Security News

The Treasury Department's Office of Foreign Assets Control has updated its Specially Designated Nationals list with new information linking the North Korean-backed Lazarus Group APT to the largest cryptocurrency hack in history. Blockchain data platform Chainalysis first spotted that a new ETH address added by OFAC to the SDN list as part of the Lazarus Group entry was also used in March to collect the ETH and USDC tokens stolen during the Axie Infinity's Ronin bridge hack.

You may recall the late cryptocurrency trading hamster, Mr Goxx, who went viral during his brief and colourful life as a rodentine coinhodler. Sadly, given how this particular story ends, US cryptocurrency developer Virgil Griffith has provided another episode in the never-a-dull-moment world of cryptocurrencies.

A joint cybersecurity advisory issued by CISA, NSA, FBI, and the Department of Energy warns of government-backed hacking groups being able to hijack multiple industrial devices.The federal agencies said the threat actors could use custom-built modular malware to scan for, compromise, and take control of industrial control system and supervisory control and data acquisition devices.

Today, the U.S. has announced exemptions on previously imposed sanctions on Russia related to telecommunications and internet-based communications, likely to prevent Russians from being isolated from Western news sources. The revised sanctions released today and signed by Deputy Director of the Office of Foreign Assets Control, Bradley Smith, re-opens the possibility for US companies to license, export, sell, or supply services for software, hardware, and IT technology related to communications.

Another member of notorious cybercrime ring FIN7 is headed to jail after the gang breached major companies' networks across the US and stole more than $1 billion from these businesses' customers. Ukrainian-born Denys Iarmak, 32, who worked as a penetration tester for the criminal group, was sentenced to five years in prison for his affiliation with FIN7.

The Justice Department today announced a court-authorized operation, conducted in March 2022, to disrupt a two-tiered global botnet of thousands of infected network hardware devices under the control of a threat actor known to security researchers as Sandworm, which the U.S. government has previously attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation. The operation copied and removed malware from vulnerable internet-connected firewall devices that Sandworm used for command and control of the underlying botnet.

US government officials announced today the disruption of the Cyclops Blink botnet linked to the Russian-backed Sandworm hacking group before it was used in attacks. The malware, used by Sandworm to create this botnet since at least June 2019, is targeting WatchGuard Firebox firewall appliances and multiple ASUS router models.

The US State Department this week launched an agency responsible for developing online defense and privacy-protection policies and direction as the Biden administration seeks to integrate cybersecurity into America's foreign relations. "The last few years have made evident how vital cybersecurity and digital policy are to America's national security," said Secretary of State Antony Blinken during a ribbon-cutting ceremony for the new Bureau of Cyberspace and Digital Policy.

Cash App is notifying 8.2 million current and former US customers of a data breach after a former employee accessed their account information. Block, Inc., the owner of Cash App, disclosed in a Form 8-K SEC filing that the breach occurred on December 10th, 2021, after a former employee downloaded internal Cash App reports while no longer employed at the company.

US President Joe Biden today has extended the state of national emergency declared to deal with increasingly prevalent and severe malicious cyber threats to the United States national security, foreign policy, and economy. The national emergency was declared on April 1, 2015, by former President Barack Obama through Executive Order 13694, which also sanctioned the individuals coordinating or contributing to cyberattacks against the US. On December 28, 2016, Obama issued Executive Order 13757 to amend E.O. 13694 because such malicious attacks were being used to undermine democratic processes and institutions.