AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/16/2023

Revealed: the hacking and disinformation team meddling in elections 

A team of Israeli contractors who claim to have manipulated more than 30 elections around the world using hacking, sabotage and automated disinformation on social media has been exposed in a new investigationThe unit is run by Tal Hanan, a 50-year-old former Israeli special forces operative who now works privately using the pseudonym “Jorge”, and appears to have been working under the radar in elections in various countries for more than two decades. He is being unmasked by an international consortium of journalists. Hanan and his unit, which uses the codename “Team Jorge”, have been exposed by undercover footage and documents leaked to the Guardian. 


Hyundai, Kia pushing updates so you can’t just steal their cars with USB cables 

After months of thefts that have led to at least eight deaths, car makers Hyundai and Kia are offering free software updates to roughly 8.3 million cars that can be stolen with the aid of a USB-A cable. The National Highway Traffic Safety Administration said Tuesday that the manufacturers’ updates make it so affected cars require a key to be in the ignition switch to start. The cars’ no-key alarms will also sound for one minute instead of 30 seconds. The updates should start arriving later this month, with phased rollouts over subsequent months for 3.8 million Hyundais and 4.5 million Kias. 


Health info for 1 million patients stolen using critical GoAnywhere vulnerability 

One of the biggest hospital chains in the US said hackers obtained protected health information for 1 million patients after exploiting a vulnerability in an enterprise software product called GoAnywhere. Community Health Systems of Franklin, Tennessee, said in a filing with the Securities and Exchange Commission on Monday that the attack targeted GoAnywhere MFT, a managed file transfer product Fortra licenses to large organizations. The filing said that an ongoing investigation has so far revealed that the hack likely affected 1 million individuals. The compromised data included protected health information as defined by the Health Insurance Portability and Accountability Act, as well as patients’ personal information. 


BEC groups are using Google translate to target high value victims 

Abnormal Security has identified two groups that are using executive impersonation to execute Business Email Compromise (BEC) attacks on companies worldwide.  The first group, Midnight Hedgehog, engages in payment fraud, while the second group, Mandarin Capybara, executes payroll diversion attacks. Both groups have launched BEC campaigns in at least 13 different languages, including Danish, Dutch, Estonian, French, German, Hungarian, Italian, Norwegian, Polish, Portuguese, Spanish, and Swedish, the researchers noted. While attacking targets across various regions and using multiple languages is not new, in the past, these attacks were perpetrated mainly by sophisticated organizations with bigger budgets and more advanced resources, Crane Hassold, director of Threat Intelligence at Abnormal Security, wrote in his research.  


City of Oakland declares state of emergency in wake of ransomware attack 

The city government of Oakland, California was hit by a ransomware attack on February 8th, and its departments can still feel the security breach’s ramifications. While the local government didn’t give out details about the incident, such as how much money the bad actors are demanding, it said in an announcement that the city had to take its network offline to contain the attack. That has rendered many of Oakland’s non-emergency services inaccessible, such as websites that would allow residents to pay parking fines or taxes online. The city’s systems meant for processing reports and issuing permits or licenses are offline, as well.  


The war in Ukraine has shaken up the cyber-criminal ecosystem, Google says 

One year after Russia invaded Ukraine, the war continues — including an ever-evolving digital component that has implications for the future of cybersecurity around the world. Among other things, the war in Ukraine has upended the Eastern European cyber-criminal ecosystem, according to cybersecurity experts from Google, shaking up the way ransomware attacks are playing out. “Ransomware continues to be lucrative, but financially motivated threat actors are not immune from geopolitical developments,” says a new report, compiled by Google’s Threat Analysis Group (TAG), Mandiant (the cybersecurity firm that’s now a part of Google Cloud), and Google Trust & Safety. 

Related Posts