AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/27/2022

Quantum ransomware seen deployed in rapid network attacks

The Quantum ransomware, a strain first discovered in August 2021, were seen carrying out speedy attacks that escalate quickly, leaving defenders little time to react. The threat actors are using the IcedID malware as one of their initial access vectors, which deploys Cobalt Strike for remote access and leads to data theft and encryption using Quantum Locker. The technical details of a Quantum ransomware attack were analyzed by security researchers at The DFIR Report, who says the attack lasted only 3 hours and 44 minutes from initial infection to the completion of encrypting devices. The attack seen by The DFIR Report used the IcedID malware as the initial access to the target’s machine, which they believe arrived via a phishing email containing an ISO file attachment.

 

It’s not rocket science, why Elon Musk’s Twitter takeover could be bad for privacy

lon Musk has put an end to weeks of speculation with the announcement that Twitter has accepted his offer to buy the platform for $54.20 per share share, valuing the social media platform at about $44 billion. While Musk’s drawn-out pursuit of Twitter has come to an end, for him at least, the next chapter of Twitter’s history and its hundreds of millions of users is just beginning. The deal drew immediate fears that Musk, a self-styled “free speech absolutist,” could turn back the dials on content moderation, potentially unraveling years of work that curbed the unfettered spread of hate speech and misinformation. But experts have been just as quick to warn of the potential privacy implications of the $44 billion buyout to take Twitter private, at a time that even employees are unclear about the company’s future.

 

Lapsus$ Hackers Stole T-Mobile’s Source Code and Systems Data

T-Mobile has acknowledged the breach which occurred before police arrested some of the Lapsus$ members last month. The infamous Lapsus$ hacking group managed to steal T-Mobile’s source code in March 2022, days before the group’s prolific members got arrested in the same month. For your information, Lapsus$ is a notorious group of teen hackers that mainly hunts for the source code of high-profile and large tech firms. Some of its previous and successful attacks include Samsung, Microsoft, Nvidia, Okta, and Ubisoft. In its latest breach against T-Mobile, the Lapsus$ group reportedly downloaded over 30,000 source code repositories of the carrier in March 2022.

 

Hackers successfully duped Google, Apple, and others into giving up user data

Major tech companies, including Google, Apple, Snap, Twitter, Meta Platforms, and Discord, have been duped into giving up personal information about their users. Citing federal law enforcement officials and industry investigators, Bloomberg reports that the tech giants provided the sensitive user information in response to fake emergency legal requests. These types of requests don’t require a court order, and companies often turn over data to law enforcement agencies in good faith when imminent danger is involved. Perpetrators usually compromise the email system of a foreign law enforcement agency to forge such requests.

 

Coca-Cola Investigates Data Breach Claim

Coca-Cola is investigating claims of a large-scale data breach by Russian-linked cybercrime gang Stormous. The ransomware group posted on its website this week that it had successfully hacked the servers of the soft drinks giant and stolen 161GB of data. It also offered the data for sale for more than $64,000, or 16 million bitcoin. Stormous did not specify the type of data it stole. Stormous’ statement read: “We hacked some of the company’s servers and passed a large amount of data inside them without their knowledge and we want to sell it to someone else. You will win and we will win. You will also contact us! We will explain more Good deal, we’ll give you the right to pay the amount you want depending on the amount of data you want! Click on the picture to contact us or via our email.”

 

This mysterious hacker is leaving hidden messages for the investigators on their tail

There’s a new threat actor in the cybercrime space, which seems to be taking researchers’ counterattacks – personally. Cybersecurity researchers from Checkmarx have recently published a blog post on a threat actor dubbed RED-LILI. This group was seen delivering malicious NPM packages using automatically created user accounts. Since then, Checkmarx published its findings on the techniques and methods of this threat actor, and even created the RED-LILI Tracker to share with the community information about the attacker’s packages, and analysis findings. This move did not sit well with the group, which responded by changing up its tactics a bit. Besides trying to make the malicious packages seem more credible, and to obfuscate the malicious code as well as it can, the group also started leaving messages to the researchers.

Related Posts