Important news about the hacker scene:1. October 2022
Important news about the hacker scene:
US Senate to make use of cryptocurrencies by hackers more transparent
Washington, Oct. 1, 2022
The U.S. Senate is likely to include cryptocurrencies in the 2015 Cybersecurity Information Sharing Act bill. U.S. Sens. Marsha Blackburn (R-Tenn.) and Cynthia Lummis (R-Wyo.) have proposed the reform.
According to the senators, cryptocurrency has consistently been used by threat actors to hide their illicit financial gains. The Cybersecurity Act of 2015 does not include cryptocurrency firms; therefore, the amendment to the act also serves as the next step in regulating cryptocurrencies.
The proposed reform aims to make cryptocurrency companies more transparent about suspicious transactions and reduce losses caused by cybersecurity incidents.
If the bill passes, the Financial Crimes Enforcement Network and the Cybersecurity and Infrastructure Security Agency will issue policies and procedures for crypto companies exposed to potential cybersecurity risks.
NSA cyber specialist sought to sell classified information to Russian government
Washington, Oct. 1, 2022
A former NSA cyber specialist has been charged in a U.S. espionage case for trying to sell classified information to the Russian government. The 30-year-old faces life in prison or a death sentence.
The cyber specialist was hired at the NSA but only worked there for about four weeks. During his time at the agency, he printed top-secret documents for himself. After he left the NSA, he tried to sell the documents on a dark web site set up by the Russian intelligence agency SVR.
An undercover FBI agent convinced him that he was talking to the agent of a foreign government and sent payments to his cryptocurrency wallet addresses as part of the transaction. Initially, the FBI transferred two cryptocurrency payments worth nearly $5,000.
The former NSA employee demanded $85,000 in exchange for all the documents.
Later, he was arrested at the scheduled meeting place for handing over the documents. He cited financial problems as the reason for this act. He is charged with three violations of the Espionage Act.
This is not the first case in which former NSA employees have sold or given away sensitive data. Edward Snowden, a former NSA employee and CIA employee, leaked over 7,000 top secret documents to the public. The documents were sent to numerous journalists who published them.
Since the documents came to light in 2013, Snowden has been living in Russia, where he recently became a Russian citizen. Snowden is charged by the U.S. Justice Department with violating the Espionage Act and stealing government property.
Chinese hackers use malware hiding in Windows logo
NewYork, Oct. 1, 2022.
A new hacking campaign uses malware hiding in the Windows logo. Experts have identified the hacker group Witchetty as the threat actor.
It is suspected that the Witchetty hacker group is connected to the state-backed Chinese counterpart APT10.
The attack is carried out in several phases. First, the threat actors exploit several vulnerabilities, such as:
These vulnerabilities have been exploited by hackers to penetrate ProxyShell servers on previous occasions. Next, the intruders hide the backdoor malware in the image file, which allows them to perform file and directory actions, start, enumerate or terminate processes, modify the Windows registry, download additional payloads and exfiltrate files.
The hackers use steganography to hide the infected file in a public folder accessible to the administrator, in this case behind the Windows logo.
This hacking campaign was likely launched in June 2022.
APT10 has been linked to the 2016 cyberattack on the U.S. Navy, in which over 130,000 Navy member records were stolen. The group also attacked the world’s largest vaccine manufacturer, the Serum Institute of India.
Microsoft and Linkekin: North Korea’s hackers nurture open-source software for cyberattacks.
The two companies believe that the actor responsible for the attack is Zinc, also known as Labyrinth Chollima. Zinc has been active since 2009.
Their hacking campaign targets various industries such as media, defense, aerospace and IT. The targeted companies operate in the US, UK, India and Russia.
Initially, the threat establishes contact via LinkedIn and then gets the targets to download an infected file, which they send via WhatsApp. The group uses open-source software such as PuTTY, KiTTY, TightVNC, Sumatra PDF Reader and muPDF/Subliminal Recording Software Installer to execute these cyberattacks.
Once the threat actor successfully gains access to a device, it deploys a backdoor spyware called Zetanile.
This campaign began in April 2022.
According to Microsoft’s findings, the hacker group is motivated by cyber espionage, financial gain, data theft and destruction of corporate networks.