama, Free Press Journal, National Herald, Gizmodo

Andy Greenberg @a_greenberg
A wild, appalling story: A group of hackers fabricated evidence on the PCs of Indian human rights activists who were then arrested for terrorism and jailed. Now researchers have found a direct link between those hackers and the police making the arrests. https://t.co/y6HrCn580v




Andy Greenberg @a_greenberg
A wild, appalling story: A group of hackers fabricated evidence on the PCs of Indian human rights activists who were then arrested for terrorism and jailed. Now researchers have found a direct link between those hackers and the police making the arrests. https://t.co/y6HrCn580vThe UK Home Secretary Priti Patel approved the extradition of WikiLeaks co-founder Julian Assange to the U.S., a decision the organization immediately said it would appeal against in the high court.
The U.S. government has accused Assange of conspiracy to commit computer intrusion by helping Army intelligence analyst Chelsea Manning gain access to privileged information. Wikileaks’ appeal of Patel’s decision is likely to focus on the right to freedom of expression and whether the extradition request is politically motivated. (Jamie Grierson and Ben Quinn / The Guardian)
Related: Business Insider, The New Arab, The Sun, Euro Weekly News Spain, rthk.hk World News, Metro.co.uk, Mashable, City A.M.
The General Intelligence and Security Service of the Netherlands said that it foiled a sophisticated attempt by a Russian spy, Sergey Vladimirovich Cherkasov, using a false Brazilian identity to work as an intern at the International Criminal Court (ICC), which is investigating allegations of Russian war crimes in Ukraine.
“If the intelligence officer had succeeded in gaining access as an intern to the ICC, he would have been able to gather intelligence there and to look for (or recruit) sources, and arrange to have access to the ICC’s digital systems,” the Dutch agency said. In a statement about the failed bid to infiltrate the ICC, the Dutch intelligence agency said Cherkasov used “a well-constructed cover identity by which he concealed all his ties with Russia in general, and the GRU in particular.” The statement said he was an “illegal” agent “who received long and extensive training.” (Mike Corder / Associated Press)
Related: Bellingcat, AIVD, Forbes, Telegraph, Moscow Times, BBC News, Reuters, France 24, Bloomberg, CNN, Insider Paper

Bellingcat @bellingcat
A GRU spy who sought to gain access to the International Criminal Court as an intern left a long and detailed trail on social media. https://t.co/1mqy5zZhPjA sweeping operation by Interpol and police agencies worldwide called First Light 2022 led to the seizure of $50 million in illicit funds and the arrests of 2,000 alleged social engineering scammers from many different countries.
Police say they identified 3,000 different suspects, froze 4,000 bank accounts, and arrested “some 2,000 operators, fraudsters and money launderers” while conducting raids at 1,770 locations worldwide. Among the captured was a Chinese national who was wanted in connection to an enormous Ponzi scheme that police say involved some 24,000 victims and the theft of 34 million euros. (Lucas Ropek / Gizmodo)
Related: Malwarebytes Labs, The State of Security, Security Week, Interpol
Security researchers at Proofpoint are warning that threat actors could hijack Office 365 accounts to encrypt for a ransom the files stored in SharePoint and OneDrive services that companies use for cloud-based collaboration, document management, and storage.
The attack's success relies on abusing the “AutoSave” feature that creates cloud backups of older file versions when users make edits. The trick to finishing the file locking stage quicker and making a recovery more difficult is to reduce the version numbering limit and encrypt all files more than that limit. Proofpoint informed Microsoft of the potential for abuse of the version numbering setting, but the tech giant maintains that this configuration ability is the intended functionality. (Bill Toulas / Bleeping Computer)
Related: The Hacker News, Proofpoint, Security Week, Dark Reading, SC Magazine, Infosecurity Magazine, Security on TechRepublic
Microsoft Defender is now generally available for all personal devices, not just Windows PCs and businesses, extending Windows' anti-malware safeguards to Android, iOS, and macOS.
Defender for individuals is included with Microsoft 365 Personal and Family plans in most countries. Prices start at $70 per year for a Personal account in the US. (Jon Fingas / Engadget)
Related: OnMSFT.com, The Verge, Digital Trends, Microsoft Security Blog, ZDNet Security, Bleeping Computer, xda-developers, PCWorld, 9to5Mac, Softpedia News
Approximately 1.29 million Texas Tech University Health Sciences Center patients have been added to the ongoing fallout from cloud-based, ophthalmology-specific electronic health record (EHR) and practice management vendor Eye Care Leaders’ (ECL) ransomware attack and data theft in December 2021.
The ECL incident compromised a range of patient data, including names, driver’s licenses, emails, genders, dates of birth, medical record numbers, health insurance details, appointment information, Social Security numbers, and medical data tied to services received at the TTUHSC ophthalmology center. (Jessica Davis / SC Media)
Related: Threatpost
Recorded Future’s Inst Group says that some Latin American countries may present as easy targets for ransomware attackers due to a general deficit of cyber resources, specifically education, hygiene, and overall infrastructure.
Anecdotal observations by Recorded Future reflect a “minor” but “sustained increase” in references to initial access sales and database leaks related to Latin American governments starting around March 2022. Between January and May 2022, ransomware attacks have been recorded in Costa Rica, Peru, Mexico, Ecuador, Brazil, and Argentina. (AJ Vicens / Cyberscoop)
Related: Recorded Future
Researchers at Volexity say that Chinese threat actors and various threat actors exploited a zero-day exploit for a critical-severity vulnerability in Sophos Firewall to bypass authentication and run arbitrary code remotely on multiple organizations.
Volexity detailed an attack from a Chinese advanced persistent threat group they track as DriftingCloud, which exploited CVE-2022-1040 since early March, a little over three weeks before Sophos released a patch. The adversary used the zero-day exploit to compromise the firewall to install webshell backdoors and malware that would enable compromising external systems outside the network protected by Sophos Firewall. Sophos identified hotfixes and mitigations that help organizations using its firewall protect against exploiting the vulnerability. (Ionut Ilascu / Bleeping Computer)
Related: Volexity, Security Week, Help Net Security, The Hacker News
According to research from GlobalData, UK small businesses are increasingly being priced out of cyber insurance policies due to high premiums and the cost-of-living crunch.
Almost a third (29%) of companies with fewer than 250 staff canceled their cyber insurance policies last year to cut costs. An additional 17.3% of small and medium enterprises (SMEs) never had cyber insurance policies in the first place, with smaller businesses most likely to be uncovered. (Louis Goss / City A.M.)
Related: Global Data, Insurance Day, Reinsurance News
Create your profile
Only paid subscribers can comment on this post
Check your email
For your security, we need to re-authenticate you.
Click the link we sent to , or click here to sign in.