Security News

A new variant of the Agent Tesla malware has been spotted in an ongoing phishing campaign that relies on Microsoft PowerPoint documents laced with malicious macro code. Agent Tesla is a.Net-based info-stealer that has been circulating the internet for many years but remains a threat in the hands of phishing actors.

Some Tesla owners worldwide are unable to unlock or communicate with their cars using the app due to an outage of the company's servers. Starting around 4 PM EST, Tesla owners have taken to social media reporting that the Tesla app is returning a "500 server error" when attempting to communicate with the car.

"Attached herewith is the revised circular," the malicious email reads. "Since 50 percent of the malicious emails targeted South Korea, we can speculate that threat actors were closely monitoring local news about the vaccination campaign in the country and anticipated shipment of 14 million doses of coronavirus vaccine," the spokesperson said.

A Russian man was sentenced Monday to what amounted to time already served and will be deported after pleading guilty to trying to pay a Tesla employee $500,000 to install computer malware at the company's Nevada electric battery plant in a bid to steal company secrets for ransom. Egor Igorevich Kriuchkov, appearing by videoconference from jail, apologized after U.S. District Judge Miranda Du in Reno acknowledged the attempted hack was not successful and the company network was not compromised.

Security researchers Ralf-Philipp Weinmann of Kunnamon, Inc. and Benedikt Schmotzle of Comsecuris GmbH have found remote zero-click security vulnerabilities in an open-source software component used in Tesla automobiles that allowed them to compromise parked cars and control their infotainment systems over WiFi. It would be possible for an attacker to unlock the doors and trunk, change seat positions, both steering and acceleration modes - in short, pretty much what a driver pressing various buttons on the console can do.

Two researchers have shown how a Tesla - and possibly other cars - can be hacked remotely without any user interaction. The analysis was initially carried out for the Pwn2Own 2020 hacking competition - the contest offered a car and other significant prizes for hacking a Tesla - but the findings were later reported to Tesla through its bug bounty program after Pwn2Own organizers decided to temporarily eliminate the automotive category due to the coronavirus pandemic.

The U.S. Department of Justice yesterday announced updates on two separate cases involving cyberattacks-a Swiss hacktivist and a Russian hacker who planned to plant malware in the Tesla company. A Swiss hacker who was involved in the intrusion of cloud-based surveillance firm Verkada and exposed camera footage from its customers was charged by the U.S. Department of Justice on Thursday with conspiracy, wire fraud, and identity theft.

The Russian national who attempted to convince a Tesla employee to plant malware on the company's computers has pleaded guilty, the U.S. Justice Department announced on Thursday. Egor Igorevich Kriuchkov, 27, has pleaded guilty to one count of conspiracy to intentionally cause damage to a protected computer.

Russian national Egor Igorevich Kriuchkov has pleaded guilty to recruiting a Tesla employee to plant malware designed to steal data within the network of Tesla's Nevada Gigafactory. Kriuchkov also told the Tesla employee that he was earlier involved in other similar "Projects" where one of the victim companies paid $4 million after negotiating down from an initial $6 million ransom.

The US Department of Justice has revealed that two sets of crooks have confessed to conspiracies against companies led by Elon Musk. Twenty-seven year-old Egor Igorevich Kriuchkov travelled to the US in August 2020 to recruit an employee of an unnamed large Nevada-based company to inject data exfiltrating malware into the system in exchange for Bitcoin or cash worth US$1M dollars.