AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 01/27/2023

Morgan Stanley penalizes employees as much as $1 million for WhatsApp breaches 

Morgan Stanley has imposed financial penalties on employees who used messaging platforms such as WhatsApp for company business, according to two sources familiar with the situation. The penalties ranged from several thousand dollars for some staff to more than $1 million for others. The amounts were determined by factors such as the number of messages sent, seniority and whether the employees had already received warnings, according to one source familiar with the matter.  


Authorities shut down HIVE ransomware infrastructure, provide decryption tools 

Europol supported the German, Dutch and US authorities in taking down the infrastructure of the prolific HIVE ransomware. This international operation involved authorities from 13 countries in total. Law enforcement identified the decryption keys and shared them with many victims, helping them regain access to their data without paying the cybercriminals. In the last year, HIVE ransomware has been identified as a major threat as it has been used to compromise and encrypt the data and computer systems of large IT and oil multinationals in the EU and the USA. Since June 2021, over 1 500 companies from over 80 countries worldwide have fallen victim to HIVE associates and lost almost EUR 100 million in ransom payments. 


BlackCat Ransomware gang stole secret military data from an industrial explosives manufacturer 

The BlackCat Ransomware gang added SOLAR INDUSTRIES INDIA to the list of victims published on its Tor leak site. The company is a globally recognised industrial explosives manufacturer, it provides complete blasting solutions, including packaged, bulk explosives and initiating systems to meet its customer needs across the globe. The BlackCat Ransomware group claims to have breached the company infrastructure and to have stolen 2TB of data, including secret military data related to weapons production.“Because of low security, more than 2TB of sensitive data related to weapons production was stolen from Solar Industries India Limited.” reads the message published on the leak site. “The data leakage affected all products and classified documents of the company. The data includes full descriptions of engineering specifications, drawings, audits of many weapons, among others. 


Dutch hacker arrested for trying to sell the personal information of nearly every Austrian citizen 

Dutch authorities arrested a hacker for obtaining and trying to sell the personal information of nearly every Austrian citizen in May 2020, according to Reuters. It includes almost nine million data sets, roughly lining up with Austria’s population. The defendant, arrested in November in an Amsterdam apartment, was reportedly already known to international police. The 25-year-old defendant also offered “similar data sets” from Italy, the Netherlands and Colombia. Dutch police waited until now to announce the arrest to avoid hindering ongoing investigations. 


UK Cyber Security Centre’s scary new story: One phish, two phish, Russia phish, Iran phish 

The UK’s National Cyber Security Centre (NCSC) has warned of two similar spear-phishing campaigns, one originating from Russia, the other from Iran. The NCSC has attributed the campaigns to a Russia-based group called SEABORGIUM and the Iran-based TA453 group, also known as APT42. The threat groups target individuals working in academia, defence, government, non-government organisations, and think-tanks. Politicians, journalists and activists are also a target in an attempt to gather sensitive information. “These campaigns by threat actors based in Russia and Iran continue to ruthlessly pursue their targets in an attempt to steal online credentials and compromise potentially sensitive systems,” warned NCSC director of operations Paul Chichester. 

Related Posts