AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/31/2023

Pro-Russian hackers target elected US officials supporting Ukraine 

Threat actors aligned with Russia and Belarus are targeting elected US officials supporting Ukraine, using attacks that attempt to compromise their email accounts, researchers from security firm Proofpoint said. The campaign, which also targets officials of European nations, uses malicious JavaScript that’s customized for individual webmail portals belonging to various NATO-aligned organizations, a report Proofpoint published Thursday said. The threat actor—which Proofpoint has tracked since 2021 under the name TA473—employs sustained reconnaissance and painstaking research to ensure the scripts steal targets’ usernames, passwords, and other sensitive login credentials as intended on each publicly exposed webmail portal being targeted. 


Microsoft Patches ‘Dangerous’ RCE Flaw in Azure Cloud Service 

Microsoft has patched what researchers called a “dangerous” flaw in its Azure Service Fabric component of the company’s cloud-hosting infrastructure. If exploited, it would have allowed an unauthenticated, malicious actor to execute code on a container hosted on the platform. Researchers from Orca Security discovered the cross-site scripting (XSS) flaw — which they dubbed Super FabriXss — in December and reported it to Microsoft, which issued a fix for it in March’s round of Patch Tuesday updates, the researchers said in a blog post published March 30, revealing the technical details of the bug. 


‘They outsmarted us.’ 3CX CEO acknowledges mistakes handling potential supply chain cyberattack 

When the CEO of the 3CX, a global online communications company, first saw an antivirus alert last week flagging a potential problem in software associated with one of the company’s apps that lets users make calls over the internet, he didn’t give it much attention. Because of the volume of similar warnings, Nick Galea said the company didn’t react immediately. All that changed Wednesday when researchers at the cybersecurity firm CrowdStrike reported that the problem could have given hackers linked to North Korea a gateway into thousands of companies around the world. 


Leaked IT contractor files detail Kremlin’s stockpile of cyber-weapons 

An unidentified whistleblower has provided several media organizations with access to leaked documents from NTC Vulkan – a Moscow IT consultancy – that allegedly show how the firm supports Russia’s military and intelligence agencies with cyber warfare tools. Journalists from Der Spiegel and Munich-based investigative group Paper Trail Media – in conjunction with The Guardian, ZDF, Der Standard (Austria), the Swiss Tamedia Group, The Washington PostSüddeutsche Zeitung and Le Monde – have spent the past few months working with the whistleblower, and have just published a set of articles describing these documents, referred to as The Vulkan Files. 


Ukrainian Police Bust Multimillion-Dollar Phishing Gang 

Ukrainian cyber police have disrupted a prolific phishing gang it claims made 160 million hryvnias ($4.3m) from victims across Europe. The Cyber Police of Ukraine claimed in a notice yesterday that over 30 locations were searched as part of the raids, including the homes of the accused, vehicles and call centers. Mobile phones, SIM cards and computer equipment were seized in the crackdown, with officers from the country’s security service (SBU) also taking part. The group is said to have created over 100 phishing sites offering heavily discounted goods which lured victims into attempting to purchase them. Once the phishers had victims’ card details, they would use them for follow-on fraud. Scammers were apparently also employed in two call centers in Vinnytsia and in Lviv, and were tasked with the job of convincing shoppers to complete their purchases on the fake sites. 


‘He Would Still Be Here’: Man Dies by Suicide After Talking with AI Chatbot, Widow Says 

A Belgian man recently died by suicide after chatting with an AI chatbot on an app called Chai, Belgian outlet La Libre reported. The incident raises the issue of how businesses and governments can better regulate and mitigate the risks of AI, especially when it comes to mental health. The app’s chatbot encouraged the user to kill himself, according to statements by the man’s widow and chat logs she supplied to the outlet. When Motherboard tried the app, which runs on a bespoke AI language model based on an open-source GPT-4 alternative that was fine-tuned by Chai, it provided us with different methods of suicide with very little prompting.  

Related Posts