AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/06/2022

Germany Shuts Down Russian Hydra Darknet Market; Seizes $25 Million in Bitcoin

Germany’s Federal Criminal Police Office, the Bundeskriminalamt (BKA), on Tuesday announced the official takedown of Hydra, the world’s largest illegal dark web marketplace that has cumulatively facilitated over $5 billion in Bitcoin transactions to date. “Bitcoins amounting to currently the equivalent of approximately €23 million were seized, which are attributed to the marketplace,” the BKA said in a press release. Blockchain analytics firm Elliptic confirmed that the seizure occurred on April 5, 2022 in a series of 88 transactions amounting to 543.3 BTC. The agency attributed the shutdown of Hydra to an extensive investigation operation conducted by its Central Office for Combating Cybercrime (ZIT) in partnership with U.S. law enforcement authorities since August 2021.


Cybersecurity Mesh: IT’s Answer to Cloud Security

The term “cybersecurity mesh” has been around for a couple of years now, but it’s making the rounds again after Gartner declared it the second-highest strategic trend of 2022. To be fair, it is a good term, as it adequately expands upon the zero-trust paradigm. Given that zero trust has been around for nearly two decades, most are familiar with the zero-trust network (ZTN) model. It is the idea that all network access requests should be considered unreliable until proven otherwise. In a zero-trust environment, all subjects are continuously vetted; all traffic is encrypted; and user health, device health, and session context are all assessed before access is granted to the network. The principle of least privilege is employed, meaning that users are granted access to the least amount of network data for the shortest amount of time necessary to complete a given task. Lastly, multifactor authentication (MFA) and user and entity behavior analytics (UEBA) are employed to protect the network.


Block confirms Cash App breach after former employee accessed US customer data

Block has confirmed a data breach involving a former employee who downloaded reports from Cash App that contained some U.S. customer information. In a filing with the Securities and Exchange Commission (SEC) on April 4, Block — formerly known as Square — said that the reports were accessed by the insider on December 10.  “While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended,” the filing reads. Block refused to answer our questions about why a former employee still had access to this data, and for how long they retained access after their employment at the company had ended.


Cicada: Chinese APT Group Widens Targeting in Recent Espionage Activity

A Chinese state-backed advanced persistent threat (APT) group is attacking organizations around the globe in a likely espionage campaign that has been ongoing for several months. Victims in this Cicada (aka APT10) campaign include government, legal, religious, and non-governmental organizations (NGOs) in multiple countries around the world, including in Europe, Asia, and North America. The wide number of sectors and geographies of the organizations targeted in this campaign is interesting. Cicada’s initial activity several years ago was heavily focused on Japanese-linked companies, though in more recent times it has been linked to attacks on managed service providers (MSPs) with a more global footprint. However, this campaign does appear to indicate a further widening of Cicada’s targeting. The attribution of this activity to Cicada is based on the presence on victim networks of a custom loader and custom malware that are believed to be exclusively used by the APT group.


UK spy agencies sharing bulk personal data with foreign allies was legal

A privacy rights org this week lost an appeal [PDF] in a case about the sharing of Bulk Personal Datasets (BPDs) by MI5, MI6, and GCHQ with foreign intelligence agencies. The defendant in the case was the Investigatory Powers Tribunal (IPT), a specialist body established under the controversial Regulation of Investigatory Powers Act 2000 (RIPA). The decision means a contested part of a 2018 ruling by the IPT will stand: that safeguards and rules around data collection between 2015 to 2017 by the state agencies meant that sharing that data was legal – “compatible with article 8 of the European Convention of Human Rights.” Dismissing Privacy International’s claim for judicial review, the Queen’s Bench Division judgement stated that this was despite the Tribunal identifying “serious errors that had been made by GCHQ.”


US Justice Department shuts down Russian dark web marketplace Hydra

The US Department of Justice (DOJ) has shut down Hydra Market, one of the world’s largest darknet marketplaces. On Tuesday, the DOJ and German federal police seized Hydra’s servers and cryptocurrency wallets containing $25 million worth of bitcoin. Hydra was an online criminal marketplace where primarily Russian users bought and sold illicit goods and services, including illegal drugs, stolen financial information, fraudulent identification documents, and money laundering and mixing services. Transactions on Hydra were conducted in cryptocurrency with the operators earning revenue by charging a commission for every transaction conducted on the market. In 2021, Hydra accounted for an estimated 80% of all darknet market-related cryptocurrency transactions, and since 2015, the marketplace has received approximately $5.2 billion in cryptocurrency, the DOJ said.

Related Posts