Security News

The notorious North Korean hacking group known as Lazarus has been linked to the recent Atomic Wallet hack, resulting in the theft of over $35 million in crypto. The attack on Atomic Wallet occurred last weekend when numerous users reported that their wallets were compromised and their funds had been stolen.

Intel is investigating reports that BootGuard private keys, used to protect PCs from hidden malware, were leaked when data belonging to Micro-Star International was stolen and dumped online. It's understood the private keys were generated by MSI to use with Intel's BootGuard technology, and were among internal source code and other materials taken from the computer parts maker's IT systems last month - at least some of which has since been shared on the internet.

Health data and other personal information of members of Congress and staff were stolen during a breach of servers run by DC Health Care Link and are now up for sale on the dark web. Szpindor called the incident "a significant data breach" that exposed the personal identifiable information of thousands of DC Health Link employees and warned the Representatives that their data may have been compromised.

Norwegian authorities announced on Thursday that they had recovered $5.9 million of cryptocurrency stolen in the Axie Infinity hack - an incident widely held to have been perpetrated by the Lazarus Group, which has links to North Korea. The Norwegian National Authority for Investigation and Prosecution of Economic and Environmental Crime has called the seizure among the largest ever money seizures - and the largest-ever related to crypto - made by Norway.

The FBI has confirmed what cybersecurity researchers have been saying for months: the North Korean-sponsored Lazarus Group was behind the theft last year of $100 million in crypto assets from blockchain startup Harmony. In its January 23 statement on the matter, the FBI said the attack on Harmony was part of a North Korean malware campaign named "TraderTraitor."

As you'll know if ever you've lost a phone, or damaged a SIM card, mobile phone numbers aren't burned into the phone itself, but are programmed into the subscriber identity module chip that you insert into your phone. A crook who can sweet-talk, or bribe, or convince using fake ID, or otherwise browbeat your mobile phone provider into issuing "You" a new SIM card.

Florida man Nicholas Truglia was sentenced to 18 months in prison on Thursday for his involvement in a fraud scheme that led to the theft of millions from cryptocurrency investor Michael Terpin. The funds were stolen following a January 2018 SIM swap attack that allowed Truglia's co-conspirators to hijack Terpin's phone number and fraudulently transfer roughly $23.8 million in cryptocurrency from his crypto wallet to an online account under Truglia's control.

The theft of billions of dollars in cryptocurrency over recent months could have been prevented, and confidential computing is a key to the security fix. Fireblocks uses confidential computing for multi-party computation for private key security.

A French-speaking criminal group codenamed OPERA1ER has pulled off more than 30 cyber-heists against telecom organizations and banks across Africa, Asia, and Latin America, stealing upwards of $30 million over four years, according to security researchers. In one robbery, "a network of more than 400 mule subscriber accounts were used to quickly cash out stolen funds mostly done overnight via ATMs," the researchers wrote in a report this month.

According to court documents [PDF] filed Friday in federal New York City court, Ellis Pinsky agreed to pay Michael Terpin $22 million for his starring role in the SIM swap and Bitcoin heist. In a Rolling Stone interview over the summer, Pinsky - dubbed Baby Al Capone by the media - admitted he swiped millions in crypto-coins from Terpin via a SIM swap.