Earlier this week, Ukraine’s Computer Emergency Response Team and Slovakian cybersecurity firm ESET have warned that notorious Russian hackers GRU Sandworm have targeted high-voltage electrical substations in Ukraine using a variant of their blackout-inducing Industroyer malware, also known as Crash Override . Days later, the US Department of Energy, the Cybersecurity and Infrastructure Security Agency, the NSA and the FBI jointly released advisories about a new set of tools for hacking industrial control systems of unspecified origin, called Pipedream, which does not appear to have been deployed against targets , but industrial system operators must proactively block.
Russia’s war against Ukraine has resulted in massive data leaks, in which spies, hacking activists, criminals, and ordinary people who want to support Ukraine have grabbed and publicly released vast amounts of information about the Russian military, government, and other Russian institutions. Conflict aside, WIRED looked at the true impact of source code leaks in the big picture of cybercriminal breaches.
Also, DuckDuckGo has finally released a desktop version of its privacy browser, and WhatsApp is expanding to offer a Slack-like group chat organizational scheme called Communities.
And there’s more! We’ve rounded up all the news we didn’t reveal or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.
Blockchain analytics researchers from Elliptic and Chain analysis said on Thursday that they traced the massive amount of cryptocurrency stolen last month from Ronin’s network bridge to the North Korean hacking group Lazarus. The US Treasury also announced expanded sanctions against North Korea, Lazarus and the group’s affiliates. The attackers have stolen large amounts of Ethereum currency Ether and some USDC stablecoins worth a total of $540 million so far. (The value of the stolen funds has since risen to over $600 million.) The Lazarus hackers have been on a cybercriminal rampage for years, breaking into companies, running scams, and generally collecting profits to fund the Hermit Kingdom.
NSO Group, the Israeli developer of the powerful and widely used Pegasus spyware, was declared “priceless” in British court documents this week. The rating, described as “extremely clear,” came from third-party advisory group Berkeley Research Group, which manages the fund that owns NSO. As a staggering number of autocrats and authoritarian governments have purchased NSO tools to target activists, dissidents, journalists and other at-risk people, the spyware maker has been branded and sued (repeatedly) by tech giants in an attempt to limit the reach his. Targeted surveillance is big business and a nexus where the issues of espionage and human rights merge. Reuters reported this week, for example, that senior EU officials were attacked last year with unspecified Israeli spyware.
T-Mobile confirmed it was breached last year (for what felt like the millionth time) after hackers put the personal data of 30 million customers up for sale for 6 bitcoins, or about $270,000 at the time. However, recently unsealed court documents show that the telco hired a third-party firm as part of its response, and the firm paid the attackers about $200,000 for exclusive access to the find in hopes of containing the crisis. Paying hackers through third parties is a well-known but controversial tactic for dealing with ransomware and digital extortion attacks. One reason it’s frowned upon is that it often fails, as was the case with T-Mobile data, which the attackers continued to sell.
In a report this week, researchers from Cisco Talos said a new type of information-stealing malware called “ZingoStealer” is spreading rapidly on the Telegram app. The cybercriminal group, known as Haskers Ganghe, distributes malware for free to other criminals or anyone who wants it, researchers said. The group, which may be based in Eastern Europe, frequently shares updates and tools on Telegram and Discord with the cybercriminal “community.”
More great stories on WIRED
