CyberCrime - W/E - 10/19/18
"Operation Opensalt" Cyber Spy Campaign Uses Source Code from Chinese Hackers (10/18/2018)
McAfee released a report announcing the discovery of a new cyber espionage campaign targeting South Korea, the United States, and Canada. The new campaign uses a data reconnaissance implant last used in 2010 by the hacker group APT1, or Comment Crew, a Chinese military-affiliated group accused of launching cyber attacks on more than 141 US companies from 2006 to 2010. The actors of this new campaign have not been identified, but since they reused code from implants by Comment Crew, which conducted offensive cyber operations against the US dubbed Operation Seasalt, the new campaign has been named "Operation Oceansalt" due to its similarity to Seasalt. McAfee found that Oceansalt was launched in five attack waves adapted to its targets.
McAfee released a report announcing the discovery of a new cyber espionage campaign targeting South Korea, the United States, and Canada. The new campaign uses a data reconnaissance implant last used in 2010 by the hacker group APT1, or Comment Crew, a Chinese military-affiliated group accused of launching cyber attacks on more than 141 US companies from 2006 to 2010. The actors of this new campaign have not been identified, but since they reused code from implants by Comment Crew, which conducted offensive cyber operations against the US dubbed Operation Seasalt, the new campaign has been named "Operation Oceansalt" due to its similarity to Seasalt. McAfee found that Oceansalt was launched in five attack waves adapted to its targets.
Crippling Ransomware Attack on NC Utility Caused by Emotet Trojan (10/17/2018)
Following Hurricane Florence, ONWASA, a critical water utility in North Carolina, has been targeted by cybercriminals in a sophisticated ransomware attack that has left the utility with limited computer capabilities. Although customer information and the water supply were unaffected, many ONWASA databases must be rebuilt from scratch as a result of the attack. The Emotet banking Trojan was blamed for repeated attacks beginning on October 4. Emotet then launched the Ryuk ransomware on October 13, and while ONWASA's IT staff worked to contain it, the virus encrypted the utility's databases and files. Federal authorities are investigating, according to a statement from ONWASA.
Following Hurricane Florence, ONWASA, a critical water utility in North Carolina, has been targeted by cybercriminals in a sophisticated ransomware attack that has left the utility with limited computer capabilities. Although customer information and the water supply were unaffected, many ONWASA databases must be rebuilt from scratch as a result of the attack. The Emotet banking Trojan was blamed for repeated attacks beginning on October 4. Emotet then launched the Ryuk ransomware on October 13, and while ONWASA's IT staff worked to contain it, the virus encrypted the utility's databases and files. Federal authorities are investigating, according to a statement from ONWASA.
Facebook Issues Update on "View As" Vulnerability and Attack (10/15/2018)
Facebook issued an update to the report of the vulnerability it uncovered regarding its "View As" function. This flaw - which allowed one to steal access tokens to take over accounts - existed between July 2017 and September 2018 and is believed to have affected as many as 30 million accounts. Facebook noted that it has deactivated the feature and is cooperating with the FBI in "actively" investigating what parties may be behind the attack.
Facebook issued an update to the report of the vulnerability it uncovered regarding its "View As" function. This flaw - which allowed one to steal access tokens to take over accounts - existed between July 2017 and September 2018 and is believed to have affected as many as 30 million accounts. Facebook noted that it has deactivated the feature and is cooperating with the FBI in "actively" investigating what parties may be behind the attack.
LuminosityLink RAT Creator Receives Prison Term (10/17/2018)
A 21-year-old Kentucky man will spend 30 months in prison for conspiracy to unlawfully access computers in furtherance of a criminal act, conspiracy to commit money laundering, and the illegal removal of property to prevent its lawful seizure, the Justice Department (DOJ) has announced. Colton Grubbs previously admitted to designing, marketing, and selling the LuminosityLink remote access Trojan and keylogger. In his plea agreement, Grubbs admitted to selling this software for $39.99 USD apiece to more than 6,000 customers.
A 21-year-old Kentucky man will spend 30 months in prison for conspiracy to unlawfully access computers in furtherance of a criminal act, conspiracy to commit money laundering, and the illegal removal of property to prevent its lawful seizure, the Justice Department (DOJ) has announced. Colton Grubbs previously admitted to designing, marketing, and selling the LuminosityLink remote access Trojan and keylogger. In his plea agreement, Grubbs admitted to selling this software for $39.99 USD apiece to more than 6,000 customers.