Russia's FSB Arrests REvil Group Members at U.S. Request

North Korean hackers stole $395 mil. in cryptocurrency last year, Gov't-industry partnership floated at WH meeting on open-source software security, Albuquerque schools shuttered by cyberattack, more

Jan 14

Don’t miss our special report on the takedown of Ukraine’s government’s public-facing digital infrastructure.

Russia’s FSB domestic intelligence service said that it conducted a special operation against ransomware crime group REvil at the request of the United States and has detained and charged the group's members.

“The organised criminal association has ceased to exist and the information infrastructure used for criminal purposes was neutralised," the FSB said in a statement. According to Interfax, a source close to the operation said the group's members with Russian citizenship would not be handed over to the United States. (Gabrielle Tétrault-Farber / Reuters)

Related: Reuters, AFP, The Record, FSB

Lukasz Olejnik @lukOlejnik

Russian FSB conducted an operation against ransomware REvil group, at the request of the USA. Money/resources seized, people arrested. So, it signals cooperation between USA and Russia on the grounds of cybersecurity at least?

�� REvil�� REvil, �� , � �� , �� , �� ”��” � �� (��) ��.interfax.ru

Ellen Nakashima @nakashimae

Seems aimed at sending a msg to the west that this is the kind of cooperation they can turn on and off at will. And the kind of thing they WON'T do if the US and allies impose sanctions and don't accede to security demands.

Blockchain analysis firm Chainalysis says that North Korean hackers stole a total of $395 million worth of crypto coins last year across seven intrusions into cryptocurrency exchanges and investment firms.

The sum represents a nearly $100 million increase over the previous year's thefts by North Korean hacker groups. Over the past five years, have stolen $1.5 billion in cryptocurrency alone. The seven breaches Chainalysis tracked in 2021 amount to three more than in 2020, though fewer than the ten successful attacks that North Korean hackers carried out in 2018 when they stole a record $522 million. (Andy Greenberg / Wired)

At yesterday’s White House meeting on the security of open-source software, participants talked about building a government-industry partnership to create a catalog of the most important pieces of open-source software that could spark log4j-level concerns.

As Google outlined in a post following the meeting, the project would resemble an effort the Cybersecurity and Infrastructure Security Agency is undertaking to create a broader list of the most “strategically important critical infrastructure.” Other priorities discussed at the meeting include ramping up cybersecurity training for open-source software developers, building closer connections between private sector efforts to shore up open-source software and government efforts outlined in President Biden’s May executive order, and increased funding and resources to existing projects to reduce the prevalence of hackable bugs in open-source software. (Joseph Marks and Aaron Schaffer / Washington Post)

Sundar Pichai @sundarpichai

Securing the open source software ecosystem is a critical step in keeping people and their information safe online. Glad we could share recommendations with the @WhiteHouse and others as part of our ongoing partnership to strengthen cybersecurity.

Making Open Source software safer and more secureWe welcomed the opportunity to participate in the White House Open Source Software Security Summit today.blog.google

In a second cyberattack to disrupt public services in Albuquerque, New Mexico, the Albuquerque public school system was forced to close.

The school system, which comprises 144 schools and serves about a fourth of New Mexico's public school students, said it would close Thursday and Friday because a "cyberattack" had "compromised some systems that could impact teaching, learning, and student safety." It’s unclear if ransomware is involved in this incident. An earlier ransomware attack infected the computer systems of Bernalillo County, home to Albuquerque. (Sean Lyngaas / CNN)

HostileSpectrum (@campuscodi) / Twitter

Austria’s data protection authority upheld a complaint that a health-focused site called netdoktor.at, which had been exporting visitors’ data to the US as a result of implementing Google Analytics, had violated Chapter V of the EU’s General Data Protection Regulation (GDPR), which deals with data transfers out of the bloc.

The regulator assessed various measures Google said it had implemented to protect the data in the U.S, such as encryption at rest in its data centers and its claim that the data “must be considered as pseudonymous.” But the regulator did not find sufficient safeguards had been put in place to effectively block US intelligence services from accessing the data, as required to meet the GDPR’s standard. (Natasha Lomas / TechCrunch)

The Threat Response Unit from eSentire says that the GootLoader malware gang, formerly prolific spreaders of REvil ransomware, has pivoted to actively targeting employees of law and accounting firms with malicious downloads.

WordPress vulnerabilities let the attackers easily hijack sites offering sample business agreements for professionals, eSentire says. The researchers were able to identify more than 100,000 pages with malicious business agreement links set up by GootLoader, with one site having more than 150 pages of content generated by the threat actors. (Becky Bracken / Threatpost)

Related: The Hacker News, eSentire

German cybersecurity awareness and testing platform company SoSafe raised $73 million in a Series B venture funding round.

Highland Europe led the round with participation from Acton Capital and Global Founders Capital, SAP Hybris founder and Celonis Advisory Board member Carsten Thoma, La Famiglia, and Adjust founder Christian Henschel.

Related: Tech.eu, Silicon Canals, FinSMEs