AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/23/2023

North Korean hackers using Chrome extensions to steal Gmail emails

A joint cybersecurity advisory from the German Federal Office for the Protection of the Constitution (BfV) and the National Intelligence Service of the Republic of Korea (NIS) warn about Kimsuky’s use of Chrome extensions to steal target’s Gmail emails. Kimsuky (aka Thallium, Velvet Chollima) is a North Korean threat group that uses spear phishing to conduct cyber-espionage against diplomats, journalists, government agencies, university professors, and politicians. Initially focused on targets in South Korea, the threat actors expanded operations over time to target entities in the USA and Europe.

Journalist plugs in unknown USB drive mailed to him—it exploded in his face

It’s no secret that USB flash drives, as small and unremarkable as they may look, can be turned into agents of chaos. Over the years, we’ve seen them used to infiltrate an Iranian nuclear facility, infect critical control systems in US power plants, morph into programmable, undetectable attack platforms, and destroy attached computers with a surprise 220-volt electrical surge. Although these are just a few examples, they should be enough to preclude one from inserting a mysterious, unsolicited USB drive mailed to them into a computer. Unfortunately, one Ecuadorian journalist didn’t get the memos. As reported by the Agence France-Presse (via CBS News) on Tuesday, five Ecuadorian journalists have received USB drives in the mail from Quinsaloma. Each of the USB sticks was meant to explode when activated.

Google and Microsoft’s chatbots are already citing one another in a misinformation shitshow

If you don’t believe the rushed launch of AI chatbots by Big Tech has an extremely strong chance of degrading the web’s information ecosystem, consider the following: Right now,* if you ask Microsoft’s Bing chatbot if Google’s Bard chatbot has been shut down, it says yes, citing as evidence a news article that discusses a tweet in which a user asked Bard when it would be shut down and Bard said it already had, itself citing a comment from Hacker News in which someone joked about this happening, and someone else used ChatGPT to write fake news coverage about the event.

Irish Food Giant Dole Admits Employee Data Breach

A fresh produce multinational based in Ireland has revealed that employee data was compromised in a ransomware breach that hit the firm in February. Dole employs nearly 38,000 staff across 30 countries and posted revenue of $9.2bn last year, making it an attractive target for online extortionists. It revealed on February 22 that the firm has “recently” experienced a ransomware attack which had “limited” impact on operations. Little more detail was given at the time while the firm investigated the scope of the incident. However, a new filing with the Securities and Exchange Commission (SEC) yesterday had more. “In February of 2023, we were the victim of a sophisticated ransomware attack involving unauthorized access to employee information,” it revealed. “Upon detecting the attack, we promptly took steps to contain the attack, retained the services of leading third-party cybersecurity experts and notified law enforcement.”

Russian Sanctions Evasion Puts Merchants and Banks at Risk

Cybercriminals devise and execute various workarounds to legalize their illicit income. After international sanctions were leveled against Russia in the wake of Russia’s full-scale invasion of Ukraine, ordinary Russian consumers have likely resorted to similar workarounds to obtain goods produced abroad. Recorded Future has identified prepaid cryptocurrency virtual credit cards and mail forwarding services — also known as “reshippers” — as methods that can potentially be exploited to illegally bypass sanctions. International financial institutions and merchants that are indirect participants of these workarounds may be at risk of falling under secondary sanctions. This risk could be greatly reduced by implementing more stringent verification procedures for the services and transactions involved in these workarounds.

Rio Tinto staff’s personal data may have been hacked

Personal data of Rio Tinto Ltd’s (RIO.AX) former and current Australian employees may have been stolen by a cybercriminal group, according to a staff memo seen by Reuters on Thursday. Payroll information, like payslips and overpayment letters, of a small number of employees from January 2023 had possibly been seized by the group, the memo showed. “Investigations now indicate a possibility that Rio Tinto data may be impacted,” it said.

Related Posts