Security News

CISA, the FBI, and the US Treasury Department warned today that the North Korean Lazarus hacking group is targeting organizations in the cryptocurrency and blockchain industries with trojanized cryptocurrency applications. The attackers use social engineering to trick employees of cryptocurrency companies into downloading and running malicious Windows and macOS cryptocurrency apps.

US critical infrastructures targeted by complex malware. The Department of Energy, the Cybersecurity and Infrastructure Security Agency, the National Security Agency and the Federal Bureau of Investigation are warning the US energy sector that certain APT threat actors have exhibited the capability to gain full system access to multiple industrial control system and supervisory control and data acquisition devices.

Attackers unleash LockBit ransomware on US government computers. One attack highlighted in the report found that ransomware groups spend at least five months combing through a regional U.S. government agency's files and system before deploying a LockBit attack onto the affected computer.

The Treasury Department's Office of Foreign Assets Control has updated its Specially Designated Nationals list with new information linking the North Korean-backed Lazarus Group APT to the largest cryptocurrency hack in history. Blockchain data platform Chainalysis first spotted that a new ETH address added by OFAC to the SDN list as part of the Lazarus Group entry was also used in March to collect the ETH and USDC tokens stolen during the Axie Infinity's Ronin bridge hack.

You may recall the late cryptocurrency trading hamster, Mr Goxx, who went viral during his brief and colourful life as a rodentine coinhodler. Sadly, given how this particular story ends, US cryptocurrency developer Virgil Griffith has provided another episode in the never-a-dull-moment world of cryptocurrencies.

A joint cybersecurity advisory issued by CISA, NSA, FBI, and the Department of Energy warns of government-backed hacking groups being able to hijack multiple industrial devices.The federal agencies said the threat actors could use custom-built modular malware to scan for, compromise, and take control of industrial control system and supervisory control and data acquisition devices.

Today, the U.S. has announced exemptions on previously imposed sanctions on Russia related to telecommunications and internet-based communications, likely to prevent Russians from being isolated from Western news sources. The revised sanctions released today and signed by Deputy Director of the Office of Foreign Assets Control, Bradley Smith, re-opens the possibility for US companies to license, export, sell, or supply services for software, hardware, and IT technology related to communications.

Another member of notorious cybercrime ring FIN7 is headed to jail after the gang breached major companies' networks across the US and stole more than $1 billion from these businesses' customers. Ukrainian-born Denys Iarmak, 32, who worked as a penetration tester for the criminal group, was sentenced to five years in prison for his affiliation with FIN7.

The Justice Department today announced a court-authorized operation, conducted in March 2022, to disrupt a two-tiered global botnet of thousands of infected network hardware devices under the control of a threat actor known to security researchers as Sandworm, which the U.S. government has previously attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation. The operation copied and removed malware from vulnerable internet-connected firewall devices that Sandworm used for command and control of the underlying botnet.

US government officials announced today the disruption of the Cyclops Blink botnet linked to the Russian-backed Sandworm hacking group before it was used in attacks. The malware, used by Sandworm to create this botnet since at least June 2019, is targeting WatchGuard Firebox firewall appliances and multiple ASUS router models.