Risky Bulletin: Pro-Palestinian Hacktivists Claim X DDoS Attack

Episode Release Date: March 12, 2025
Host: Claire Aird
Source: Risky.biz

1. Pro-Palestinian Hacktivist Group Dark Storm Team Claims DDoS Attack on X

In the latest cybersecurity development, the pro-Palestinian hacktivist group, Dark Storm Team, has publicly taken responsibility for a significant Distributed Denial of Service (DDoS) attack that disrupted the operations of social media platform X. The attack, which occurred on a Monday, led to substantial downtime for the platform, affecting millions of users globally.

Claire Aird reports, “[00:04] Pro Palestinian hacktivist group Dark Storm Team has taken credit for a DDoS attack that took down social media platform X.” This statement underscores the increasing activity of hacktivist groups leveraging DDoS attacks to make political statements or protest against perceived injustices.

Elon Musk, the owner of X, initially attributed the attack to a cluster of Ukrainian IP addresses, stating, “[00:04] X owner Elon Musk confirmed the attack and claimed it originated from a cluster of Ukrainian IPs.” However, subsequent investigations by Risky Business revealed inconsistencies in this claim. Sources within the cybersecurity community have contended that the attack was more geographically distributed than originally suggested, indicating a more complex and widespread network of compromised systems was involved.

The misattribution by Elon Musk raises concerns about the challenges in accurately tracing the origins of cyberattacks, especially when sophisticated tactics like IP spoofing and the use of botnets are employed by attackers. This incident highlights the necessity for robust and transparent incident response mechanisms to ensure accurate attribution and effective mitigation strategies in the aftermath of such attacks.

2. Sean Plenke Nominated as New Director of CISA

In significant personnel news, the Trump administration has put forth Sean Plenke as the nominee for the next director of the Cybersecurity and Infrastructure Security Agency (CISA). Claire Aird elaborates, “[00:04] The Trump administration has nominated Sean Plenke as the next CISA director.”

Plenke brings a wealth of experience to the role, having held multiple cybersecurity positions during the first Trump administration. His background includes serving in the Cyber Command and acting as the Chief Information Officer for the U.S. Navy. These roles have endowed him with a deep understanding of both offensive and defensive cyber operations, making him a fitting candidate to lead CISA in its mission to secure the nation’s cyber infrastructure.

The nomination of Plenke is particularly noteworthy given CISA’s pivotal role in coordinating defenses against cyber threats across federal, state, and local governments. His expertise is expected to bolster CISA’s initiatives in threat intelligence sharing, infrastructure protection, and incident response, especially in the face of escalating cyber threats from both state and non-state actors.

3. CISA Faces Funding Cuts and Workforce Reductions

Amidst leadership changes, CISA is undergoing significant restructuring, including budget cuts and workforce reductions. As highlighted by Claire Aird, “[00:04] CISA has cut its funding for the Multi State Information Sharing and Analysis Centre. The non-government centre was established in 2004 to help US federal, state and local governments share information about emerging cyber threats and vulnerabilities.”

The funding reduction affects the Multi-State Information Sharing and Analysis Center (MS-ISAC), which boasts over 17,000 members and has been instrumental in fostering collaboration and information sharing among various government entities. CISA’s previous contribution of $10 million annually to MS-ISAC underscores the significant impact of these cuts on the agency’s ability to coordinate and respond to emerging cyber threats effectively.

Furthermore, the U.S. Department of Government Efficiency has orchestrated the termination of two of CISA’s red teams, leading to the loss of more than 300 employees, including over 100 red teamers. Claire Aird notes, “[00:04] The so-called U.S. department of Government Efficiency has fired two of the agency's red teams. More than 300 CISA employees were let go, including over 100 red teamers.” This marks the third round of layoffs at CISA within the year, signaling a shift in the agency’s operational capacity and strategic priorities.

The reduction in red teams, which are crucial for simulating cyberattacks to test and improve an organization’s defenses, could potentially weaken CISA’s proactive measures in identifying and mitigating vulnerabilities within critical infrastructure.

4. Arrest of Garentex Cryptocurrency Exchange Co-Founder

In international cybersecurity enforcement news, Indian authorities have apprehended Alexei Bershikov, a Lithuanian citizen and co-founder of the Moscow-based Garentex cryptocurrency exchange. Claire Aird reports, “[00:04] Indian authorities have arrested the co-founder of the Moscow based Garentex cryptocurrency exchange. Lithuanian citizen Alexei Bershikov was indicted in the US last week on money laundering charges and was picked up by Indian police yesterday.”

The FBI’s seizure of Garentex last week was a decisive move against the exchange, which was implicated in laundering proceeds from dark web marketplaces and ransomware attacks. Bershikov’s detention occurred while he was on vacation with his family along India’s southern coast, highlighting the international scope of cybercrime investigations and the collaborative efforts required to bring such individuals to justice.

This case underscores the growing focus on regulating and policing cryptocurrency platforms, which have increasingly become conduits for illicit financial activities. The arrest serves as a deterrent to other operators in the cryptocurrency space, signaling that authorities are ramping up efforts to clamp down on money laundering and cyber-enabled financial crimes.

5. FTC Allocates Over $25 Million for Tech Support Scam Victims

The Federal Trade Commission (FTC) has allocated more than $25 million to refund consumers who were victimized by the Restoro and Reimage tech support scams. Claire Aird details, “[00:04] The FTC has earmarked more than $25 million to refund consumers impacted by the Restoro and Reimage tech support scams.”

These companies employed deceptive tactics by displaying fake Microsoft pop-ups, falsely claiming that users’ computers were infected with malware. Once enticed, victims were persuaded to purchase software licenses priced up to $58, purportedly to remove the fabricated malware. The scheme not only defrauded consumers financially but also eroded trust in legitimate tech support services.

The $25 million settlement, resulting from a lawsuit filed by the FTC in 2024, aims to provide restitution to the affected individuals. Claire Aird adds, “[00:04] Eligible victims will be paid this week. The funds are the result of settlement in 2024 after the agency sued the two companies.”

This intervention by the FTC highlights the importance of regulatory oversight in combating fraudulent practices and protecting consumers from tech support scams, which continue to evolve in sophistication and prevalence.

6. New York State Sues Allstate Over Data Breaches at National General

In a significant legal action, the State of New York has filed a lawsuit against insurance giant Allstate concerning two data breaches that occurred at its subsidiary, National General. Claire Aird reports, “[00:04] The State of New York has sued insurance provider Allstate over two breaches at its subsidiary National General. The breaches occurred in 2020 and 2021 and exposed information of almost 160,000 New York residents.”

The lawsuit alleges that National General failed to adequately detect the hacks or timely notify the affected customers, thereby compromising sensitive personal information. The exposures during the breaches have raised serious concerns about the agency’s cybersecurity measures and its adherence to data protection regulations.

This legal action underscores the increasing accountability faced by organizations in safeguarding consumer data. As regulatory frameworks around data privacy tighten, entities like Allstate are compelled to enhance their cybersecurity infrastructures and ensure robust incident response strategies to prevent future breaches and mitigate their impacts effectively.

7. Expansion of Cyberscam Compounds Linked to Myanmar’s Military and Militias

Cybercrime activities continue to flourish globally, with specific attention drawn to Myanmar's military and associated militias. Claire Aird reports, “[00:04] Two cyberscam compounds built last year are allegedly linked to Myanmar's military and a local militia in the Myawadi region, according to activist group Justice for Myanmar. Six other compounds grew in size. As one example, the KK Park Scam Centre built more than 20 new structures last year.”

Despite neighboring Thai authorities cutting power to Myanmar's border regions in late 2023, these scam compounds have not only persisted but also expanded. The KK Park Scam Centre’s construction of over 20 new structures exemplifies the resilience and growth of cybercrime operations in the region. These compounds serve as hubs for orchestrating various cyber scams, including phishing, malware distribution, and other fraudulent activities that perpetuate financial and reputational harm to victims worldwide.

The linkage of these operations to Myanmar's military and local militias indicates a troubling intersection of cybercrime and geopolitical conflicts, where state-affiliated actors exploit cyber capabilities to fund military endeavors or exert influence. This development demands international cooperation and strengthened cybersecurity measures to dismantle such networks and curb the proliferation of state-linked cyber threats.

8. Mozilla Urges Firefox Users to Update Before Root Certificate Expiration

In browser security news, Mozilla has issued a critical update recommendation for Firefox users. Claire Aird states, “[00:04] Mozilla has urged users to update older versions of Firefox by Friday before one of its root certificates expires.”

The impending expiration of a root certificate poses significant risks, as it will result in the browser ceasing to receive security updates, disabling of add-ons, and potential disruption of video content playback. To mitigate these risks, users are advised to ensure they are running Firefox version 128 or later, which was launched in July 2024. Claire emphasizes, “[00:04] Users should ensure they're running Firefox 128 or later.”

A timely update is essential for maintaining browser security, ensuring compatibility with the latest web standards, and safeguarding against vulnerabilities that could be exploited by malicious actors. Mozilla’s proactive communication aims to prevent any service disruptions and maintain user trust in their browser’s security infrastructure.

9. Recent Security Patches from Microsoft and Apple Address Critical Vulnerabilities

The latest Patch Tuesday updates have been particularly noteworthy, with both Microsoft and Apple addressing critical vulnerabilities. Claire Aird reports, “[00:04] As usual, Microsoft Patch 6 actively exploited zero days and Apple patched a zero day in its WebKit browser engine on both macOS and iOS.”

Microsoft’s Patch 6 addresses multiple actively exploited zero-day vulnerabilities, underscoring the ongoing threats posed by unidentified and unpatched security flaws. These zero-days are particularly perilous as they are exploited by attackers before developers can release patches, leaving systems vulnerable to breaches and data compromises.

On the other hand, Apple has patched a sophisticated zero-day vulnerability in its WebKit browser engine, impacting both macOS and iOS platforms. Apple described the attacks as “extremely sophisticated,” although they did not provide detailed information about the exploit. This characterization highlights the advanced tactics employed by attackers to infiltrate secure environments and the critical need for prompt patching and user vigilance in maintaining device security.

These updates emphasize the dynamic nature of cybersecurity threats and the imperative for both users and organizations to stay abreast of the latest security patches and updates to defend against emerging vulnerabilities effectively.

Conclusion

The latest episode of Risky Bulletin delivered a comprehensive overview of significant cybersecurity events, ranging from hacktivist activities and organizational changes within key cybersecurity agencies to legal actions against data breaches and the expansion of cybercrime operations linked to geopolitical conflicts. The discussions also highlighted essential updates for software security, reinforcing the continual need for vigilance and swift action in the ever-evolving landscape of cybersecurity threats.

As cyber threats become increasingly sophisticated and widespread, the insights shared in this episode underscore the importance of robust security measures, effective regulatory frameworks, and international cooperation in safeguarding digital assets and maintaining the integrity of information systems worldwide.

This summary captures the key points, discussions, insights, and conclusions from the Risky Bulletin podcast episode titled "Risky Bulletin: Pro-Palestinian hacktivists claim X DDoS," released on March 12, 2025. Notable quotes have been included with appropriate timestamp attributions to provide clarity and context.