AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/13/2023

Maine gov’t says state systems were not breached despite hacking group’s claims 

Maine government officials denied that a notorious hacking group breached their systems after the gang boasted of stealing information this week. The GhostSec hacking group posted to Telegram on Thursday claiming that they stole 40 GB of data from Maine’s government websites. The group provided a zip file of the data they stole. But Sharon Huntley, director of communications for Maine’s Department of Administrative and Financial Services, said their IT team confirmed that the group simply downloaded public-facing information that is available on Maine’s Department of Environmental Protection (DEP) website. 


FTC exposes romance scammers’ lies costing victims over $1 billion in losses 

Romance scammers received a hefty payout last year, with some 70,000 victims losing a whopping $1.3 billion, according to the Federal Trade Commission’s (FTC) latest report. The median reported loss in 2022 reached $4,400 per victim, and FTC data shows that 40% of the people who lost money began their ‘relationship’ with the scammer on social media. Besides unexpected private messages via social media, 19% of victims said they met their romance scammer on dating platforms and apps. Once hooked, the scammer persuaded the target to move the conversation to direct messaging apps such as WhatsApp and Telegram. “These scammers pay close attention to the information you share, and don’t miss a beat becoming your perfect match,” the FTC said. You like a thing, so that’s their thing, too. You’re looking to settle down. They’re ready too. But there is one exception – you want to meet in real life, and they can’t.” 


Pentagon Staffers Found Installing Dating Apps, Games on Government Phones 

Smartphones issued by the Pentagon are routinely loaded up with dating apps, games, and possibly TikTok, posing a potential national security risk, according to a US government report. The findings come from the Department of Defense Office of Inspector General, which was spotted by Gizmodo(Opens in a new window). On Thursday, the agency released(Opens in a new window) a report that found segments of the US military have been allowing personnel to install unauthorized software from public app stores. That’s a problem because many apps can collect personal data from smartphones without the user’s full knowledge. In some cases, apps can also be secretly malicious and hijack a device to control the camera and microphone or pull data from the GPS. “Many unmanaged applications routinely require access to a user’s contact list, location data, and photo library that could reveal sensitive DoD locations and information,” the inspector general adds. 


Enigma, Vector, and TgToxic: The New Threats to Cryptocurrency Users 

Suspected Russian threat actors have been targeting Eastern European users in the crypto industry with fake job opportunities as bait to install information-stealing malware on compromised hosts. The attackers “use several highly obfuscated and under-development custom loaders in order to infect those involved in the cryptocurrency industry with Enigma stealer,” Trend Micro researchers Aliakbar Zahravi and Peter Girnus said in a report this week. Enigma is said to be an altered version of Stealerium, an open source C#-based malware that acts as a stealer, clipper, and keylogger. The intricate infection journey starts with a rogue RAR archive file that’s distributed via phishing or social media platforms. It contains two documents, one of which is a .TXT file that includes a set of sample interview questions related to cryptocurrency. 


City of Oakland hit with ransomware attack, but says ‘core functions’ are intact 

The City of Oakland confirmed reports that its networks had been hit with ransomware after rumors emerged online that several agencies were having issues with systems on Thursday. City officials did not respond to requests for comment but released a statement on Friday afternoon saying the ransomware attack began on Wednesday night. “The Information Technology Department is coordinating with law enforcement and actively investigating the scope and severity of the issue. Our core functions are intact. 911, financial data, and fire and emergency resources are not impacted,” the officials said“The City is following industry best practices and developing a response plan to address the issue. In an abundance of caution, ITD has taken affected systems offline while they work to secure and restore services safely. In the meantime, the public should expect delays from the City as a result. We are actively monitoring the situation and sending updated information as it becomes available.” 


Hackers attack Israel’s Technion University, demand over $1.7 million in ransom 

Israel’s Technion University on Sunday suffered a ransomware attack, which has forced the university to proactively block all communication networks. A new group calling itself DarkBit has claimed responsibility for the attack. “The Technion is under cyber attack. The scope and nature of the attack are under investigation,” Technion University, Israel’s top public university in Haifa wrote in a TweetEstablished in 1912, the Technion University has become a global pioneer in fields such as biotechnology, stem cell research, space, computer science, nanotechnology, and energy. Four Technion professors have won Nobel Prizes. The university has also contributed for the growth of Israel’s high-tech industry and innovation, including the country’s technical cluster in Silicon Wadi. 

Related Posts