Security News

The hack that caused Axie Infinity losses of $620 million in crypto started with a fake job offer from North Korean hackers to one of the game's developers. One senior engineer at Axie Infinity showed interest in the fake job offer, due to the very generous salary, and went through multiple rounds of interviews.

The gang received the name Luna Moth and has been active since at least March in phishing campaigns that delivered remote access tools that enable the corporate data theft. The Incident Response team at cybersecurity company Sygnia has been tracking the activity of the Luna Moth ransom group, noting that the actor is trying to build a reputation using the name Silent Ransom Group.

A team of security researchers found that several modern Honda car models have a vulnerable rolling code mechanism that allows unlocking the cars or even starting the engine remotely. Called Rolling-PWN, the weakness enables replay attacks where a threat actor intercepts the codes from the keyfob to the car and uses them to unlock or start the vehicle.

A newly observed phishing campaign is leveraging the recently disclosed Follina security vulnerability to distribute a previously undocumented backdoor on Windows systems. "Rozena is a backdoor malware that is capable of injecting a remote shell connection back to the attacker's machine," Fortinet FortiGuard Labs researcher Cara Lin said in a report this week.

The $540 million hack of Axie Infinity's Ronin Bridge in late March 2022 was the consequence of one of its former employees getting tricked by a fraudulent job offer on LinkedIn, it has emerged. According to a report from The Block published last week citing two people familiar with the matter, a senior engineer at the company was duped into applying for a job at a non-existent company, causing the individual to download a fake offer document disguised as a PDF. "After what one source described as multiple rounds of interviews, a Sky Mavis engineer was offered a job with an extremely generous compensation package," the Block reported.

Malicious actors have been observed abusing legitimate adversary simulation software in their attacks in an attempt to stay under the radar and evade detection. Palo Alto Networks Unit 42 said a malware sample uploaded to the VirusTotal database on May 19, 2022, contained a payload associated with Brute Ratel C4, a relatively new sophisticated toolkit "Designed to avoid detection by endpoint detection and response and antivirus capabilities."

Military entities located in Bangladesh continue to be at the receiving end of sustained cyberattacks by an advanced persistent threat tracked as Bitter. "Through malicious document files and...

An anonymous threat actor is selling several databases they claim to contain more than 22 terabytes of stolen information on roughly 1 billion Chinese citizens for 10 bitcoins. Based on the information they shared regarding the allegedly stolen data, the databases contain Chinese national residents' names, addresses, national ID numbers, contact info numbers, and several billion criminal records.

In the world of illegal cyber activities, different kinds of threat actors exist. Another category of threat actors exists, dubbed hackers-for-hire.

The notorious North Korea-backed hacking collective Lazarus Group is suspected to be behind the recent $100 million altcoin theft from Harmony Horizon Bridge, citing similarities to the Ronin bridge attack in March 2022. The finding comes as Harmony confirmed that its Horizon Bridge, a platform that allows users to move cryptocurrency across different blockchains, had been breached last week.