Attack against supercomputers

More than 10 high-performance data centers were hacked, including the one in the city of Garching (Germany). They are used for research on Covid-19 therapies, but those affected suspect other motives behind the attacks.

Dieter Kranzlmüller cannot explain what the hacker wanted. "Someone broke in and manipulated the system. But we don't know exactly what he did," says the head of the Leibniz computer centre in Garching near Munich. The high-performance computer SuperMUC-NG is located there. Kranzlmüller's team had to take it off the Internet this week after a hacker had gained access to the system. The Cybercrime Department of the Bavarian State Office of Criminal Investigation is investigating.

The case has shaken the research community, which depends on the expensive machines for its investigations. They are scattered internationally, but can no longer access the computers online. According to Kranzlmüller, in addition to Garching, more than ten high-performance computer centres in different countries are affected, including those in Freiburg, Stuttgart and Jülich. A "serious problem right across the academic community", is what those responsible for the super computer Archer in Edinburgh call it.

Read more 🇩🇪:
https://www.computerbase.de/2020-05/sicherheitsprobleme-europaeische-rechenzentren-supercomputer/

https://www.sueddeutsche.de/digital/supercomputer-hacker-garching-corona-1.4909397

#attack #hacker #hacked #supercumputers #datacenter #research
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Hackers who stole files from a law firm to stars like Lady Gaga and Drake doubled their ransom to $42 million and threatened to release 'dirty laundry' on Trump

Grubman, Shire, Meiselas and Sacks was recently the target of a hack by a group called REvil, which is attempting to random the information.

One of the top entertainment law firms in the US — Grubman, Shire, Meiselas and Sacks — was recently the target of a ransomware attack.

REvil, the group behind the attack, on Thursday doubled their ransom to $42 million, Page Six reported.
They also threatened to release "dirty laundry" on President Donald Trump if the amount wasn't paid.
They did not elaborate on what the material might be. Sources told Page Six that Trump had never been a client of the firm.

A hacker group that stole 756 gigabytes of data from one of top US entertainment law firms has doubled their ransom to $42 million, and threatened to release "dirty laundry" on President Donald Trump if the money is not paid.

👉🏼 Weiter auf:
https://www.businessinsider.fr/us/revil-hackers-threaten-trump-dirty-laundry-taken-from-law-firm-2020-5

#hacker #hacked #ransom #LadyGaga #drake #trump
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

The entire database is being sold for $30,000 on a hacker forum.

Last month a hacker was selling 267 million Facebook user data on a dark web marketplace. Now, a hacker or call them a threat actor is claiming to have access to a database with 500 million Facebook user data from 82 countries.

What’s worse is that the data is currently being sold on an infamous hacking forum, Hackread.com has learned.

As seen on the forum, the hacker has been offering the treasure trove of data since May 15th, 2020 and includes personal information such as,

Names
Gender
location
City name
Surnames
Actual job
Marital status
Mobile number
Email addresses
Facebook profile links

Furthermore, the hacker has divided the price of the data into three parts, for instance, $1500 per million, $450 per 100,000, and $30,000 for 500 million for the entire database. The listing also states that the information in the database was stolen between November 2019 to May 2020.

👉🏼 Read more:
https://www.hackread.com/hacker-selling-500-million-facebook-user-data/

https://www.hackread.com/hacker-forum-sell-267-million-facebook-records/

#hacker #hacked #breach #facebook #DeleteFacebook
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Private data of 91 million Tokopedia users openly traded online: cyber security firm

A disturbing new development to Tokopedia’s massive user data leak has been reported, with a cyber security firm finding evidence that 91 million users’ private information were put up online over the weekend.

In May, a data breach monitoring service reported that a #hacker obtained the private data of 91 million Tokopedia users, containing their personal information, emails, and password hashes, and was selling it on the Darknet for US$5,000.

Yesterday, cyber security firm Communication and Information System Security Research Center (CISSReC) said someone — not necessarily the original hacker — who had gotten hold of the sensitive data uploaded it to a web forum on Friday, available for users to download for 8 forum credits. Anyone can purchase 30 forum credits for EUR8 (IDR130K or US$9).

https://coconuts.co/jakarta/news/private-data-of-91-million-tokopedia-users-openly-traded-online-cyber-security-firm/

#tokopedia

REPORT OF THE SELECT COMMITTEE ON INTELLIGENCE

UNITED STATES SENATE ON RUSSIAN ACTIVE MEASURES CAMPAIGNS AND INTERFERENCE IN THE 2016 U.S. ELECTION

VOLUME 5: COUNTERINTELLIGENCE THREATS AND VULNERABILITIES

👀 👉🏼 PDF (966 pages): https://kryptosjournal.com/uploads/1/3/2/3/132343488/472862136-senate-intel-report-volume5.pdf

👀 👉🏼 https://thehill.com/policy/national-security/512526-manafort-shared-campaign-info-with-russian-intelligence-officer

👀 👉🏼 Report: Trump campaign’s Russia contacts a ‘grave’ threat
https://t.me/BlackBox_Archiv/1107

#usa #russia #hacking #hacker #hacked #ToddlerTrump #elections #counterintelligence #pdf #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Iranian hackers pose as journalists

IT agents of Iran pose as journalists and conduct "interviews" to gain the trust of their victims. The attackers learn from North Korea.

State hackers of Iran pose as Farsi-speaking journalists of Deutsche Welle and the US weekly Jewish Journal. For their false identities, the attackers set up nice LinkedIn accounts. They also pick up the phone and call their victims via WhatsApp, ostensibly to conduct interviews or prepare an alleged webinar in which the victim is supposed to be the keynote speaker.

👀 👉🏼 🇬🇧 The Kittens Are Back in Town 3 (PDF)
https://www.clearskysec.com/wp-content/uploads/2020/08/The-Kittens-are-Back-in-Town-3.pdf

👀 👉🏼 🇬🇧 Operation ‘Dream Job’
https://www.clearskysec.com/wp-content/uploads/2020/08/Dream-Job-Campaign.pdf

👀 👉🏼 🇩🇪 https://www.heise.de/newsticker/meldung/Iranische-Hacker-geben-sich-als-Journalisten-aus-4881027.html

#iran #hacker #agents #attack #journalists #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Rampant Kitten – An Iranian Espionage Campaign

Introduction

Check Point Research unraveled an ongoing surveillance operation by Iranian entities that has been targeting Iranian expats and dissidents for years. While some individual sightings of this attack were previously reported by other researchers and journalists, our investigation allowed us to connect the different campaigns and attribute them to the same attackers.

💡 Among the different attack vectors we found were:

👉🏼 Four variants of Windows infostealers intended to steal the victim’s personal documents as well as access to their Telegram Desktop and KeePass account information

👉🏼 Android backdoor that extracts two-factor authentication codes from SMS messages, records the phone’s voice surroundings and more

👉🏼 Telegram phishing pages, distributed using fake Telegram service accounts

💡 The above tools and methods appear to be mainly used against Iranian minorities, anti-regime organizations and resistance movements such as:

👉🏼 Association of Families of Camp Ashraf and Liberty Residents (AFALR)

👉🏼 Azerbaijan National Resistance Organization

👉🏼 Balochistan people

👀 👉🏼 https://research.checkpoint.com/2020/rampant-kitten-an-iranian-espionage-campaign/

👀 👉🏼 https://www.zdnet.com/article/iranian-hacker-group-developed-android-malware-to-steal-2fa-sms-codes

#iranian #hacker #rampantkitten #android #malware #espionage #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Federal Agency Compromised by Malicious Cyber Actor

The Cybersecurity and Infrastructure Security Agency (CISA) responded to a recent threat actor’s cyberattack on a federal agency’s enterprise network. By leveraging compromised credentials, the cyber threat actor implanted sophisticated malware—including multi-stage malware that evaded the affected agency’s anti-malware protection—and gained persistent access through two reverse Socket Secure (SOCKS) proxies that exploited weaknesses in the agency’s firewall.

💡 For a downloadable copy of IOCs, see:
https://us-cert.cisa.gov/sites/default/files/publications/AR20-268A.stix.xml

👀 👉🏼 https://us-cert.cisa.gov/ncas/analysis-reports/ar20-268a

👀 👉🏼 https://www.zdnet.com/article/cisa-says-a-hacker-breached-a-federal-agency

#cisa #hacker #breach #breached #federal #agency
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

UK National Sentenced to Prison for Role in “The Dark Overlord” Hacking Group

Defendant Conspired to Steal Sensitive Personally Identifying Information from Victim Companies and Release those Records on Criminal Marketplaces unless Victims Paid Bitcoin Ransoms

A United Kingdom national pleaded guilty today to conspiring to commit aggravated identity theft and computer fraud, and was sentenced to five years in federal prison.

U.S. District Judge Ronnie White for the Eastern District of Missouri sentenced Nathan Wyatt, 39, who participated in a computer hacking collective known as “The Dark Overlord,” which targeted victims in the St. Louis area beginning in 2016. Wyatt was extradited from the United Kingdom to the Eastern District of Missouri in December 2019. Judge White also ordered Wyatt to pay $1,467,048 in restitution.

“Nathan Wyatt used his technical skills to prey on Americans’ private data and exploited the sensitive nature of their medical and financial records for his own personal gain,” said Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department’s Criminal Division. “Today’s guilty plea and sentence demonstrate the department’s commitment to ensuring that hackers who seek to profit by illegally invading the privacy of Americans will be found and held accountable, no matter where they may be located.”

“The Dark Overlord has victimized innumerable employers in the United States, many of them repeatedly, said U.S Attorney Jeff Jensen of the Eastern District of Missouri. “I am grateful to the victims who came forward despite ransom threats and to the prosecutors and agents who were the first to catch and punish a member of The Dark Overlord in the United States.”

“Cyber hackers mistakenly believe they can hide behind a keyboard,” said Special Agent in Charge Richard Quinn of the FBI’s St. Louis Field Office. “In this case, the FBI demonstrated once again that it will impose consequences on cyber criminals no matter how long it takes or where they are located.”

Wyatt admitted that, beginning in 2016, he was a member of The Dark Overlord, a hacking group that was responsible for remotely accessing the computer networks of multiple U.S. companies without authorization. Victims in the Eastern District of Missouri included healthcare providers, accounting firms, and others. Wyatt admitted that The Dark Overlord co-conspirators acted by obtaining sensitive data from victim companies, including patient medical records and personal identifying information, and then threatening to release the companies’ stolen data unless the companies paid a ransom of between $75,000 and $350,000 in bitcoin.

👀 👉🏼 https://www.justice.gov/opa/pr/uk-national-sentenced-prison-role-dark-overlord-hacking-group

#darkoverlord #hacker #hacking
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

When coffee makers are demanding a ransom, you know IoT is screwed

With the name Smarter, you might expect a network-connected kitchen appliance maker to be, well, smarter than companies selling conventional appliances. But in the case of the Smarter’s Internet-of-things coffee maker, you’d be wrong.

👀 👉🏼 https://arstechnica.com/information-technology/2020/09/how-a-hacker-turned-a-250-coffee-maker-into-ransom-machine/

#coffee #ransomware #iot #hacker #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Crypto crime - KuCoin: Hackers steal 150 million US dollars from Bitcoin stock exchange

The Bitcoin exchange KuCoin has become the victim of a hacker attack. According to estimates, 150 to 200 million US dollars disappeared. Most of the money is said to have already been recovered.

The Bitcoin exchange KuCoin has announced that it became the victim of a hacker attack on September 26. Mainly Bitcoin (BTC), Ether (ETH) and ERC 20 tokens were acquired by the attackers on their raid. The exchange did not explicitly comment on the amount of damage and reassured that it was a small part of the exchange's total capital. According to external estimates, however, crypto-values of 150 to 200 million US dollars (USD) were apparently lost in the process.

👀 👉🏼 https://nitter.net/kucoincom/status/1309689557206491137

👀 👉🏼 🇩🇪 https://www.btc-echo.de/kucoin-hacker-stehlen-150-millionen-us-dollar-von-bitcoin-boerse/

#KuCoin #bitcoin #exchange #hacker #hacked #attack
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

North Korea has tried to hack 11 officials of the UN Security Council

New UN Security Council report reveals repeated targeting of UN Security Council officials over the past year.

A hacker group previously associated with the North Korean regime has been spotted launching spear-phishing attacks to compromise officials part of the United Nations Security Council.

The attacks, disclosed in a UN report last month, have taken place this year and have targeted at least 28 UN officials, including at least 11 individuals representing six countries of the UN Security Council.

UN officials said they learned of the attacks after being alerted by an unnamed UN member state (country).

The attacks were attributed to a North Korean hacker group known in the cyber-security community by the codename of Kimsuky.

According to the UN report, Kimsuky operations took place across March and April this year and consisted of a series of spear-phishing campaigns aimed at the Gmail accounts of UN officials.

The emails were designed to look like UN security alerts or requests for interviews from reporters, both designed to convince officials to access phishing pages or run malware files on their systems.

The country which reported the Kimsuky attacks to the UN Security Council also said that similar campaigns were also carried out against members of its own government, with some of the attacks taking place via WhatsApp, and not just email.

Furthermore, the same country informed the UN that Kimsuky attacks have extremely persistent with the North Korean hacker group pursuing "certain individuals throughout the 'lifetime' of their [government] career."

👀 👉🏼 https://www.zdnet.com/article/north-korea-has-tried-to-hack-11-officials-of-the-un-security-council

#northkorea #hack #hacker #un #security #council
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Budding cyber crims can now enrol at ‘hacker university’

For a one-off fee of $125, you too can become one of those scumbags who preys on elderly Internet users and small online businesses.

Cybersecurity software provider Armor this week revealed in its latest annual threat report that it has found a so-called ‘hacker university’ offering online courses that teach students how to commit various cyber crimes. These include how to access a router’s admin software; deploying ransomware; locating targets on compromised networks; and trafficking stolen credit card information, among others.

According to Armor, the ‘university’ also plans to sell its own range of ransomware, keyloggers password stealers, and trojans.

All of this is accessible for the low price of $125, paid in Bitcoin or Monero – a cryptocurrency that prides itself in offering anonymous payments.

“Creators of the site advertise that they want to ‘teach people about cybercrime and how to become a professional cybercriminal. By taking the course offered you will gain the knowledge and skills needed to hack an individual or company successfully with whatever malware you have at your disposal’,” said Armor, in its threat report.

Charming. Presumably the university doesn’t offer a course on ethics, where students are encouraged to try and reconcile their idealised image of hackers as modern-day outlaws with the reality that all they are really doing is stealing old peoples’ pensions.

Among the other findings in Armor’s report is an a la carte menu of various dark-Web products and services and their prices.

These include but are not limited to perennial favourites like an individual’s credit card information ($5-$35 depending on nationality and type of card) or DDoS attack ($100-$250 depending on the size of Website), to something a little more exotic, like personal identifiable information – street-name ‘fullz’ – or a white-label turnkey e-commerce platform that enables anyone to set up their own darkweb online store. There is even a service that offers to destroy a rival small business by bombarding it with spam and unwanted items ($185).

👀 👉🏼 https://telecoms.com/506692/budding-cyber-crims-can-now-enrol-at-hacker-university/

#cyber #crims #crime #hacker #university #cybersecurity #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Hackers Congress Paralelní Polis Is Ready to Deliver Fifty-Eight Hours Of Freedom Content

Luptak: The annual Hackers Congress (HCPP) will take place on October 2 to 4 in the stunning venue of Paralelní Polis, Prague. Traditionally, it gathers freedom activists, technology geeks, artists and scientists. Every HCPP has a current topic — a provocative idea behind it. Continuing the trend of previous congresses in the series, which explored diverse topics such as the binding constraints of global political and economic systems, the manifesto of the 7th Hackers Congress (HCPP20) highlights “Digital Totality” as its main narrative and a current threat to humanity.

The event will focus on safeguarding privacy when drones, cameras, databases and hostile AI are more prevalent than ever before. This year’s event will focus on practical skills, with the overall goal of teaching participants to be more secure and private online. All ticket holders will benefit from rare networking opportunities with famous crypto anarchists, hackers, Austrian Economists, crypto evangelists and activists.

👀 👉🏼 https://www.nasdaq.com/articles/hackers-congress-paralelni-polis-is-ready-to-deliver-fifty-eight-hours-of-freedom-content

#hacker #congress #paralelni
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

FBI: Hackers stole source code from US government agencies and private companies

FBI blames intrusions on improperly configured SonarQube source code management tools.

The Federal Bureau of Investigation has sent out a security alert warning that threat actors are abusing misconfigured SonarQube applications to access and steal source code repositories from US government agencies and private businesses.

👀 👉🏼 Summary (PDF)
https://www.ic3.gov/Media/News/2020/201103-3.pdf

👀 👉🏼 https://www.zdnet.com/article/fbi-hackers-stole-source-code-from-us-government-agencies-and-private-companies

#hacker #usa #fbi #SonarQube #sourcecode #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

BlackBerry discovers new hacker-for-hire mercenary group

CostaRicto is the fifth hacker-for-hire mercenary group discovered this year.

BlackBerry's security team has published details today about a new hacker-for-hire mercenary group they discovered earlier this year, and which they tied to attacks to victims all over the world.

The group, which BlackBerry named CostaRicto, is the fifth hacker-for-hire group discovered this year after the likes of:

BellTrox (aka Dark Basin) [1, 2, 3]
DeathStalker (aka Deceptikons) [1, 2]
Bahamut [1, 2]
Unnamed group [1]

👀 👉🏼 https://www.zdnet.com/article/blackberry-discovers-new-costaricto-hacker-for-hire-group

#blackberry #hacker #costaricto #mercenary
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag