Tag Archives: hackers

Gamers as Hackers: Discovering the Next Generation of Tech Talent in Unexpected Places | Bridging Fun and Purpose

Posted on by
Reply

For numerous young individuals in schools and universities, a solid understanding of digital skills is essential for future learning and employment prospects. Nonetheless, teachers face a considerable challenge in ensuring these skills are utilized effectively.

As reported by The Hacking Games, an organization focused on helping youth with hacking skills secure jobs in the cybersecurity sector, criminal groups are increasingly targeting talented teenagers within popular online gaming spaces.

This is a route that educators hope to steer their students away from, which is why Co-op, a sponsor of the Co-op Academies Trust, has collaborated with The Hacking Games. The Co-op Academies Trust serves over 20,000 students across 38 primary, secondary, and special needs schools, as well as one college in Northern England. The partnership aims to direct students with coding skills toward careers in ‘ethical hacking.’

Joe Sykes, Careers Director at the Co-op Academies Trust, comments: “In recent years, there has been a growing interest among students in technology, particularly gaming, and they are investigating how this passion might lead to future careers.

“Through our engagement with The Hacking Games, we discovered the transferable skills that exist between gaming and ethical hacking, particularly within cybersecurity. Our students found this link to be both exciting and motivating.”

“Students will find it engaging to learn about the transferable skills between gaming and ethical hacking in the technology sector, especially in cybersecurity.”

Adam Woodley, Head of Curriculum at Connell Cope College, agrees, noting that many young individuals view careers in the digital sector as a “very popular option.”

“Students have acquired highly sought-after skills through hobbies such as gaming, and they naturally desire to apply these skills in exciting career paths,” he states.

“Thus, it is crucial that they have the chance to explore the stimulating realm of ethical hacking and cybersecurity and utilize those skills to benefit society.”

Rob Elsey, Chief Digital Information Officer at Co-op, concurs. “There are numerous unfilled positions in cybersecurity,” he points out. “The more we can transform the bright, skilled young individuals we have in the UK into defenders instead of attackers, and educate them about the available opportunities, the better. This will help us confront ongoing threats as a nation.”

Driving apprenticeships and internships

Fergus Hay, co-founder of The Hacking Games, emphasizes, “It takes a community to motivate, appreciate, and empower this generation to choose the right path.” The Hacking Games’ framework assesses young people’s digital aptitudes and skills against specific criteria to identify suitable careers for them in the tech industry.

The Hacking Games is actively working on creating formal pathways (apprenticeships and internships) to digital jobs within the government or private sectors in the future. Many experts believe this route is also accessible for neurodiverse youth. However, for both neurodivergent and neurotypical individuals, gaming serves as a common training ground for hacking, remarks John Madelin, a cybersecurity veteran and Chief Product Officer at The Hacking Games.

“Many hackers I’ve encountered are gamers,” he states, adding that most young gamers do not harbor criminal intentions, “but the distinction is significant.” For many young gamers, hacking revolves around discovering new and hidden aspects of gameplay, while for some, it involves creating and selling cheat codes to other players.


Hacking Games’ assessment framework aligns a student’s aptitudes with appropriate technical jobs. Composite: Getty Images/Guardian Design

These advanced technological skills are precisely what criminal organizations seek to exploit, particularly among students less focused on academic achievement. However, Madeline asserts she can guide young hackers toward more positive paths. “It’s essential to continuously challenge and engage them,” he states. “Instead of allowing them to remain inactive, we should utilize their talents.”

The Co-op Academies Trust has already identified careers in the digital sector as crucial components of its post-primary career program. Mr. Sykes believes it is vital for all children to discern their strengths as early as possible. “Our duty as educators is to optimize outcomes in these areas.

“Individuals with strong digital skills often possess a natural inclination to think logically and solve problems creatively,” she adds.

“Blessed with a talent for technology and gaming.”

The collaboration between Co-op and The Hacking Games comes after Co-op became the target of a cyberattack earlier this year. Focused on creating social value, Co-op (an organization owned by its members rather than shareholders) sought to address the underlying causes of hacking.

“We recognize that children possess talents in technology and gaming, and that these skills can lead to hacking,” Sykes states. “Initiatives like this allow us to discuss the ramifications and legalities surrounding hacking and help students recognize the opportunities these skills can present through their ethical application.”

Potential roles in cybersecurity for major firms and organizations may involve identifying weaknesses that malicious hackers could exploit. There are also opportunities within government departments working against hacking attempts directed at critical national infrastructure.

This is one of the primary reasons The Hacking Games recently launched its HAPTAI platform. The platform aids in developing hacking aptitude profiles for young individuals by analyzing their performances in popular games and matching them with corresponding psychometric profiles. Subsequently, candidates are paired with roles and teams suited to their strengths.


Our collaboration with The Hacking Games aims to encourage children to actively harness their abilities. Composite: Getty Images/Guardian Design

Protection today, career path tomorrow

“Children can be particularly susceptible to online dangers, thus we ensure they are educated about these risks, including the legal boundaries surrounding online safety and hacking,” Sykes explains. “I believe all schools need to stay updated with current issues. This presents a real opportunity for professionals to enhance their understanding of the risks and communicate them effectively to parents.”

In the future, she envisions a national computer science curriculum that incorporates lessons on ethical hacking and PSHE (Personal, Social, Health and Economic), helping all students recognize the potential harm at all levels of the economy.

Until that vision is realized, the partnership between Co-op and The Hacking Games will persist. The Co-op Academy Walkden will be piloted in the upcoming months to raise awareness of the issue and identify talented young individuals who can contribute to the solution before scaling it into a nationwide program.

“There are vast career opportunities in the digital arena,” states Sykes. “This ultimately aids students in understanding all the positive pathways available to them and how they can significantly contribute to creating a safer world.”

learn more

Keep children and young people safe online with Barnardo’s online safety guidance

Source: www.theguardian.com

Kido Nursery Hackers Claim to Have Removed Stolen Data | Cybercrime

Posted on by
Reply

Cybercriminals who compromised the personal information and photos of thousands of nursery children have since removed the data following a public outcry.

The group responsible for the breach has erased details of children from the UK-based Kido nursery network.

Screenshots reviewed by the Guardian show that the child’s profile from the breach is no longer visible. Currently, the Kido logo is displayed with “More” under “More,” but sources in cybersecurity report that the link is non-functional, indicating that the data has been removed.

A spokesperson for Kido confirmed that the attacker had indeed deleted the previously exposed information.

The spokesman stated: “We are adhering to guidance from authorities regarding ransom payments to prevent incentivizing further criminal activities. We are collaborating closely with families, regulatory bodies, law enforcement, and cybersecurity experts to ensure our data is permanently removed.”

The BBC first reported on the data deletion and mentioned a hacker who expressed remorse, stating, “I’m sorry for hurting the child.”

Targeting children has drawn widespread condemnation, with cybersecurity experts labeling the breach as “crossing a line” and “testing ethical boundaries.” A parent of a child at Kido in London remarked that the hackers were “sinking to new lows.”

The Guardian has also found indications of notorious gang members in underground cybercrime forums being advised by their peers to avoid attacking minors.

On Wednesday, members of Nova, a faction that offers hacking services to other criminals, cautioned a persona named Radiant on an anonymous Russian forum, saying, “reputation matters, so do not target children.” Radiant responded, “We have not been allowed to cease any operations concerning them,” adding, “data of those under 19 who attended has been deleted.”

The leak site and forum posts were documented by analysts at the cybersecurity firm Sophos.

Hacking teams are acutely aware of the impact of negative publicity, which can lead to increased scrutiny from law enforcement and disrupt internal relationships within the hacking community.

Sophos researcher Rebecca Taylor noted: “Even criminals understand that there are lines they shouldn’t cross. We have discovered that stealing data from minors not only draws attention but also damages credibility.”

Taylor emphasized, “credibility is crucial” for groups that demand ransoms for stolen information. The BBC reported that Radiant had sought £600,000 in Bitcoin from Kido for the return of the data, but Kido refused to comply.

“The deletion of data was not an act of benevolence, but rather a move for damage control. This was an unusual instance where morality and self-interest briefly aligned,” Taylor remarked.

However, the revamped Radiant Leak site, a portal for such data, appears to be more user-friendly, featuring a search bar to locate companies targeted by the group and contact information through TOX, an encrypted messaging platform.

Radiant demonstrates proficient English in communication, but analysts suspect this group may not be Western-based. Most ransomware groups originate from former Soviet states. Analysts believe that Radiant may represent a new entity in the cybercrime landscape.

Before the data was deleted, one woman informed the BBC that she received a threatening call from a hacker who claimed they would publish information about her child online unless she pressured her child to comply with ransom demands. Kido operates 18 locations in London, along with nurseries in the US, India, and China.

Radiant boasted about having sensitive information on over 8,000 children and their families, including incident reports, protection records, and billing information. All Kido nursery locations in the UK reported being affected by the breach.

One cybercriminal told the BBC: “All child data has been removed. There is nothing left, and this should reassure parents.”

Source: www.theguardian.com

Kido Nursery Hackers Threaten to Release Additional Children’s Profiles | Cybercrime Update

Posted on by
Reply

A hacker threatens to release personal information and photographs of thousands of nursery children online unless a ransom is paid.

Identified by the alias Shine, the hacker compromised the UK-based Kido Nursery chain and revealed the profiles of 10 children online on Thursday. Their Dark Web site features a “Data Leak Roadmap,” indicating plans to “publish 30 profiles of personal data for each child and 100 employees.”

A cybersecurity briefing reviewed by the Guardian suggests that Radiant is a new entity within the cybercrime landscape, “pushing the limits of morality and practicality.”

The group’s online content demonstrates proficient English skills; however, there are hints they may not be Western, attributed to a “slight awkwardness” in their phrasing, the analysis indicates.

The Radiant Gang’s “leak sites”—a common strategy in ransomware attacks displaying victim data on the dark web—contain 10 Kido customer profiles for parents, which include the child’s name, date of birth, parent’s and grandparent’s names, as well as address and phone number.

The site claims to possess sensitive information on over 8,000 children and their families, documenting incidents, protection reports, and claims. All Kido nurseries in the UK have reported being impacted.

The leak site mentioned its efforts to negotiate with Kido, stating, “It’s slowly leaking, which undermines the entire company and prompts them to continue the dialogue.”

A spokesperson from Kido stated: “We have recently identified and responded to cyber incidents. We are collaborating with external experts to investigate and determine the details of what occurred. We will promptly inform both our families and relevant authorities and maintain close communication with them.”

The nursery chain is collaborating with authorities, including the intelligence committee’s office, Ofsted, and the Metropolitan Police, which is currently conducting an investigation.

An email from Kido UK CEO Catherine Stoneman, reviewed by the Guardian, noted a “complex” forensic investigation and emphasized treating the incident as a “first priority.” She suggested that the breach involved “two third-party systems responsible for processing certain data.”

Stoneman elaborated: “If we confirm that family information has been compromised, affected families have been contacted. If you have not received direct communication, that means there is no forensic evidence indicating your data has been impacted.”

With 18 locations across London, the US, India, and China, Kido informed parents that the breach occurred due to criminal access to data hosted on a software service known as Famly.

Famly’s CEO, Anders Laustsen, stated: “We will conduct a comprehensive investigation into this matter to ensure that Famly’s security and infrastructure have not been compromised.

One parent shared with the BBC that she received a threatening phone call from a hacker.

Sean, whose child attends Kido Nursery in Tooting, southwest London, expressed that neither he nor any parents he knew had been directly informed by the nursery about the potential compromise of their children’s data. “How could they obtain details for specific kids, not just generally? That’s the real issue,” he remarked.

Sean noted that he viewed the risk of real-time information regarding children—such as through cyberattacks—as a necessary trade-off for using the app. He empathized with nursery staff who bear the brunt of parental complaints, pointing out that the app provider should be held accountable.

“One of the obviously alarming aspects is that anyone could stoop to such depths to extort money from a nursery while using children as leverage,” he said.

Authorities are cautioning businesses against paying hacker ransoms to help prevent the perpetuation of criminal activities, as cyberattacks continue to escalate in frequency.

Recent high-profile victims include Co-ops, Marks & Spencer, and Jaguar Land Rover. Many of these attacks have been linked to an English-speaking cybercrime group known as “scattered spiders.”

The M&S hack utilized ransomware commonly associated with Russian-speaking cyber gangs, including software designed to lock target IT systems.

The BBC communicated with criminals via the Signal messaging app, found them fluent in English but learned that it wasn’t their primary language, and they employed others for calls.

The hacker remarked, “We do it for profit, not just for the sake of being criminals. I know I’m committing crimes and this isn’t my first or my last.”

They added that the public scrutiny was too intense, leading them to refrain from targeting nurseries again.

Source: www.theguardian.com

Hackers Allegedly Breach Kido Nursery Chain, Exposing Photos of 8,000 Children

Posted on by
Reply

Approximately 8,000 names, photos, and addresses of children were allegedly taken from the Kido Nursery chain by a group of cybercriminals.

According to the BBC, these criminals are demanding ransoms from companies operating 18 sites in London, as well as additional locations in the US, India, and China.

The hackers also accessed details about the children’s parents and caregivers, claiming they were securing notes. They reached out to several individuals by phone, employing tactics associated with the Frightor.


Kido has been approached for comment but has yet to confirm the hackers’ assertions. The company has not released an official statement regarding the incident.

A nursery employee informed the BBC that she had been made aware of the data breach.

The Metropolitan Police indicated that they were alerted on Thursday “following reports of ransomware attacks on a London-based organization,” adding that “enquiries are ongoing and remain in the initial phase within Met’s cybercrime division. No arrests have been made to date.”

A spokesperson for the Intelligence Committee office stated that “Kido International has reported the incident to us and we are currently assessing the provided information.”

Many organizations have experienced cyberattacks recently. The Cooperative reported a £80 million decline in profits due to a hacking incident in April.

Skip past newsletter promotions

Jaguar Land Rover (JLR) was unable to assemble vehicles at the start of the month following a cyberattack that compromised their computer systems.

As a result, the company had to shut down most systems used for tracking factory components, vehicles, and tools, impacting their luxury Range Rover, Discovery, and Defender SUV sales.

The company has since reopened a limited number of computer systems.

Quick Guide

Please contact Guardian Business about this story

The best public interest journalism depends on firsthand accounts from informed individuals.

If you have any insights on this topic, confidentially reach out to the business team through the following means:

Secure Messages in Guardian App

The Guardian app features a tool for sending tips about stories. All messages are encrypted and embedded within routine uses of the Guardian app, ensuring no one can detect your communication with us.

If you haven’t installed the Guardian app yet, download it (iOS/Android), navigate to the menu, scroll down, and click Secure Messaging. Choose Guardian Business when prompted about whom you wish to contact.

SecureDrop, Instant Messenger, Email, Phone, and Mail

If you can safely access the TOR network without being detected, you can send messages and documents to the Guardian through our SecureDrop platform.

Lastly, our guide at theguardian.com/tips provides various secure communication methods while discussing their respective advantages and disadvantages.


Illustration: Guardian Design / Rich Cousins

Thank you for your feedback.


Source: www.theguardian.com

U.S. Nuclear Weapons Agency Among 400 Organizations Targeted by Chinese Hackers, Reports Microsoft

Posted on by
Reply

Microsoft has revealed that investigations are underway indicating that Chinese “threat actors,” including state-sponsored hackers, are taking advantage of security flaws in SharePoint’s document sharing servers, impacting numerous government agencies and organizations.

Eye Security, a Dutch cybersecurity firm, reported that hackers have compromised around 400 institutions, businesses, and other entities, stating, “We anticipate an increase as the investigation continues.”

The majority of the affected parties are located in the United States. Bloomberg noted that one of the victims was a US agency responsible for overseeing the National Nuclear Security Agency, which manages nuclear weapons. This agency was among those affected.

According to Microsoft, three groups have been identified utilizing Chinese state-backed techniques, with a focus on exploiting newly disclosed vulnerabilities in internet-facing servers hosting the platform.

This announcement coincides with reports from the financial sector that Amazon has halted artificial intelligence labs in Shanghai. Additionally, consultancy firm McKinsey reported that Chinese companies are withdrawing from AI-related projects as geopolitical tensions between Washington and Beijing escalate.

Recently, Microsoft and IBM have scaled back their research and development initiatives in China, with US officials intensifying scrutiny on American companies involved in AI within the country.

In a blog post, Microsoft stated that the vulnerability is associated with an on-premises SharePoint server commonly utilized by businesses, not a cloud-based service.

Numerous large organizations employ SharePoint as a platform for document storage and collaboration, integrating seamlessly with other Microsoft products like Office and Outlook.

Microsoft indicated that the attacks commenced as early as July 7th, with hackers attempting to leverage the vulnerability for “early access to the target organization.”

This vulnerability permits an attacker to spoof authentication credentials and remotely execute malicious code on the server. Microsoft observed an attack that sent requests to a SharePoint server, potentially “enabling the theft of key material.”

In response, Microsoft has released a security update and recommended that all users of on-premises SharePoint systems apply it. They cautioned that hacking groups are continuing to target these systems, which they rated as having “high confidence” in terms of vulnerability.

Skip past newsletter promotions

Eye Security reported in a press release that “anomalous activity” was detected on a client’s on-premises SharePoint Server on the evening of July 18th. They subsequently scanned over 8,000 publicly accessible SharePoint servers across the globe, discovering numerous compromised systems and confirming that attackers were executing a coordinated mass exploitation campaign.

Microsoft stated that the linen typhoon has been focused on “intellectual property theft” since 2012, with primary targets including government, defense, strategic planning, and human rights-related organizations.

Since 2015, the Violet Typhoon has predominantly targeted former government and military personnel, NGOs, think tanks, academia, digital and print media, and sectors related to finance and health in the US, Europe, and East Asia.

Microsoft mentioned a third group, Storm-2603, which is situated in China, though no direct connection has been established between this group and other Chinese threat actors. They warned that “additional actors” could exploit the vulnerability to target on-premises SharePoint systems unless security updates are installed.

Source: www.theguardian.com

Google: Britain’s Dispersed Spider Hackers Are “Encouraging” Cyberattacks

Posted on by
Reply

As reported by Google, members of the UK-based spider-hacking community are actively “promoting” cyberattacks amid the increasing disruption faced by UK retailers in the US market.

A hacker collective known as the “scattered spiders” has been connected to attacks on British retailers such as Marks & Spencer, Co-op, and Harrods. Google Cybersecurity experts have now warned that unidentified retailers in the Atlantic region are also under threat.

Charles Carmakal, the chief technology officer for Google’s Mandiant Cybersecurity division, noted that the threat has shifted to the US, following a pattern commonly observed with scattered spider attackers.


“They focus on a specific industrial sector and geographic location for a short period, before moving on to a new target,” he explained. “Currently, their attention is on retail organizations. They began in the UK and have now extended their focus to firms in the US.”

When asked about the involvement of British members in the M&S hacking, he stated, “While I can’t name specific victims, it’s clear that UK-based scattered spider members are promoting and facilitating these incursions.”

On Friday, it was disclosed that M&S alerted employees that some personal data may have been compromised during a cyber attack last month. Sources informed the Daily Telegraph that staff members were notified that their email addresses and full names were potentially exposed in the breach.

Earlier this week, M&S reported that hackers had accessed personal information of thousands of customers.

In light of these attacks on UK retailers, cybersecurity agencies have urged businesses to remain vigilant and aware of specific tactics employed by scattered spiders.

In an advisory notice, the National Cyber Security Center recommended businesses to leverage IT support to assist staff in resetting their passwords. One tactic associated with scattered spiders—named for a set of hacking tactics rather than a unified group—involves calling help desks to gain access to corporate systems while impersonating an employee or contractor.

“We have observed instances where they call the help desk, masquerade as employees, and convince the staff to reset their passwords,” Carmakal explained.

Carmakal also noted that these calls to help desks are sometimes made by younger members of the scattered spider network.

“It’s not always the threat actor themselves making the call… some tasks are outsourced to other community members, often younger individuals looking to earn some quick money through various schemes and inconsistencies,” he shared.

Skip past newsletter promotions

Scattered spiders primarily consist of native English speakers from the UK, US, and Canada, which sets them apart from other ransomware groups. Karmakal mentioned that he has received reports of “numerous calls” made by scattered spider hackers to corporate employees.

Ransomware gangs typically infiltrate target computer systems with malware that effectively locks users out of their internal files. These groups usually originate from Russia or former Soviet states.

Carmakal’s remarks coincided with French luxury brand Dior disclosing that “fraudulent external parties” had accessed some customer data. The Paris-based brand has yet to clarify the nature or extent of the attacker’s incursions.

This week, Google’s cybersecurity team affirmed that scattered spiders have shifted their focus to US retailers.

“We are dedicated to offering a variety of services to our customers,” stated John Hultquist, chief analyst at Google Threat Intelligence Group. “The group that originally targeted retail in the UK, after a significant hiatus, has a track record of concentrating on one sector at a time, and we anticipate they will continue to prioritize this sector in the near future. US retailers should exercise caution.”

Source: www.theguardian.com

British Retailer Warns of “Aggressive” Hackers Targeting US Stores and Google

Posted on by
Reply

Google, a subsidiary of Alphabet, issued a warning on Wednesday, indicating that hackers responsible for disrupting UK retailers are now focused on similar companies in the U.S.

“U.S. retailers need to remain vigilant. These actors are offensive and innovative, particularly skilled at bypassing established security measures,” stated John Hartquist, an analyst in Google’s cybersecurity team, in an email sent Wednesday.

The culprits have identified themselves as part of a group known as “scattered spiders,” which refers to a loosely connected network of highly skilled hackers operating at various levels.

The scattered spiders have been linked to a notably severe cyberattack on M&S, a prominent name in UK retail, which has been unable to conduct online business since April 25th. Hultquist mentioned that this group tends to fixate on one sector at a time and is expected to target retailers for an extended period.

Skip past newsletter promotions

Just a day prior to Google’s alert, M&S revealed that some customer data had been compromised, excluding payment information, card details, or account passwords. Sources indicate that the data may include names, addresses, and order history. M&S acknowledged that personal information was accessed due to the “sophisticated nature of the incident.”

“Today, we are informing customers that some of their personal data have been acquired due to the sophisticated nature of the incident,” the company stated.

Hackers from the scattered spider network have been linked to numerous damaging breaches on both sides of the Atlantic. In 2023, group-associated hackers made headlines for infiltrating casino operators MGM Resort International and Caesars Entertainment.

Law enforcement agencies are struggling to manage the scattered spider hacking groups. This challenge is partly attributed to their fluid structure, uncooperative younger hackers, and the complexities faced by cybercrime victims.

Source: www.theguardian.com

Pro-Russian Hackers Claim Responsibility for Attacks on Multiple UK Websites

Posted on by
Reply

A hacking group supportive of Russia has announced that they targeted various UK websites during a three-day campaign, which included local councils and the Police and Crime Commissioners’ Association.

Through a series of posts on social media, the group, known as NonMaMe057 (16), claimed many sites were temporarily inaccessible, although reports indicate that the attack was not entirely successful.

The hackers attempted to overwhelm several websites with traffic in a type of attack known as a distributed denial of service (DDoS). They stated on platform X: “Ukraine disputes, and we are cutting that resource.”

Despite the group’s claims of success, Blackburn with Darwen and Exeter councils reported that their websites remained unaffected.

Many other targeted organizations, such as the Police and Crime Commissioners’ Association, Harwich International Port, and Cardiff City Council, were unable to comment on the situation.

Officials mentioned that if a website experienced temporary unavailability due to sudden traffic surges, it would typically be operational again within hours.

A spokesperson for Arun District Council commented, “On Tuesday morning, from around 7:15 am, our website was fully operational by 11:30 am. We are aware of the claims made on X and are continuing to investigate.”

National Highways also encountered a DDoS attack but stated that their website would soon return to normal functionality.

This incident mirrors an attempt to disrupt multiple council websites last October. While resident data was not compromised, the websites were briefly disabled due to overwhelming traffic.

The National Cyber Security Center (NCSC) noted at that time that they “provided guidance” to the affected local authorities. “Although DDoS attacks tend to be less sophisticated and impactful, they can cause significant disruption by blocking legitimate users from accessing online services,” they added.

Since its inception in 2022, NONAME057 (16) has employed such tactics to disrupt the functioning of various Ukrainian, European, and American governmental entities and media outlets. In January 2023, they targeted the website of a Czech presidential candidate, marking their first political attack.

A survey by cybersecurity firm Bridewell last summer revealed that 63% of government sector companies experienced ransomware attacks over the past year. The National Audit Office cautioned in January that “cyber threats to the UK government will pose serious risks and evolve rapidly.”

Recently, the NCSC was compelled to issue new guidance on retailer cyber attack vulnerabilities, which appeared to originate from criminals targeting help desks. This included attacks on well-known retailers such as Marks & Spencer, the Co-op, and Harrods.

Criminals focused on these help desks to alter passwords and reset authentication processes in order to gain access to systems.

Regarding the attacks on retailers, the NCSC stated, “We are not in a position to determine whether this is connected, whether it represents a coordinated campaign by a single actor, or if there is no connection at all.”

Source: www.theguardian.com

Ministers around the world becoming targets of Russian hackers on WhatsApp | Breached

Posted on by
Reply

Government-linked hackers from Russia targeted WhatsApp accounts of government officials worldwide by sending emails inviting them to join user groups on the messaging app.

This tactic by a hacking group called Star Blizzard is a new approach. The UK’s National Cyber Security Center (NCSC) has connected Star Blizzard to Russia’s FSB domestic spy agency, accusing them of trying to undermine trust in politics in the UK and similar countries.

According to Microsoft, victims would receive an email from an attacker posing as a US government official, instructing them to click on a QR code. This action would allow the attacker to access their WhatsApp account, connecting it to a linked device or WhatsApp web portal instead of a group.

Microsoft stated, “Threat actors gain access to messages within WhatsApp accounts and the ability to exfiltrate this data.”

The fake email invited recipients to join a WhatsApp group about supporting NGOs in Ukraine. Ministers and officials from various countries, especially those involved in Russia-related affairs, defense policy, and Ukraine support, were targeted.

In 2023, NCSC revealed that Star Blizzard had targeted British MPs, universities, and journalists to interfere with British politics. The group is likely affiliated with Russia’s FSB Center 18 unit.

Microsoft warned that despite the WhatsApp campaign ending in November, Star Blizzard continues to use spear phishing tactics to steal sensitive information.


Microsoft advised targeted sectors to be cautious with emails, especially those with external links. They recommend verifying email authenticity by contacting the sender through a known email address.

WhatsApp, owned by Meta, offers end-to-end encryption, ensuring message privacy between sender and recipient unless account access is compromised.

A WhatsApp spokesperson emphasized using official WhatsApp-supported services for account linking and caution when clicking links from trusted sources only.

Source: www.theguardian.com

UK government deliberates on retaliatory measures against Russian hackers responsible for theft of NHS records

Posted on by
Reply

According to The Guardian, the government is contemplating a response to Russian hackers who obtained records of 300 million NHS patient interactions, including sensitive data like HIV and cancer blood test results.

The National Crime Agency (NCA) is exploring potential actions against the Russia-based ransomware group Qilin, who recently leaked the stolen NHS records in a cyber attack on June 3.

Healthcare leaders in London, where the attack occurred, set up a helpline to address concerns from worried patients about their data and advised against contacting hospitals or GP practices directly for information.

The NCA and the National Cyber Security Centre are discussing possible responses to the ransom demand of $50 million, which has so far been ignored, prompting concerns about the severity of the attack.

Experts from the NCA are working to remove the data leaked by Kirin on the messaging platform, but the extent of the damage and the potential impact of retrieving or deleting the data remain uncertain.

Authorities have dealt with similar ransomware gangs previously, including taking down the LockBit group with international cooperation, showcasing their commitment to combatting cyber threats.

The recent attack on the NHS reveals a major breach in patient data security, affecting multiple hospitals and healthcare facilities, leading to cancellations and disruptions in medical services.

Patients are cautioned to be vigilant against potential scams targeting them based on the leaked data and are advised to report any suspicious activity to the appropriate authorities immediately.

The NHS Helpline is available for patients seeking information or assistance related to the incident, and efforts are being made to minimize the impact of the data breach on patient care.

The release of private healthcare test records along with NHS data indicates a broader breach that could have far-reaching implications, underscoring the need for enhanced cybersecurity measures in the healthcare sector.

Despite ongoing challenges, healthcare providers are striving to maintain essential services for patients while addressing the fallout from the cyber attack on the NHS.

Cybersecurity experts stress the importance of swift action in response to data breaches, indicating that negotiations with ransomware groups typically end once data is leaked.

While the situation remains precarious, authorities and healthcare institutions are working diligently to mitigate the impact of the attack and prevent further breaches in the future.

Source: www.theguardian.com

TikTok hackers focusing on Paris Hilton, CNN, and other prominent users in cyber attacks | TikTok

Posted on by
Reply

TikTok has taken action to address a cyberattack that targeted the accounts of various celebrities and brands, such as Paris Hilton and CNN.

The social video app has confirmed that CNN was one of the high-profile accounts affected after its security team discovered malicious actors targeting US news media.

A TikTok spokesperson stated, “We have collaborated with CNN to restore access to the account and have implemented stronger security measures to safeguard the account from future attacks.”

While Hilton was also targeted, TikTok clarified that her account remained uncompromised.

The platform disclosed that the attack exploited the app’s direct messaging feature but did not provide additional specifics. The company is currently investigating the incident and assisting affected account owners in regaining access.

Owned by ByteDance, a Chinese technology company, TikTok faces potential bans in the US due to national security concerns. President Joe Biden enacted a bill in April that will prohibit the app nationwide if ByteDance fails to sell it to non-Chinese entities by mid-January.

With approximately 170 million users in the US, TikTok previously announced its intention to legally challenge the ban, citing it as unconstitutional and a violation of freedom of speech.

Recent reports revealed that former President Donald Trump, who had previously banned TikTok over ties to Beijing in 2020, joined the platform. Trump has since reversed his stance, no longer supporting a ban on TikTok despite concerns about national security risks.

The cyberattack on TikTok is the latest in a string of hacking incidents targeting social media platforms. One of the most notable incidents occurred in July 2020 when Twitter accounts, including those of Biden, Obama, Musk, Gates, Bezos, and Apple, were compromised.

Skip Newsletter Promotions

The NHS confirmed on Tuesday that it fell victim to a cyberattack, declaring it a “major incident.”

Seven hospitals managed by two NHS trusts, including Guy’s, St Thomas’, and King’s College London, experienced significant disruptions in services due to a ransomware attack on a private company responsible for analyzing blood tests.

Source: www.theguardian.com

Microsoft receives reprimand from US government for security vulnerabilities allowing Chinese hackers access

Posted on by
Reply

A review board appointed by the Biden administration criticized Microsoft for its poor security and lack of transparency, stating that a series of mistakes by the tech giant allowed Chinese cyber operators to infiltrate the U.S. Department of Commerce and other entities, including accessing the email account of a senior official, Gina Raimondo.

The Cybersecurity Review Board, created in 2021, highlighted Microsoft’s sloppy cybersecurity practices, lax corporate culture, and dishonesty about targeted breaches affecting U.S. government agencies due to its business dealings with China.


The report concluded that Microsoft’s security culture is insufficient and needs a major overhaul due to the critical role its products play in national security, economic infrastructure, and public safety.

The committee blamed the breach on a chain of avoidable mistakes and recommended that Microsoft focus on improving security before adding new features to its cloud computing environment.

Microsoft’s CEO and board of directors were urged to publicly share a plan for fundamental security changes, emphasizing the need for a rapid cultural shift within the company.

Microsoft responded by saying it will enhance its systems against cyber attacks and implement stronger measures to detect and defeat malicious forces.

The report revealed that state-sponsored Chinese hackers breached the Microsoft Exchange Online emails of various organizations and individuals, showing the severity and reach of the security breach.

The board also raised concerns about another hack by state-sponsored Russian hackers targeting senior Microsoft executives and customers due to the company’s deprioritization of security investments and risk management.

Microsoft acknowledged the need for a new culture of security within its network and committed to improving infrastructure and processes to prevent future breaches.

Source: www.theguardian.com

US and UK impose sanctions on Chinese state-sponsored hackers for alleged ‘malicious’ cyber attacks

Posted on by
Reply

Accusations have been made against hackers supported by Chinese government spy agencies by the United States and Britain for executing a prolonged cyberattack campaign aimed at politicians, journalists, and businesses.

The US disclosed that the operation was directed at political dissidents and critics of China through sophisticated phishing campaigns, leading to the compromise of certain email systems and networks.

Sanctions were imposed by the US government on the suspected hackers behind the scheme on Monday. The UK has sanctioned two individuals and a front company associated with APT31, a cyber espionage group connected to China’s Ministry of State Security.

On Tuesday, New Zealand’s government conveyed concerns to the Chinese government regarding its involvement in attacks targeting the country’s parliamentary institutions in 2021.

The US Treasury Department’s Office of Foreign Assets Control announced sanctions against Wuhan Xiaoruizhi Technology Co., described as a front for China’s Ministry of National Security, for being involved in multiple malicious cyber operations.

In a press release and an unsealed indictment, the US government accused China of running an extensive state-sponsored hacking program dating back over a decade. US Attorney General Merrick Garland mentioned that the hacking operation revealed the Chinese government’s intention to target and intimidate its critics.

The Treasury Department identified two Chinese nationals affiliated with a Wuhan company, Zhao Guangzong and Ni Gaobin, for engaging in cyber operations targeting critical US infrastructure sectors. These threats were attributed to the cyber hacking group APT 31, known as “Advanced Persistent Threat” and comprising state-sponsored contract hackers and operatives.

The department stated, “APT 31 targets a wide range of US government officials and their advisors crucial to US national security.”

Zhao, Ni, and five other hackers have been charged by the US Department of Justice with computer intrusion and conspiracy to commit wire fraud for their involvement in a 14-year cyber operation targeting US and foreign critics, businesses, and political officials.

Assistant Secretary Matthew G. Olsen highlighted the necessity to remain vigilant against cybersecurity threats and cyber-enabled foreign influence activities, especially as the 2024 election cycle approaches.

The hacking campaign entailed sending over 10,000 malicious emails containing hidden tracking links allowing APT 31 access to information about the target, including location and IP address. Emails were focused on government officials worldwide critical of China’s policy.

UK authorities also impose sanctions

British officials indicated that those sanctioned by the state had raised concerns about threats from China and a hack that potentially accessed data on tens of millions of British voters held by the Electoral Commission. They mentioned being responsible for a cyber espionage operation targeting members of Congress.

The Ministry of Foreign Affairs clarified that the hacking of the electoral register did not impact the electoral process, rights of individuals, or electoral registration access.

British cybersecurity officials accused hackers linked to the Chinese government of conducting reconnaissance on British MPs critical of the Chinese government in 2021, with no successful infections reported among the MPs.

Additionally, three MPs, including former Conservative Party leader Iain Duncan Smith, disclosed being subjected to harassment, impersonation, and attempted hacking from China. They are part of the Inter-Parliamentary Union on China, focused on countering Beijing’s influence.

Source: www.theguardian.com

British Security Service alerts about Chinese hackers targeting UK Electoral Commission and politicians

Posted on by
Reply

Security officials have determined that Chinese state-backed hackers orchestrated two “malicious” digital campaigns targeting democratic institutions and politicians in the UK.

The UK holds China accountable for a cyberattack on its electoral commission, where the Chinese government allegedly accessed personal information of approximately 40 million voters.

The National Cyber Security Center, part of GCHQ, revealed that four British MPs critical of the Chinese government were targeted in a separate attack but were able to identify and prevent any compromise before it occurred.

The UK has imposed sanctions on two individuals and a front company associated with the Chinese state-backed cyber group APT31, believed to be behind the hack. “Beijing’s attempts to interfere in Britain’s democracy and politics have not succeeded,” noted Oliver Dowden.

Dowden emphasized that protecting democratic institutions is a top priority for the UK government and vowed to continue calling out and holding the Chinese government accountable for such activities.

The Foreign Office will summon the Chinese ambassador to answer for these actions, with Dowden stating that strong action will be taken if UK interests are threatened.

Since the cyberattacks in 2021 and 2022, the UK has bolstered its cyber defenses, established a Democracy Defense Task Force, and enacted the National Security Act of 2023 to empower security agencies to thwart hostile activities.

Members of Congress targeted by the cyberattacks are expected to be named by the government as victims of a Chinese state-sponsored cyber attack.

Former Conservative Party leader Iain Duncan Smith called for a new approach to the UK’s relationship with China, recognizing the modern Chinese Communist Party for what it is.

China denied the accusations, stating that the cyberattack claims are fabricated and defamatory, and that they do not condone cyberattacks.

Prime Minister David Cameron addressed the cyberattacks directly with Chinese Foreign Minister Wang Yi, condemning the targeting of UK democratic institutions.

The UK remains vigilant in protecting its values and democracy from threats, and emphasizes the importance of awareness of such threats for all countries.

Source: www.theguardian.com

Insights from China’s Huge Cyber Breach: The Market for Hackers

Posted on by
Reply

A significant data breach from a Chinese cybersecurity company has offered a rare glimpse into the inner workings of Beijing-linked hackers.

Analysts suggest that the breach contains valuable information about the day-to-day operations of China’s hacking program, which the FBI claims is the largest globally. I-Soon has not yet verified the authenticity of the leak and has not responded to requests for comment. As of Friday, the leaked data has been taken down from GitHub, where it was originally posted.

From staff complaints about salaries and office rumors to claims of infiltrating foreign governments, here are some key insights gathered from the leak.

Who was targeted in the hack?

Icesun employees were actively seeking high-profile targets on a daily basis.

The leak exposed that government entities in neighboring countries of China, such as Kyrgyzstan, Thailand, Cambodia, Mongolia, and Vietnam, had their websites and email servers breached. The targets ranged from British government departments to Thai ministries. I-Soon staff also claimed to have gained access to communication service providers in various countries. They specifically mentioned targeting the Indian government, viewed as Beijing’s geopolitical rival, and accessing educational institutions in Hong Kong and Taiwan. However, they acknowledged difficulty in accessing data seized from government agencies in Myanmar and South Korea.

Additional targets included domestic entities from Xinjiang to Tibet, covering topics from illegal activities to gambling establishments.

Who were the clients of Yi Seung?

Based on the leaks, most of Icesun’s customers were local police departments and state security agencies responsible for safeguarding the Communist Party against perceived threats to its authority. The company offered assistance in securing devices and communications with many contracts listed as non-confidential.

There were indications of official corruption, with discussions of kickbacks in sales to law enforcement agencies. Complaints about business challenges in regions like Xinjiang were also highlighted.

The leak mentioned the company’s focus on creating Trojans, compiling personal information databases, and developing technology for various hacking purposes.

Who are the hackers?

The leak sheds light on the daily operations at mid-sized Chinese cybersecurity firms, revealing internal issues like office politics, technical shortcomings, low pay, and customer retention challenges.

Employee conversations included complaints about management decisions, such as extravagant purchases and salary disputes.

The leak illustrates a less flattering side of the operations at these companies, showcasing a mix of competence and ethical concerns.

Source: www.theguardian.com

Chinese Hackers for Hire Exposed in Major Cybersecurity Breach | The Dark Reality of Cybercrime

Posted on by
Reply

The recent data breach from a Chinese cybersecurity company has exposed national security agencies paying substantial amounts of money to collect information about a variety of targets, including foreign governments, while hackers gather vast amounts of data on individuals and organizations that might be of interest to potential customers for their companies.

A set of over 500 leaked files from the Chinese company, I-Soon, has been posted on the developer’s website Github, with cybersecurity experts confirming their authenticity. The targets discussed in the leaked files include NATO and the UK Foreign Office.

The leak provides an unprecedented glimpse into the world of Chinese-employed hackers, with Britain’s security chief describing it as a “significant” challenge for the country. The leaked files consist of chat logs, company prospectuses, and data samples, revealing the scope of China’s intelligence-gathering operations and highlighting the market pressures faced by Chinese commercial hackers in a sluggish economy.

Yisun is believed to have collaborated with another Chinese hacking organization, Chengdu 404, which has been indicted by the U.S. Department of Justice for cyberattacks not only in the United States but also on companies in China and Hong Kong democracy activists.

Other targets discussed in the I-Soon leak include the British think tank Chatham House, public health agencies of Asean countries, and foreign ministries. The leak also indicates that certain data has been collected according to specifications, while in other cases special agreements have been made with the Chinese Public Security Bureau to collect specific types of data.

Chatham House has expressed concern over the leaked data, emphasizing the importance of safeguarding their data and information. Similarly, NATO has acknowledged the persistent cyber threats and stated that it is investing in large-scale cyber defense. However, the British Foreign Office declined to comment.

I-Soon’s services range from gaining access to email inboxes to hacking accounts, obtaining personal information from social media platforms, retrieving data from internal databases, and compromising various operating systems. The leaked files also suggest that the Chinese state is collecting as much data as possible.

Isun’s office building in Chengdu, Sichuan Province, southwest China. Photo: Kang Dak/AP

The leaked documents further reveal that I-Soon has sought “anti-terrorism” support and has claimed to have obtained data from various organizations. The company was also involved in discussions about sales practices and the company’s internal situation.

The leaked data also includes screenshots and chat logs where employees discuss the company’s operations and the impact of the COVID-19 pandemic on their business. The company’s CEO expressed concerns about the loss of core staff, the subsequent impact on customer confidence, and the loss of business.

Source: www.theguardian.com

“Hackers from UK and US team up to take down Rockbit criminal organization” – Cybercrime

Posted on by
Reply

Britain’s National Crime Agency (NCA) seized control of international ransomware group LockBit’s “command and control” infrastructure on Tuesday in a major law enforcement operation. The NCA plans to reuse its technology to expose the group’s activities to the world.

The joint operation by the NCA, FBI, Europol, and an international coalition of law enforcement agencies was revealed in a post on Rockbit’s own website. The post stated, “This site is currently under the control of the UK National Crime Agency, working closely with the FBI and international law enforcement agency Operation Kronos.”

Two people associated with LockBit were arrested in Poland and Ukraine, and two defendants believed to be related to the company were arrested and charged in the United States. Two more names have been released, but the Russian nationals are still at large. Authorities also froze more than 200 cryptocurrency accounts associated with the criminal organization.

According to the NCA, the disruption to LockBit operations is much more extensive than initially revealed. The agency not only seized control of the public website but also controlled Rockbit’s primary administrative environment, the management, and deployment of the hacking techniques it used to extort companies and individuals around the world. They also took control of the enabling infrastructure.

“Through close collaboration, we hacked the hackers. We took control of the infrastructure, seized the source code, and obtained keys to help victims decrypt their systems,” said NCA Director General Graham Biggar.

“As of today, LockBit is locked out. We have undermined the ability of a group that relied on secrecy and anonymity, and most importantly its credibility.”

The organization pioneered the ‘ransomware-as-a-service’ model, outsourcing the actual target selection and attack to a network of semi-independent ‘affiliates’, providing the tools and infrastructure, and paying ransom fees in return.

While ransomware typically works by encrypting data on an infected machine and demanding payment for the decryption key, LockBit copies the stolen data and releases it publicly if the fee is not paid. They threatened to do so and promised to delete the copies once the ransom was received.

However, the NCA said that promise was false. Some of the data found on LockBit’s systems belonged to victims who paid the ransom.

Home Secretary James Cleverley said: “The NCA’s world-class expertise has delivered a huge blow to those behind the world’s most prolific ransomware.”

Skip past newsletter promotions

“The criminals operating LockBit are sophisticated and highly organized, but they have not escaped the clutches of UK law enforcement and our international partners.”

The “Hackback” campaign has also recovered over 1,000 decryption keys intended for victims of LockBit’s attacks, and plans to contact victims to assist them in recovering their encrypted data.

In a blog post last month, Ciaran Martin, former director of the National Cyber Security Center, said: Announcement of involvement of Russian hackers Cybercrime undermines many common law enforcement tactics. “Impose costs where you can. There are things you can do to harass and harass cybercriminals,” he warned. “But as long as Russian safe havens exist, this will not be a strategic solution.”

Source: www.theguardian.com

Iran-affiliated hackers disrupt UAE TV streaming service by creating fake news using deepfake technology

Posted on by
Reply

According to Microsoft analysts, Iranian state-backed hackers disrupted a television streaming service in the United Arab Emirates and broadcast a deepfake newsreader distributing reports on the Gaza war.

Microsoft announced that a hacking operation by the Islamic Revolutionary Guards Corps disrupted streaming platforms in the UAE with an AI-generated news broadcast dubbed “For Humanity.”

The fake news anchors introduced unverified images showing wounded and killed Palestinians in Israeli military operations in Gaza. The hacker group known as Cotton Sandstorm hacked three online streaming services and published a video on the messaging platform Telegram showing them disrupting a news channel with fake newscasters, according to Microsoft analysts.

Dubai residents using HK1RBOXX set-top boxes received a message in December that read, “To get this message to you, we have no choice but to hack you,” the UAE-based news service said. The AI-generated anchor then introduced a message that read: “Graphic” images and captions showing the number of casualties in Gaza so far.

Microsoft also noted reports of disruptions in Canada and the United Kingdom, where channels including the BBC were affected, although the BBC was not directly hacked.

In a blog post, Microsoft said, “This is the first Iranian influence operation where AI plays a key element in messaging, and is an example of the rapid and significant expansion of the Iranian operation’s scope since its inception.”

“The confusion was also felt by viewers in the UAE, UK, and Canada.”

Breakthroughs in generative AI technology have led to an increase in deepfake content online, which has raised concerns about its potential to disrupt elections, including the US presidential election.

Experts are concerned that AI-generated materials could be deployed on a large scale to disrupt elections this year, including the US presidential election. Iran targeted the 2020 US election with a cyber campaign that included sending threatening emails to voters posing as members of the far-right Proud Boys group and launching a website inciting violence against FBI Director Christopher Wray and others. Spreading disinformation about voting infrastructure.

Microsoft said that since the Oct. 7 Hamas attack, Iranian state-backed forces have engaged in a series of cyberattacks and attempts to manipulate public opinion online, including attacks on targets in Israel, Albania, Bahrain (a signatory to the Abraham Accords formalizing relations with Israel), and the US.

Source: www.theguardian.com

Cybercrime: Credit Agency Warns of Growing Threat to UK Drinking Water from Hackers

Posted on by
Reply

Credit rating agency Moody's has warned that water companies face a “high” risk from cyber-attacks targeting drinking water as they await approval from industry regulators to increase spending on digital security.

Hackers are increasingly targeting infrastructure companies such as water and wastewater treatment companies, and the use of artificial intelligence (AI) could accelerate this trend, Moody's said in a note to investors.

Southern Water, which serves 4.6 million customers in the south of England, claimed last month that the Black Basta ransomware group had accessed its systems and posted a “limited amount” of data to the dark web. announced. The same group hacked outsourcing company Capita last year.

Separately, South Staffordshire Water I apologized In 2022, after hackers steal customers' personal data.

Moody's warned that the increasing use of data logging equipment and digital smart meters to monitor water consumption is making businesses more vulnerable to attacks. Systems used at water treatment facilities are typically separated from a company’s other IT departments, including customer databases, but some systems are more closely integrated to improve efficiency, he said.

After a hack, companies typically have to hire specialized cybersecurity firms to repair systems and communicate with customers, and they can also face penalties from regulators. The UK's Information Commissioner's Office can fine companies up to 4% of group turnover or €20m (£17m), whichever is higher.

Moody's said the cost of system remediation, including re-securing and strengthening existing cyber defenses and paying potential fines, would typically result in only a “modest increase” in debt levels if the incident is short-lived.

But Moody's warned that “the greater risk to our industry and society is if malicious actors were able to gain access to operational technology systems and harm drinking water or wastewater treatment facilities.”

The agency said water suppliers, governments and regulators need to strengthen their cyber defenses “as attacks against critical infrastructure become more sophisticated and state-aligned actors are now increasingly becoming cyber attackers.” He said he was aware of his gender.

More about the digital security of Britain's infrastructure assets, including the £50bn project to build vast underground nuclear waste repositories and the Sellafield nuclear facility in Cumbria, where the Guardian revealed a series of cybersecurity issues. There is widespread concern.

Moody's report comes as water companies in England and Wales hope to receive allowances from Ofwat to increase spending on cyber defense. The regulator is assessing plans to raise the bill from 2025 to 2030 to cover investments.

Ofwat's decision, to be announced later this year, comes at a critical juncture for an industry that has come under fire for sewage dumping, inadequate leak records and high executive pay.

Skip past newsletter promotions

In October last year, companies announced that they would be required to fund a record £96bn investment in fixing raw sewage leaks, reducing leaks and building reservoirs. submitted a five-year business plan detailing price increases.

Moody's analysis shows that businesses want to increase their total spending on security from less than £100m to nearly £700m over the next five years. Increased scrutiny of the industry and the hack into Southern Water could strengthen its case, the credit agency said.

The department said costs to South Staffordshire Water related to the hack could reach £10 million, including potential civil action.

Moody's warning about the potential impact on water companies’ debt comes amid growing concerns over leverage in the water sector, where up to 28% of bill payments are used for debt servicing in regions of England. .

Industry body Water UK announced last week that average annual bills have risen by 6% since April, outpacing the current rate of inflation.

Source: www.theguardian.com

Hackers in 2023 stole $2 billion worth of cryptocurrencies, reveals data

Posted on by
Reply

Over the course of another year, hackers stole billions of dollars in cryptocurrencies. However, the cryptocurrency security firm says it is on the decline for the first time since 2020.

According to Web3 security firm De.FI, hackers have stolen about $2 billion worth of cryptocurrencies in dozens of cyberattacks and thefts this year. Rekt leaderboard. The site ranks the worst crypto hacks of all time, from the 2022 Ronin network breach, in which hackers stole more than $600 million in crypto, to this year’s big-money hack of Mixin Network. It is attached. The hacker made about $200 million.

“This amount, while spread across a variety of incidents, highlights the persistent vulnerabilities and challenges within the DeFi ecosystem,” De.Fi said in the report, which the company reported on TechCrunch shared. “2023 was a year that demonstrated both the ongoing vulnerabilities and the progress made in addressing them, even though the first half of the year saw a relative lack of interest in the sector due to the bear market. .”

In early December, blockchain intelligence company TRM Labs also announced Announcing estimated value of stolen virtual currency By hackers this year. According to the company, the total amount as of mid-December was approximately $1.7 billion.

Other worst cryptocurrency thefts this year include the hack into Euler Finance, where hackers stole nearly $200 million. Also included were major hacks of Multichain ($126 million), BonqDAO ($120 million), Poloniex ($114 million), Atomic Wallet ($100 million), and more.

Last year, a blockchain monitoring company Chainalysis reported that cybercriminals stole an all-time record of approximately $3.8 billion In code. $1.7 billion of that was stolen by North Korean government hackers known as the Lazarus Group, one of the most prolific crypto theft groups, as part of efforts to fund the regime’s sanctioned nuclear weapons program. .

“It is no exaggeration to say that crypto hacking represents a significant portion of this country’s economy,” Chainalysis said in a report last year.

The previous year, in 2021, hackers stole $3.3 billion. According to Chainalysis,

It is impossible to predict what will happen in 2024. However, given the insufficient security implemented by many cryptocurrencies and Web3 projects and the enormous monetary value they hold, Discussed at TechCrunch Disrupt earlier this yearit is expected that hackers will continue to target growing industries.

Source: techcrunch.com

Adobe drops support for Figma, Apple Watch sales paused, millions of accounts breached by hackers

Posted on by
Reply

Welcome everyone to Week in Review (WiR). This is TechCrunch’s regular newsletter that recaps the top tech and tech-related stories from the past few days. With the holidays approaching, reporters expected a quiet week. But the opposite happened. I have no shortage of stories to write.

In this WiR, we learn that Comcast and Mr. Cooper’s customer data was stolen, electric scooter company Bird files for bankruptcy, Adobe ends its plan to acquire Figma, and Apple The report deals with the fact that the company is being forced to suspend sales by the International Trade Commission (ITC). apple watch. Also: Nikola founder Trevor Milton’s securities fraud conviction, Microsoft’s chatbot CoPilot now adding music-generating capabilities, and Consumer Reports’ impressions of Tesla’s Autopilot recall fix (spoiler: good news) We also highlight the

There are many things we need to overcome, so let’s do our best. But before that, if you haven’t already, here’s a reminder to subscribe here so you can receive his WiR in your inbox every Saturday.

well read

Hackers target Comcast: Comcast has confirmed that hackers who exploited a security vulnerability rated critical gained access to sensitive information of approximately 36 million Xfinity customers. The vulnerability, known as “CitrixBleed,” was discovered in Citrix networking devices commonly used by large enterprises and has been heavily exploited by malicious actors since August, Carly reports.

Mr. Cooper under fire: In related news, hackers stole sensitive personal information of more than 14.6 million of Cooper’s customers, Zack wrote. The mortgage and loan giant admitted that criminals stole customers’ names, addresses, dates of birth, and phone numbers, as well as social security numbers and bank account numbers.

Adobe gives up: Adobe finally makes a huge $20 billion bid to acquire rival Figma officially dead This comes after the companies announced this week that their acquisition plans had been scrapped due to regulatory resistance in Europe. The deal, first announced last September, has always attracted regulatory scrutiny due to its size and the fact that it removed one of Adobe’s major rivals from the shadows. Paul points out.

Apple stops selling Apple Watch: Apple has stopped selling its Series 9 and Ultra 2 smartwatches following an October ruling by the ITC over a patent dispute with California-based medical technology company Masimo. The controversy revolves around the blood sensor monitor in the latest flagship Apple Watch. Apple is appealing the ITC’s ruling.

Nikola’s founder declared: Trevor Milton, the disgraced founder and former CEO of electric truck startup Nikola, was sentenced Monday to four years in prison for securities fraud. Rebecca wrote that the ruling ended a years-long saga in which Nikola’s stock soared as much as 83% at one point, only to plummet months later amid fraud charges and contract cancellations.

The co-pilot learns the composition skill. Microsoft Copilot, Microsoft’s AI-powered chatbot, can now compose songs through integration with generative AI (GenAI) music app Suno. Users can enter prompts into Copilot, such as “Create a pop song about my adventures with my family,” and have her Suno bring their musical ideas to life through the plugin.

Tesla fixes ‘inadequate’: After the test, consumer report He said Tesla’s fixes for the Autopilot recall of more than 2 million vehicles were “insufficient.” Sean noted that while the test is not comprehensive, it shows that questions remain about Tesla’s approach to driver monitoring, the technology at the heart of the recall.

Bird files for bankruptcy: bird Submitted Under Chapter 11 Bankruptcy Code, capping off a turbulent year for the electric scooter company.in press releaseBird confirmed it had entered a “financial restructuring process aimed at strengthening its balance sheet” and said the company was continuing business as usual with the aim of “long-term, sustainable growth.”

audio

Want a listening ear as you prepare your holiday dishes? You’re in luck — TechCrunch’s podcasts are just the ticket.

this week’s capitalthe second in a two-part series looking back at 2023, in which our staff recapped the collapse of Silicon Valley Bank, the long and tedious trial of FTX founder Sam Bankman Fried, and the wild office politics of OpenAI .

meanwhile, found We focused on Charlie Hernandez and his journey building My Pocket Lawyer, an online platform aimed at giving people who can’t afford a lawyer democratic access to legal advice and guidance . Hernandez talked about why he decided to use his law degree to tackle this issue.

and Chain reaction Featuring Staci Warden, CEO of the Algorand Foundation, the organization behind the layer 1 blockchain Algorand. Algorand is a Singapore-based blockchain that aims to be fast, secure, decentralized, and “the greenest” with a carbon negative network.

TechCrunch+

TC+ subscribers have access to in-depth commentary, analysis, and surveys. You probably know these if you’re already a subscriber. If not, please consider signing up. Here are some highlights from this week.

Etsy headcount reductions: Etsy recently announced it would lay off 11% of its workforce, which comes as no surprise to those who follow the e-commerce space closely, Anna writes. She predicts that “junkification” and fierce competition will chart a difficult future.

DEI backlash: Dom writes about the dispiriting backlash against DEI (diversity, equity, and inclusion), a framework for creating more conscious workplace efforts to support marginalized communities in the tech sector. I am.

Figma’s rosy outlook: Anna writes that things don’t seem too bad for Figma even without Adobe. CB Insights estimates that the startup’s value is still between $8.3 billion and $9 billion.

Source: techcrunch.com

23andMe reports that hackers gained access to ‘significant’ data concerning users’ genealogy

Posted on by
Reply

Genetic testing company 23andMe announced Friday that hackers gained access to approximately 14,000 customer accounts in its recent data breach.

In a new filing with the U.S. Securities and Exchange Commission The company announced Friday that based on an investigation into the incident, it determined that the hackers had accessed 0.1% of its customer base. According to the company’s latest annual earnings report.23andMe has “more than 14 million customers worldwide,” so 0.1% is about 14,000 people.

However, the company also said that by accessing these accounts, the hackers were able to access “substantial data, including profile information about other users’ ancestry, that other users choose to share when opting in to 23andMe’s DNA kinship feature.” He said he also had access to several files.

The company did not say what those “significant” files were or how many “other users” were affected.

23andMe did not immediately respond to a request for comment that included questions about these numbers.

In early October, 23andMe disclosed an incident in which hackers used a common technique known as “credential stuffing” to steal the data of some users. In this method, a cybercriminal hacks into a victim’s account using a known password, possibly compromised by another password data breach. service.

However, the damage was not limited to the customers whose accounts were accessed. 23andMe allows users to opt in to the following features: dna relatives. If you opt in to that feature, 23andMe will share some of your information with other users. This means that by accessing her single victim’s account, the hacker was also able to see the personal data of people related to that first victim.

23andMe said in its filing that for its first 14,000 users, the stolen data “generally includes ancestry information, and for a subset of those accounts health information based on users’ genetics.” It contained relevant information.” For some other users, 23andMe said only that the hackers stole “profile information” and posted “certain information” online that was unspecified.

TechCrunch analyzed the set of stolen data released by comparing it to known public genealogy records, including websites published by hobbyists and genealogists. Although the data set was in a different format, it contained some of the same unique user and genetic information that matched genealogy records published online many years ago.

The owner of a genealogy website whose relatives’ information was partially exposed in the 23andMe data breach told TechCrunch that there are about 5,000 relatives discovered through 23andMe, and our “correlation shows that That may be something to consider.”

data breach news surfaced online In October, hackers promoted suspected data on 1 million Ashkenazi Jewish users and 100,000 Chinese users on a popular hacking forum. About two weeks later, the same hacker who first advertised his stolen user data, he also advertised what was claimed to be a record of 4 million people. The hacker was trying to sell each victim’s data for anything from $1 to $10.

TechCrunch discovered that another hacker was promoting more allegedly stolen user data on a separate hacking forum two months before the ad first reported by news outlets in October. In the first ad, the hacker claimed he had stolen 300 terabytes of data from 23andMe users, and if he wanted to sell the entire database he would get $50 million, or for a subset of the data he would get $1,000. He asked for $10,000.

Following the data breach, 23andMe on October 10 forced users to reset and change their passwords and encouraged them to enable multi-factor authentication. And on Nov. 6, the company required all users to use two-step verification, according to a new filing.

After the 23andMe breach, other DNA testing companies Ancestry and MyHeritage began requiring two-factor authentication.

Source: techcrunch.com