The recently released Binance court documents are absolutely insane
tl;dr acknowledge terrorists use it to launder money, openly forge reports, indifferent to cyber crime
You can read the full document here: https://downloads.coindesk.com/legal/cftc_v_binance.pdf
tl;dr acknowledge terrorists use it to launder money, openly forge reports, indifferent to cyber crime
You can read the full document here: https://downloads.coindesk.com/legal/cftc_v_binance.pdf
π€―27π₯8π±8π€ͺ5β€3π₯°2π1π€£1
The infamous ransomware affiliate Bassterlord has announced his retirement. He states he will now live like a normal person. He informs Lockbit ransomware group administration he will be passing his work to his trainees - a subgroup within Lockbit known as National Hazard Agency
π«‘56β€14π3π3
April 2023 will be a big month.
- New merch store managed by corg_e
- New malware database custom made via guessthepw
- Black Mass Vol 2. book will be released
- New merch store managed by corg_e
- New malware database custom made via guessthepw
- Black Mass Vol 2. book will be released
π₯21β€4
Earlier today CrowdStrike reported a supply chain attack targeting the 3CX Voice Over Internet Protocol (VOIP) Windows desktop client.
- 600,000 companies use it
- 12,000,000 users
- Sophos has identified a MacOS variant infected
- Currently attributed to Lazarus Group
- 600,000 companies use it
- 12,000,000 users
- Sophos has identified a MacOS variant infected
- Currently attributed to Lazarus Group
π€―16β€4π4π€3π«‘3π₯°1
Prior to CrowdStrike's report - customers went to the 3CX forums expressing concerns that EDRs were reporting suspicious activity. EDRs from CrowdStrike, ESET, PaloAltoNtwks, and SentinelOne flagged the binary. 3CX said they were wrong.
Images via malwrhunterteam
Images via malwrhunterteam
π€£20π€5π2π€ͺ2β€1
SentinelOne has released an in-depth analysis of the malware and payload, they have dubbed it 'SmoothOperator'. The final payload exfiltrates data from web browsers Chrome, Edge, Brave, and Firefox.
tl;dr largest data theft in history?
https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/
tl;dr largest data theft in history?
https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/
SentinelOne
3CX SmoothOperator | 3CXDesktopApp in Supply Chain Attack
Explore the intricacies of 3CX Smooth Operator. Learn about the multi-stage attack chain and infostealer malware delivery at scale.
π€―20π€ͺ3
We have malware samples from the recent 3CX VOIP supply chain attack.
- SmoothOperator.7z
- 48.1MB compressed
- Samples from CrowdStrike and SentinelOne reports
You can download the malware samples here: https://share.vx-underground.org/
- SmoothOperator.7z
- 48.1MB compressed
- Samples from CrowdStrike and SentinelOne reports
You can download the malware samples here: https://share.vx-underground.org/
π₯27π₯°4π2
MacOS malware expert patrickwardle has been covering the MacOS variant of the 3CX VOIP supply chain attack.
Additionally, we have managed to get our hands on the MacOS variant.
Download: https://share.vx-underground.org
Analysis: https://twitter.com/patrickwardle/status/1641294247877021696
Additionally, we have managed to get our hands on the MacOS variant.
Download: https://share.vx-underground.org
Analysis: https://twitter.com/patrickwardle/status/1641294247877021696
Twitter
RE: The 3CX VOIP supply chain attack, vendors have stated that macOS was also targeted - but I couldn't find any specific technical details (yet) ππβ οΈ
One vendor stated, "we cannot confirm that the Mac installer is similarly trojanized"
...let's dive in!β¦
One vendor stated, "we cannot confirm that the Mac installer is similarly trojanized"
...let's dive in!β¦
π€―10β€4π2π―1
Very cool, thanks for supporting vx-underground, LeBron James
π€£45π€ͺ19π₯10π4π€3β€2π€―1π1
Hello,
If you're a person who possesses the recently leaked Vulkan files, and would be kind enough to share them with us, we would appreciate it. We would like to read them.
Thank you.
https://www.theguardian.com/technology/2023/mar/30/vulkan-files-leak-reveals-putins-global-and-domestic-cyberwarfare-tactics
If you're a person who possesses the recently leaked Vulkan files, and would be kind enough to share them with us, we would appreciate it. We would like to read them.
Thank you.
https://www.theguardian.com/technology/2023/mar/30/vulkan-files-leak-reveals-putins-global-and-domestic-cyberwarfare-tactics
the Guardian
βVulkan filesβ leak reveals Putinβs global and domestic cyberwarfare tactics
Vulkan engineers have worked for Russian military and intelligence agencies to support hacking operations, prepare for attacks on infrastructure and spread disinformation
π43π€£20π«‘8π5π―5β€2π₯2π€©1
The 3CX CEO stated that the supply chain attack that occured wasn't their fault, rather it was the result of an upstream vendor being compromised, suggesting FFmpeg, because this is where the malware payload resides
FFmpeg denies this because they don't release compiled binaries
FFmpeg denies this because they don't release compiled binaries
π49π€―9π€£7π€1
During the SolarWinds supply chain attack, the CEO blamed the intern. Now, a CEO must blame the free and open source library.
π€ͺ27π―19π13