Plus: Microsoft tracks new Iran-backed hacker activity
| Part of  Network | |
 |
A U.S. court has charged a 45-year-old Estonian citizen for buying weapons on behalf of the Russian government. If found guilty, the suspect could be in prison for 20 years. More: - The 45-year-old man named Andrey Shevlyakov is facing 18 different charges.
- According to the U.S., Shevlyakov ran several companies as a front to import sensitive electronics from U.S. businesses.
- These sensitive electronics were then clandestinely shipped to Russia, using digital tools to hide transactions along the way.
- Shevlyakov allegedly acquired items such as:
- Analog-to-digital converters,
- low-noise pre-scalers
- and defense system synthesizers.
- Shevlyakov is estimated to have exported at least $800,000 of items from October 2012 to January 2022.
| |
Over 1 million WordPress websites are believed to be currently infected by a 2017 hacking campaign that is still ongoing. The threat actor behind this campaign is unknown. More: - According to the researcher that tracked the flaw, the hacking campaign takes advantage of essentially all WordPress vulnerabilities tracked so far.
- The campaign uses the Balada Injector, taking advantage of newly registered domain names that contain malicious scripts and redirecting victims to various scam websites.
- In its final infection chain stage, the malware enables hackers to generate fake WordPress admin users, harvest data stored in the underlying hosts, and leave backdoors that can serve as long-term access paths.
- Through this method, the hacker group can gain access to multiple websites simply by compromising one of them.
- In addition to malware, this campaign also uses brute force attacks in an attempt to breach passwords.
| |
Hackers have managed to steal $13M from the Korean crypto exchange GDAC. The amount represents 23% of the company's entire asset value. More: - According to GDAC, hackers have stolen:
- 61 BTC,
- 350.5 ETH,
- 220,000 USDT,
- and 10M wemix tokens.
- GDAC claims that some of the stolen assets have been sent to foreign cryptocurrency exchanges.
- The company has reached out to these exchanges to prevent the funds from being laundered.
- To enhance its investigation, GDAC has suspended all deposits and withdrawals.
- The GDAC exchange has also requested other cryptocurrency exchanges to block transactions coming from any suspicious address.
- The platform has not given a specific date for resuming trading activity.
| |
A Microsoft report has uncovered a new government-backed Iranian hacking campaign. Two hacker groups, Muddy Water and DEV-1084, are believed to be deploying the cyberattacks. More: - Microsoft linked the two threat actors by spotting several similarities, including two key ones:
- DEV-1084 operators sent threatening emails from 146[.]70[.]106[.]89, an IP address previously linked to Muddy Water
- DEV-1084 used Mullvad VPN, a VPN used by Muddy Water.
- According to Microsoft's report, Muddy Water made the initial deployment by taking advantage of an unpatched security flaw that has yet to be tracked by its victims.
- The group is believed to hand over the responsibility of espionage and persistence to DEV-1084.
- The latter was found to have breached server farms, virtual machines, storage accounts, and virtual networks as part of its six-step infection chain:
- Access breach,
- Persistence,
- Lateral Movement,
- Execution,
- Impact,
- Communications.
- Muddy Water, also known as Mercury, has been actively launching cyber attacks at least since 2017.
Zoom Out: - Last month, the Israel National Cyber Directorate claimed that a February cyberattack against Technion University was conducted by MuddyWater.
| |
PC manufacturer MSI has announced that it was recently hacked by threat actors. The company claims its digital infrastructure has returned to normal. More: - The company has not specified if the cyberattack affected its core digital operations and whether the hackers could steal valuable data such as source code.
- Recently, a hacker group named Money Message claimed to have breached the Taiwanese PC manufacturer, but the company has not confirmed these claims.
- The group was first tracked in March 2023, attacking mainly organizations located in the U.S.
- Money Message targets Windows and Linux operating systems, asking for ransom to decrypt breached systems.
- In a recent breach, the threat actor asked for a $500,000 ransom payment.
| |
Quick Hits: - They're "realigning" the $19.4B joint surgery market…with robotics. Invest in Monogram ahead of their planned Nasdaq listing.*
- Belgian HR company SD Worx may have sensitive data stolen after a cyberattack forced it to shut down its digital infrastructure in its divisions in the U.K. and Ireland.
- Sophos has published patches for three security flaws, including a critical flaw tracked as CVE-2023-1671.
- Hackers have targeted NPM, an open-source code repository, with DDoS attacks.
- Put your data where your computer is — close to your users. Turso brings the SQLite database experience to the Edge. Get Started Free.*
*This is sponsored content.
| |
Upcoming Events - April 12 - Monthly Meditation guided by Nicholas Whitaker (Register Here)
- April 13 - Inside Interview with Lacework - The Evolution of Cloud Security w/ Ulfar Erlingsson (Watch On Demand)
- April 13 - Inside Marketing Coffee Break w/ Paolo Dello Vicario (ByTek) (Register Here)
- April 14 - Inside Interview with Landing - The Ultimate Corporate Housing Resource with Torger Philosophos (Register Here)
- April 18 - Human Resources Summit'23 (Register Here)
- April 18 - Inside Interview with TravelBank: Why Employee Happiness Is Falling More Into The Financial Sector (Watch On Demand)
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
| 767 Bryant St. #203, San Francisco, CA 94107
Copyright © 2023 Inside.com | |
| |
