New Hacking Campaigns Range from Spanish Officials to Cryptocurrency Holders [Weekly Cybersecurity Brief]

As we explored the last two weeks, a major challenge facing the cybersecurity industry is the talent shortage. However, that is not the only issue keeping those already in the field on their toes. They also have an evolving threat landscape to manage. There are many factors forming the state of cybersecurity risks that range anywhere from geopolitical events to growing cryptocurrency interest, and some of the latest cybersecurity-related headlines reflect these concerns.

One such cybersecurity issue just unfolded in Spain. According to an AP report shared by NBC News, phones of activists and elected officials were recently impacted by “mercenary spyware” that may have been carried out in relation to the ongoing debate over Catalonia’s separation from Spain. Citizens Lab, a research group affiliated with the University of Toronto, helped to discover this alongside Catalan civil society groups. Within their findings, they summarized that around sixty-five individuals were targeted by the spyware, which is controversially sold by NSO Group and Candiru. In the past, this form of spyware has been used to compromise devices owned by people like human rights activists and journalists. While researchers have considered this information, the hacking has not been connected to a specific group. It has been confirmed, though, that “at least three European lawmakers representing Catalan separatist parties, members of two prominent pro-independence civil society groups, their lawyers, and elected officials at various levels, including three former regional presidents,” were included in those affected. 

In other news, the Ukrainian Computer Emergency Response Team and Slovakian cybersecurity firm ESET issued a warning that Russian-based GRU Sandworm hackers had implemented “their blackout-inducing Industroyer malware, also known as Crash Override,” to disrupt high-voltage electrical substations in Ukraine according to a Wired report. Not long after attention was brought to this, the US Department of Energy, the Cybersecurity and Infrastructure Security Agency, the NSA and the FBI put out an advisory centered around a new industrial control-system hacking tool, known as Pipedream. Although details of this being applied have not surfaced, the advisory emphasizes that operators should remain mindful of its existence. 

In addition to the development of and potential deployment of new tools, hackers also have new platforms to take advantage of. One of them is the increasingly popular cryptocurrency and blockchain space. After a large amount of cryptocurrency was stolen from the Ronin network bridge, a team of research groups have attributed the act to Lazarus, a North Korean organization. Other than this crypto-focused attack, Lazarus has a history of other cyber-criminal activity, which has led the US Treasury to strengthen sanctions against it.

Another new platform experiencing suspicious cyber activity, particularly connected to cryptocurrency, is Telegram. As CyberScoop shared, a collection of cybercriminals called the Haskers Gang has been leading an information compromising campaign on Telegram specifically targeting Russian gamers and other Russian speakers. The method, which has been named “ZingoStealer,” uses Telegram chat features to trick victims into thinking that they are getting access to materials like game cheats. However, they are opening the door to have information, including cryptocurrency wallet data, stolen.

Key Takeaways:

“Spyware use on separatists in Spain ‘extensive,’ cybersecurity group says” – The Associated Press, NBC News

https://www.nbcnews.com/tech/security/spyware-use-separatists-spain-extensive-cybersecurity-group-says-rcna24812

  • According to an AP report shared by NBC News, phones of activists and elected officials were recently impacted by “mercenary spyware.”
  • Citizens Lab, a research group affiliated with the University of Toronto, helped to discover this alongside Catalan civil society groups.
  • Within their findings, they summarized that around sixty-five individuals were targeted by the spyware, which is controversially sold by NSO Group and Candiru.

“Security News This Week: North Korea’s Lazarus Group Was Behind $540 Million Ronin Theft” – Lily Hay Newman, Wired

https://www.wired.com/story/ronin-hack-lazarus-tmobile-breach-data-malware-telegram/

  • Ukrainian Computer Emergency Response Team and Slovakian cybersecurity firm ESET issued a warning that Russian-based GRU Sandworm hackers had implemented “their blackout-inducing Industroyer malware, also known as Crash Override,” to disrupt high-voltage electrical substations in Ukraine.
  • Not long after attention was brought to this, the US Department of Energy, the Cybersecurity and Infrastructure Security Agency, the NSA and the FBI put out an advisory centered around a new industrial control-system hacking tool, known as Pipedream.
  • After a large amount of cryptocurrency was stolen from the Ronin network bridge, a team of research groups have attributed the act to Lazarus, a North Korean organization.

“Information-stealing malware is spreading widely on Telegram, Cisco Talos says” – Suzanne Smalley, Cyber Scoop

https://www.cyberscoop.com/zingostealer-information-stealer-cisco-talos-haskers-gang/

  • As CyberScoop shared, a collection of cybercriminals called the Haskers Gang has been leading an information compromising campaign on Telegram specifically targeting Russian gamers and other Russian speakers.
  • The method, which has been named “ZingoStealer,” uses Telegram chat features to trick victims into thinking that they are getting access to materials like game cheats.
  • ZingoStealer is used to steal information, including cryptocurrency wallet data.
Share

You Might Also Like...