Point of View
OUR TAKE ON TRENDING STORIES In the ever-dramatic world of cybercrime, a small dark-web forum has found itself in a downward spiral, now up for sale. As covered in our weekly insight, the forum was breached by an unknown threat actor, prompting the admin to panic and shut it down. This came just days after the admin had taken to Telegram to badmouth the threat actor community and insult Shiny Hunters, the admin of Breach Forums. It seems the forum’s admin couldn’t handle the backlash and is now throwing in the towel.
The admin has put the entire forum's database, Telegram channel, and domain up for sale. The database is priced at $8,000, the domain at $600, and the Telegram channel at $2,000. In a somewhat surprising move, users can request the removal of their details from the database for free. There are also unsettling rumours that a former admin or prominent member of the community has tragically committed suicide, casting a somber shadow over an already chaotic situation.
In a moment of schadenfreude for both the online community and law enforcement, the Lockbit ransomware group recently claimed to have breached the United States Federal Reserve. This audacious claim naturally raised eyebrows, but as the countdown timer for the authenticity of the documents hit zero, it turned out to be a misdirection. The actual target was Evolve Bank & Trust, not the Federal Reserve. The confusion likely stemmed from a document mentioning the "United States Federal Reserve," which the affiliate, probably not fluent in English, misinterpreted. VX Underground humorously summed up the situation, pointing out the likely language barrier issue.
Meanwhile, Europol’s "End Game" operation, their largest offensive against botnets, has resulted in the arrest of four individuals—one from Armenia and three from Ukraine. This crackdown has seen law enforcement seize control of 2,000 domains and 100 servers across Europe and the Americas. Although the market for stealer logs remains active, there has been a noticeable dip in availability. One of the main suspects is believed to have raked in over 69 million euros in cryptocurrency, illustrating the scale and profitability of these operations.
The saga of Breach Forums continues with twists and turns. Just when the FBI thought they'd scored another victory by seizing the infamous Breach Forums and arresting its co-administrator Baphomet, the remaining admin pulled a digital rabbit out of the hat. Despite the initial seizure of both the clear-net and Tor domains, as well as the Telegram channel, the FBI's victory was short-lived. Mere hours after the domain was seized and added to the FBI's account, the account was suspended, and the domain fell back into the hands of the elusive threat actor. Emails between the FBI and the domain registrar detailing this blunder have since surfaced online.
The apparent end of Breach Forums was, in fact, just the beginning of a new chapter. In less than two weeks, a new admin known as Shiny Hunters resurrected the forum from old backups, launching a new Tor domain and fresh Telegram group. Not only is the clear-net site back up and running, but Shiny Hunters has also made headlines by offering the entire Live Nation/Ticketmaster database—containing 560 million users—for a cool $500k USD. The identity of the buyer remains unknown, adding another layer of intrigue to this unfolding story.
In another development, a breach impacting several American government agencies, including the US armed forces, has surfaced on dark web platforms. The notorious threat actor IntelBroker, known for his swift and effective hacks, claimed to have accessed sensitive data from the breached site in just "10–15 minutes." The compromised company, established to address the evolving landscape of maritime domain awareness, now finds itself at the centre of a significant data leak.
Meanwhile, a well-known threat actor group has announced a dramatic shift in focus. Declaring their departure from financially motivated cybercrime, they have pledged to return to their roots in hacktivism and political hacking. Their latest leak, though unverified, promises to be substantial. The group claims to have exposed sensitive information affecting various Mexican cartels, including the Sinaloa and Jalisco cartels. This leak allegedly stems from a variety of sources, including government sites, cartel-supported centres, and shops. The data dump also includes an in-depth research writeup detailing cartel operations and locations. Our team is currently sifting through the data to verify the claims and assess the implications.
It's been an action-packed month for cybersecurity professionals, and as always, the landscape continues to evolve with each passing day.
In cyber warfare, it seems no sector is safe from the relentless clutches of threat actors. Take, for instance, a Russian food manufacturing giant finding itself in the crosshairs of a Ukrainian hacker collective. With a flair for the dramatic, the group proudly proclaimed their conquest in a channel dedicated to airing their digital conquests. Their loot? A whopping 6TB of sensitive data, including source code and client information, leaving the company's confidentiality in tatters. And if that weren't enough, they even dropped the CEO's personal details like it was hot gossip, suggesting a brazen breach via the company's VPN. One can only speculate whether the CEO's nonchalance stemmed from a hefty ransom payout or simply poor cybersecurity practices.
Meanwhile, Apple users worldwide received an unexpected jolt from the tech giant, courtesy of threat notifications warning of potential targeted attacks by none other than sophisticated threat actors. These aren't your run-of-the-mill alerts; they're the digital equivalent of a red alert, signalling the presence of high-value targets under the watchful eye of nation-state hackers or other nefarious entities. It's a call to arms for users to fortify their digital defences posthaste, with a direct line to cybersecurity professionals for backup.
And just when you thought the cyber landscape couldn't get any stranger, along comes a musical interlude courtesy of the malware analysis mavens over at VX Underground. An EDM anthem straight out of an anime fever dream, its lyrics lifted straight from the digital annals of LockBit 3.0's takedown saga. It may not be destined for the Billboard charts, but it's certainly a quirky addition to the cyber-culture canon.
In cybersecurity policy, the Biden Administration's U.S. Cyber Trust Mark initiative is gearing up for its grand debut. Designed to bolster the security of everyday IoT devices, this policy promises consumers greater transparency when navigating the maze of internet-connected gadgets. However, as the industry braces for this much-needed shake-up, lingering concerns persist over the prevalence of insecure IoT devices lurking in the market's shadows. It's a step in the right direction, to be sure, but the road to a cyber-safe future is paved with many a digital hurdle.
Ah, the dramatic saga of TikTok in the United States! Picture this: a ban looming over TikTok, akin to a dark cloud threatening to rain on our digital parade. Congress is all up in arms, waving their "think of the children" banners while TikTok nervously checks its watch, wondering if it should start packing its bags for a forced sale. Meanwhile, nobody bats an eye at the plethora of Chinese gadgets quietly infiltrating American households. It's like the ultimate game of "spot the double standard."
And then there's the Discord bot community, a bustling hub of over 170,000 members, blissfully unaware of the chaos brewing in its midst. Little did they know, a sneaky supply chain attack was underway, with cybercriminals slinging malware like digital ninja stars. The plot thickens as innocent developers unwittingly become pawns in this cyber chess match. It's like a scene straight out of a cyberpunk thriller, only with more Python packages and less neon.
But wait, there's more! Remember that telecom company caught in the data breach scandal of yesteryear? Well, guess who's back in the limelight! Cue the dramatic music as data allegedly linked to their previous mishap resurfaces, like a ghost from breaches past. The company's denial game is strong, but cybersecurity experts aren't buying it. With the FCC's new data breach notification rules hot off the press, it's like watching a high-stakes poker game unfold, with the company desperately trying to bluff its way out of trouble.
Ah, the cybersecurity world. Just when you think you've seen it all, it throws you another curveball. Stay tuned, folks. This digital rollercoaster ride is far from over!
Well, well, well, it seems the digital waters are getting murkier by the day. A mysterious GitHub user by the name of I-SOON recently made their grand entrance onto the coding scene, dropping a repository bombshell titled "The Truth Behind an Xun." Inside? Oh, just a casual 200 megabytes of top-secret intel about a Chinese cybersecurity company. Talk about spilling the digital tea!
This treasure trove of data gives us a backstage pass into the shadowy world of state-sponsored hacking, courtesy of a company that, on the surface, offers cybersecurity courses and pen tests. But oh, there's so much more beneath the surface. The leaked documents, all 500 of them, paint a rather colourful picture of the company's not-so-innocent activities, spanning from the UK to the far corners of Asia.
And if that weren't enough, we've got juicy tidbits on spyware and hacking gadgets straight out of a Bond film. Imagine Android phones unwittingly spilling their guts when connecting to the same network as these nefarious devices. Oh, and let's not forget the pièce de résistance: a Twitter exploit playbook that's like a digital Trojan horse, granting attackers the keys to the Twitter kingdom with just one click on a shady link.
But wait, there's more! Among the treasure trove lies a white paper ominously titled "Twitter Public Opinion Guidance and Control System." Sounds like something straight out of a dystopian novel, doesn't it? Clearly, controlling overseas social public opinion is all the rage these days.
Meanwhile, down under, an Australian internet provider finds itself in some scorching hot water. Ever since cozying up to the Common Wealth Bank in 2021, they've found themselves in the midst of a security storm. Over 230 thousand users are left exposed after a security snafu of epic proportions. Despite assurances that they've slammed the door shut on network access, it seems the damage is done. Data types are now taking a leisurely stroll on the dark web, courtesy of this cyber debacle. Time to batten down the digital hatches, folks!
In a cyber twist reminiscent of a high-stakes thriller, Ukrainian activists are claiming to have performed a digital magic trick at the Russian Center for Space Hydro-Meteorology. The daring act allegedly involved breaking in and erasing a whopping two petabytes of data. If the Center had their cosmic ducks in a row with backups, they're in for a celestial restoration project that could take eons. The Planeta, as it's casually known, juggles the arrangement of aerospace data, including the management of military satellites, ground equipment like radars, and a plethora of stations monitoring everything from natural disasters to volcanic activity. The hackers, reportedly causing chaos across 280 servers, are giving the term "data wipeout" a cosmic spin. Despite the news being delivered by the Main Intelligence Directorate of Ukraine's Ministry of Defence, they're quick to deny any hands-on involvement, leaving the cyber curtain open for speculation.
Meanwhile, in the world of cybercrime, a member of the infamous Shiny Hunters crew has found themselves in a real-life courtroom drama. Sentenced to three years in the cyber slammer and slapped with a five-million-dollar damages bill, this former computer science whiz was nabbed by Moroccan authorities after the FBI sent out a digital wanted poster in May 2022. Through a plea deal that would make even seasoned negotiators nod in approval, the hacker avoided a potential 116-year prison stint for charges including electronic fraud and aggravated identity theft. The Shiny Hunters gang, known for its digital exploits in compromising over 60 companies, can now add the loss of one of its own to its criminal resume. Talk about poetic justice in the cyber realm.
As if we needed another plot twist in the cyber saga, "CyberKidnapping" is making headlines, featuring social engineering as the star of the show. In a recent American case, threat actors managed to get the upper hand by acquiring substantial information about a Chinese family with a 17-year-old son living in the U.S., while the rest of the family resided in China. Through a web of spoofed phone calls, these digital puppet masters convinced the family to fork over a hefty $80,000 for the supposed safe return of their son. The plot thickens as the young man is later discovered chilling in the mountains of Utah, having fallen victim to the cyber smoke and mirrors. Who needs Hollywood scripts when reality is writing its own cyber thriller?
A new hitch in the Bluetooth protocol is making iOS, Android, Linux, and Mac users do the vulnerability two-step. The researcher who stumbled upon this digital dance has chosen to keep the proof of concept under wraps, opting for a behind-the-scenes chat with the manufacturers. This exploit waltzes its way into the operating systems mentioned, convincing them to welcome an unauthorised individual via Bluetooth, turning your device into a potential puppet on the hacker's string. Until the code sees the light of day, it's a waiting game. Remember, folks, keep that Bluetooth switch off when not in use – consider it a digital lockdown for your devices. It's just another nudge to stay vigilant.
In the realm of booming cryptocurrencies, malware vendors are unveiling their latest party tricks. Their updates flaunt the ability to scour a victim's computer for popular crypto wallets. As we gear up for the new year, the research team is coming face-to-face with malware capabilities that are nothing short of spine-chilling. The A-list of stealer logs is up for sale, and these bad boys aren't being handed out for free. Balancing risk and convenience is an art form in the digital age. The research team is eyeing multiple devices to safeguard personal use applications like online banking, crypto wallets, and casual web surfing. It's like crafting a digital security masterpiece.
In a cinematic twist, the U.S. Justice Department has disrupted a ransomware gang that's been wreaking havoc globally for the past 18 months. The gang's tor network-operated ransomware site got the official "seized" stamp from the authorities. The victim list includes networks intricately linked with or supporting critical U.S. infrastructure. The ransomware gang's website now proudly displays a "seizure banner," showcasing the various law enforcement agencies that tag-teamed to take it down. However, in a plot twist worthy of a cyber thriller, a respected cybersecurity group exchanged messages with the gang, who claim they've simply changed locations. The FBI, ever the hero, has whipped up a decryption tool to restore the computers of the 500 or so victims. Cue collective sighs of relief from the ransomware-stricken masses.
BreachAware Insight
THE LATEST CURATED INTEL FROM OUR RESEARCH CENTRE![BreachAware Podcast](https://static.breachaware.net/public/img/global/insights/WTP-logo.png?id=1f23e9967f9e3b6ab7cb)
Listen to our podcast, where Andrew, the visionary CEO of BreachAware, sits down with unsung heroes of the cyber security industry. Get ready to uncover the stories and insights of industry trailblazers you might not have heard of before, as they share their experiences, opinions, and insider intel. But beware, it's not all serious talk—expect a healthy dose of humour (and the odd cussing) sprinkled throughout the conversation.
![Amazon Music](https://static.breachaware.net/public/img/global/insights/amazon-music.png?id=3cc39a9b5d75cc0e905a)
![Apple Podcasts](https://static.breachaware.net/public/img/global/insights/apple-podcasts.png?id=7fec9fe1ef63a79588a4)
![Spotify Podcast](https://static.breachaware.net/public/img/global/insights/spotify.png?id=864cd1a26037c44712c3)
![BreachAware YouTube Channel](https://static.breachaware.net/public/img/global/insights/youtube-white.png?id=b2e74d75def03b0f4bf1)
Weekly Summary
SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINESA total of 9 breaches were found and analysed resulting in 2,948,750 leaked accounts containing a total of 14 different data types. The breaches found publicly and freely available included Avito, Lulu Hypermarket, The Cellula, Boutique Curly and NATO Wiki
Global News Feed
POPULAR CYBERSECURITY PUBLICATIONSGoogle says it recently fixed an authentication weakness that allowed crooks to circumvent email verification needed to create a Google Workspace account, and leverage that to impersonate a domain holder to third-party services that allow logins through Google's "Sign in with Google" feature.