AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/29/2022

Hundreds more packages found in malicious npm ‘factory’

Researchers continue to investigate a wave of malicious npm packages, with the published tally now reaching over 700. Last week, JFrog researchers disclosed the scheme in which an unknown threat actor had published at least 200 malicious Node Package Manager (npm) packages. The team said that the repositories were first detected on March 21 and grew rapidly, with each npm package deliberately named to mimic legitimate software. An automated script targeted scopes used by Microsoft Azure developers, including @azure, @azure-rest, @azure-tests, and more, in the npm software registry. 


This DDoS Attack Forced Among Us Servers To Shut Down

“Among Us” may not have been a hit right from the start (it was originally released back in 2018), but it did skyrocket in popularity during the early days of the pandemic. The massive growth has come with a downside, unfortunately, as the game’s servers were targeted by a DDoS attack on March 24 that brought them down across the EU and US. For a game about impostors trying to trick and slowly eliminate others with deception and sabotage, a Distributed Denial of Service attack that overwhelms and crashes servers seems a bit on-the-nose. However silly the situation might seem on the surface, it’s likely not as humorous to a number of the game’s thousands of current players or to its developer Innersloth, which spent days trying to fix the problem. This isn’t the first time Innersloth has had to deal with malicious attacks against its popular game, either, as millions of users ended up the victims of a spam attack back in 2020. It’s unclear who is behind this new DDoS campaign.


‘Most Severe’ Cyberattack Since Russian Invasion Crashes Ukraine Internet Provider

A “powerful” cyberattack has hit Ukraine’s biggest fixed line telecommunications company, Ukrtelecom. Described as the most severe cyberattack since the start of the Russian invasion in February, it has sent the company’s services across the country down. Victor Zhora, deputy head of the State Service for Special Communications and Information Protection, confirmed to Forbes that the government was investigating the attack. He said it’s not yet known whether Ukrtelecom—a telephone, internet and mobile provider—has been hit by a distributed denial of service (DDoS) attack or a deeper, more sophisticated intrusion.


That smiling LinkedIn profile face might be a computer-generated fake

At first glance, Renée DiResta thought the LinkedIn message seemed normal enough. The sender, Keenan Ramsey, mentioned that they both belonged to a LinkedIn group for entrepreneurs. She punctuated her greeting with a grinning emoji before pivoting to a pitch for software. “Quick question — have you ever considered or looked into a unified approach to message, video, and phone on any device, anywhere?” DiResta wasn’t interested and would have ignored the message entirely, but then she looked closer at Ramsey’s profile picture. Little things seemed off in what should have been a typical corporate headshot. Ramsey was wearing only one earring. Bits of her hair disappeared and then reappeared. Her eyes were aligned right in the middle of the image.


Ukraine dismantles 5 disinformation bot farms, seizes 10,000 SIM cards

The Ukrainian Security Service (SSU) has announced that since the start of the war with Russia, it has discovered and shut down five bot farms with over 100,000 fake social media accounts spreading fake news. The network, which operated in Kharkiv, Cherkasy, Ternopil, and Zakarpattia, aimed to discourage Ukrainian citizens and instill panic by distributing false information about the Russian invasion and the status of the defenders. According to the SSU’s announcement, the goal of the network was to destabilize the sociopolitical situation in various regions, thus curbing the resistance of the Ukrainian militia.


Lapsus$ found a spreadsheet of passwords as they breached Okta, documents show

The Lapsus$ hackers used compromised credentials to break into the network of customer service giant Sitel in January, days before subsequently accessing the internal systems of authentication giant Okta, according to documents seen by TechCrunch that provide new details of the cyber intrusion that have not yet been reported. Customers only learned of Okta’s January security breach on March 22 after the Lapsus$ hacking group published screenshots revealing it had accessed Okta’s internal apps and systems some two months earlier. Okta admitted the compromise in a blog post, and later confirmed 366 of its corporate customers are affected by the breach, or about 2.5% of its customer base. The documents provide the most detailed account to date of the Sitel compromise, which allowed the hackers to later gain access to Okta’s network.

Related Posts