Russia's FSB Arrests REvil Group Members at U.S. Request
North Korean hackers stole $395 mil. in cryptocurrency last year, Gov't-industry partnership floated at WH meeting on open-source software security, Albuquerque schools shuttered by cyberattack, more
Don’t miss our special report on the takedown of Ukraine’s government’s public-facing digital infrastructure.
Russia’s FSB domestic intelligence service said that it conducted a special operation against ransomware crime group REvil at the request of the United States and has detained and charged the group's members.
“The organised criminal association has ceased to exist and the information infrastructure used for criminal purposes was neutralised," the FSB said in a statement. According to Interfax, a source close to the operation said the group's members with Russian citizenship would not be handed over to the United States. (Gabrielle Tétrault-Farber / Reuters)
Blockchain analysis firm Chainalysis says that North Korean hackers stole a total of $395 million worth of crypto coins last year across seven intrusions into cryptocurrency exchanges and investment firms.
The sum represents a nearly $100 million increase over the previous year's thefts by North Korean hacker groups. Over the past five years, have stolen $1.5 billion in cryptocurrency alone. The seven breaches Chainalysis tracked in 2021 amount to three more than in 2020, though fewer than the ten successful attacks that North Korean hackers carried out in 2018 when they stole a record $522 million. (Andy Greenberg / Wired)
Related: BBC News, CryptoSlate, New York Post, Cointelegraph.com, Al Jazeera English, DAILYSABAH, Brisbane Times, Arirang, The Hill: Cybersecurity, TechCentral, Reuters: World News, CTVNews.ca, The Guardian, The Korea Times News, Wired, U.Today, TechTimes, The Sun, Motherboard, The Record by Recorded Future, NBC News, Computing.co.uk, Chainanalysis
At yesterday’s White House meeting on the security of open-source software, participants talked about building a government-industry partnership to create a catalog of the most important pieces of open-source software that could spark log4j-level concerns.
As Google outlined in a post following the meeting, the project would resemble an effort the Cybersecurity and Infrastructure Security Agency is undertaking to create a broader list of the most “strategically important critical infrastructure.” Other priorities discussed at the meeting include ramping up cybersecurity training for open-source software developers, building closer connections between private sector efforts to shore up open-source software and government efforts outlined in President Biden’s May executive order, and increased funding and resources to existing projects to reduce the prevalence of hackable bugs in open-source software. (Joseph Marks and Aaron Schaffer / Washington Post)
Related: SDC Central, The Register, CIO News, PCMag.com, Techradar, Cybersecurity Insiders, My TechDecisions, TheDigitalHacker, Protocol, Protocol, PR Newswire, Engadget, Gizmodo, eSecurityPlanet, The Register, Security Week, Google
In a second cyberattack to disrupt public services in Albuquerque, New Mexico, the Albuquerque public school system was forced to close.
The school system, which comprises 144 schools and serves about a fourth of New Mexico's public school students, said it would close Thursday and Friday because a "cyberattack" had "compromised some systems that could impact teaching, learning, and student safety." It’s unclear if ransomware is involved in this incident. An earlier ransomware attack infected the computer systems of Bernalillo County, home to Albuquerque. (Sean Lyngaas / CNN)
Austria’s data protection authority upheld a complaint that a health-focused site called netdoktor.at, which had been exporting visitors’ data to the US as a result of implementing Google Analytics, had violated Chapter V of the EU’s General Data Protection Regulation (GDPR), which deals with data transfers out of the bloc.
The regulator assessed various measures Google said it had implemented to protect the data in the U.S, such as encryption at rest in its data centers and its claim that the data “must be considered as pseudonymous.” But the regulator did not find sufficient safeguards had been put in place to effectively block US intelligence services from accessing the data, as required to meet the GDPR’s standard. (Natasha Lomas / TechCrunch)
The Threat Response Unit from eSentire says that the GootLoader malware gang, formerly prolific spreaders of REvil ransomware, has pivoted to actively targeting employees of law and accounting firms with malicious downloads.
WordPress vulnerabilities let the attackers easily hijack sites offering sample business agreements for professionals, eSentire says. The researchers were able to identify more than 100,000 pages with malicious business agreement links set up by GootLoader, with one site having more than 150 pages of content generated by the threat actors. (Becky Bracken / Threatpost)
German cybersecurity awareness and testing platform company SoSafe raised $73 million in a Series B venture funding round.
Highland Europe led the round with participation from Acton Capital and Global Founders Capital, SAP Hybris founder and Celonis Advisory Board member Carsten Thoma, La Famiglia, and Adjust founder Christian Henschel.