TechnologyRonin Hack: North Korea's Lazarus Behind $540 Million Axe...

Ronin Hack: North Korea’s Lazarus Behind $540 Million Axe Infinity Breach


Early this week, the Ukrainian Computer Emergency Response Team and Slovakian cybersecurity firm ESET warned that Russia’s notorious GRU Sandworm hackers had targeted high-voltage electrical substations in Ukraine using a variation of their blackout-inducing Industroyer malware, also known as Crash Override. Days later, the US Department of Energy, the Cybersecurity and Infrastructure Security Agency, the NSA, and the FBI jointly released an advisory about a new industrial control-system hacking tool set of unspecified provenance, dubbed Pipedream, that seemingly hasn’t been deployed against targets but that the operators of industrial systems need to proactively block.

Russia’s war on Ukraine has resulted in massive data leaks in which spies, hacktivists, criminals, and regular people looking to support Ukraine have grabbed and publicly released huge quantities of information about the Russian military, government, and other Russian institutions. And separate of the conflict, WIRED took a look at the true impact of source code leaks in the big picture of cybercriminal breaches.

Plus, DuckDuckGo finally released a version of its privacy browser for desktop, and WhatsApp is expanding to offer a Slack-like group chat organizational scheme called Communities.

And there’s more! We’ve rounded up all the news that we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.

Blockchain analysis researchers from Elliptical and Chainalysis said on Thursday that they had traced the massive quantity of cryptocurrency stolen last month from the Ronin network bridge to the North Korean Lazarus hacking group. The US Treasury also announced expanded sanctions against North Korea, Lazarus, and the group’s affiliates. The attackers stole large quantities of the Ethereum currency ether and some USDC stablecoin totaling $540 million at the time. (The value of the stolen funds has since risen to over $600 million.) Lazarus hackers have been on a cybercriminal rampage for years, breaching companies, orchestrating scams, and generally gathering profits to bankroll the Hermit Kingdom.

NSO Group, the Israeli developer of the powerful and widely used spyware Pegasus, was declared “valueless” in filings in British court this week. The assessment, described as “abundantly clear,” came from the third-party consultancy Berkeley Research Group that has been managing the fund that owns NSO. As a stunning number of autocrats and authoritarian governments have purchased NSO tools to target activists, dissidents, journalists, and other at-risk people, the spyware maker has been denounced and sued (repeatedly) by tech giants in an attempt to limit its reach. Targeted surveillance is big business and a nexus where espionage and human rights issues converge. Reuters reported this week, for example, that senior EU officials were targeted last year with unspecified Israeli-made spyware.

T-Mobile confirmed it had been breached last year (for what felt like the millionth time) after hackers put the personal data of 30 million customers up for sale for 6 bitcoins, or about $270,000 at the time. Recently unsealed court documents show, though, that the telecom hired a third-party firm as part of its response, and the firm paid the attackers about $200,000 for exclusive access to the trove in the hopes of containing the crisis. Paying hackers through third parties is a known but controversial tactic for dealing with ransomware attacks and digital extortion. One of the reasons it is frowned upon is that it often doesn’t succeed, as was the case with the T-Mobile data, which attackers continued to sell.

In a report this week, researchers from Cisco Talos said that a new type of information-stealing malware called “ZingoStealer” is spreading rapidly on the app Telegram. The cybercriminal group known as Haskers Ganghe is distributing the malware for free to other criminals or anyone who wants it, researchers said. The group, which may be based in Eastern Europe, frequently shares updates and tools on Telegram and Discord with the cybercriminal “community.”


More Great WIRED Stories





Original Source Link

Latest News

Nantucket grapples with who pays for climate projects and how much

Earlier this year, a waterfront house on Nantucket made headlines after its listing price plummeted 74% in the...

Bearish Wave Hits Solana: SOL Drops Below $140 – More Losses On The Horizon?

Solana, a leading blockchain platform, is experiencing a significant downturn as a persistent bearish wave sweeps through its...

Germany urges EU-China trade talks but criticises Beijing’s exports to Russia

Unlock the Editor’s Digest for freeRoula Khalaf, Editor of the FT, selects her favourite stories in this weekly...

Jabra Enhance Select 500 Review: Excellent Hearing Aids

The vast majority of additional features on the 500—including Jabra’s SoundScape speech clarity technology, top-tier support from professional...

Trump To Waste His Time Campaigning In Virginia

Instead of campaigning in a state that he has a chance of winning, Donald Trump will be campaigning...

Must Read

AI could take medical imaging to the next level 

Artificial intelligence in medical imaging is taking off....

EU tariffs on China not a ‘punishment,’ says German economy minister

Proposed European Union tariffs on Chinese goods are...
- Advertisement -

You might also likeRELATED
Recommended to you