Loading summary
Transcript1 lines
- [00:00]
Caitlin Sory
Foreign takes down the Danabot and Lama Stealer malware operations the US Government wants a centralized data broker platform, Turkey dismantles a Chinese MZ catcher spy ring and Russia hacked border cameras to track Ukrainian military aid. This is the risky bulletin prepared by Carolyn Kempanu and read by me, Caitlin sory. Today is May 23rd and this podcast episode is brought to you by SpectreOps. The experts in attack path management, the Danabont and Llama Steeler malware operations have been shut down. Law enforcement agencies and cybersecurity firms worked together to seize infrastructure and take down both groups in two separate operations. Both Danabot and Llama Steeler infected hundreds of thousands of users, collected login credentials and enabled ransomware intrusions. US officials have also charged 16 people suspected of building and deploying the danabot malware since 2018. Two Russian nationals believed to be the group's leaders, Alexander Stepanov and Artem Kalinkin, are among those charged. The US Government will establish a centralized marketplace where intelligence agencies can buy commercially available information from data brokers. Submissions are open for companies wanting to build the marketplace, which has been named the Intelligence Community Data Consortium. People aggregate and remove duplicates of data from different brokers so the government only has to pay for it once. The Office of the Director of National Intelligence says the portal will be available to at least 18 different US government agencies. The cyber attack against UK retail chain Marks and Spencer will cost the company more than 300 million pounds. The sum represents recovery costs and revenue loss due to disrupted online ordering. Insurance companies Allianz and Beazley are expected to cover up to £100 million of the recovery costs, the company says. The disruption is expected to continue into July. Marks and Spencer identified a social engineering attack against contracted Tata Consulting Services as the hack's entry point. Two disgruntled employees from government IT contractor Apexis allegedly stole data from more than 30 U.S. government databases. They also deleted data from the databases. The Internal Revenue Service and the General Services Administration were among the agencies impacted by the incident, Bloomberg says. Apexis identified the two employees as Brother Suhab and Muneeb Actor after an internal investigation. The brothers have previous convictions for hacking the State Department. In 2015, they have been fired. Early analysis of stolen telemessage data made available this week has identified more than 60 US government users. Hackers provided the stolen data to DDoS secrets, who shared it with Reuters. The files did not contain full conversations, but did contain metadata about who was exchanging messages. Reuters linked some of the metadata to US Diplomats, customs officials, Disaster responders and at least one White House staffer. Russia has hacked logistics firms and border security cameras to track military aid sent to Ukraine. Air, sea and rail transportation companies have been targeted since the start of Russia's war. The attacks have been linked to the GRU military intelligence service, a unit known as APT 28, or Fancy Bear. In a joint security advisory issued by 21 agencies from 11 countries, the attacks were described as unsophisticated but persistent. Hackers have stolen $223 million in crypto tokens from the Cetus Decentralized Exchange. The attack has exploited vulnerabilities in several smart contracts that manage the platform's assets. Cedars says it's worked with industry partners and has frozen $162 million of the stolen assets. A publicly exposed database containing more than 180 million credentials has been discovered. Security researcher Jeremiah Fowler found the database and believes the data was collected by an infostealer operation. The hosting provider sh the database after being contacted by journalists. A US Senator has asked Spotify to crack down on fake podcasts that advertise drug websites. Senator Maggie Hassan sent a letter to the streaming platform after Business Insider found more than 200 fake podcasts on Spotify this month. Most were only a few seconds long and spelled out domains where users could buy drugs. Russia will require foreigners visiting Moscow to install tracking apps on their smartphones. The new law will be trialled for four years and will come into effect in September. Foreign diplomats, miners and Belarusian citizens are exempt. Turkish authorities have arrested seven Chinese nationals for spying on Uyghurs and Turkish officials with IMSI catchers. Officials say the spy ring was set up five years ago and the equipment was smuggled into the country over time. The group allegedly also hacked into bank accounts to steal money to cover their operational expenses. The U.S. department of justice has indicted a Russian national over leading the Quackbot malware group. Rustem Gallyamov allegedly developed the malware in 2008. Authority says Gallyamov has sold access to his botnet to at least eight ransomware crews since 2019. The DOJ has seized $24 million worth of crypto assets linked to Quackbot operations and ransomware payments. A 19 year old student from Massachusetts has pleaded guilty to hacking and extorting the PowerSchool education cloud platform. Matthew D. Lane admitted to stealing the personal data of more than 60 million students and 10 million teachers in the hack. Last year, Lane extracted a payment of $2.85 million from the company. The US Department of Justice also allegedly extorted a second unnamed company. Law enforcement agencies from 10 countries have arrested 270 suspects for selling illegal products on the Dark Web. The individuals were identified using data seized from Dark Web Marketplaces Nemesis, Tortador, Bohemia and Kingdom Markets. Almost half of those arrested were based in the U.S. authorities seized over 184 million euros in cash and cryptocurrencies A threat actor has hacked more than 5,000 networking devices and turned them into honeypots. The attacker installed their monitoring system on devices from over 50 companies. Most of the hacked devices are in Asia. Security firm Sequoia believes the attacker is attempting to collect exploits used by rival gangs. Hundreds of users are demanding that GitHub add an option to block issues and pull requests made using the company's new Copilot AI agent. The new feature was announced on Monday and uses a dedicated GitHub user that cannot be blocked. Say the Copilot agent is already flooding their projects with AI junk that's wasting their time. Three vulnerabilities have been discovered in the Versa Concerto network orchestration platform. The three bugs can be chained together to attack and take over Concerto instances. One of the three is an authentication bypass with a severity score of 10 out of 10. Researchers at Project Discovery found the bugs and notified Versa Networks in February. It's unclear if patches have been released. Akamai has published details on an unpatched privilege escalation vulnerability in Windows Server 2025 that allows attackers to compromise any active directory user. Bad successor abuses the delegated managed service account introduced in Windows Server 2025. The attack works against the default configuration. Akamai published a proof of concept script to perform the attack after Microsoft declined to patch the issue. That's all for this podcast edition. Today's show was brought to you by our sponsor, SpectreOps. Find them at SpectreOps IO. Sam.