AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/31/2023

FBI-Led Operation Duck Hunt Shuts Down QakBot Malware 

The FBI has led a multinational law enforcement operation that has successfully dismantled QakBot, a leading malware loader used by cybercriminals to deploy ransomware. As part of Operation Duck Hunt, the FBI gained access to QakBot’s admin computers, which helped law enforcement map out the server infrastructure used in the botnet’s operation. It then seized 52 servers, which it said would “permanently dismantle” the botnet, and redirected QakBot’s traffic to servers controlled by the Bureau, pointing victims to download an uninstaller. In an announcement, the US Department of Justice (DoJ) said the FBI had identified more than 700,000 infected computers worldwide, including more than 200,000 in the US. 

 

In Airbnb, Cybercriminals Find a Comfortable Home for Fraud 

Cybercriminals are always looking for that next hacking adventure, so it’s fitting that Airbnb has become an emerging target for fraud on the Dark Web. In the past few months, thousands of Airbnb accounts have become available for purchase on underground cybercrime stores, sometimes for as low as one dollar. That’s according to an investigation from researchers at SlashNext, which found that cybercriminals are using phishing, stealer malware and stolen cookies to gain unauthorized access to Airbnb accounts, then turning around and selling them online. 

 

China-Linked BadBazaar Android Spyware Targeting Signal and Telegram Users 

Cybersecurity researchers have discovered malicious Android apps for Signal and Telegram distributed via the Google Play Store and Samsung Galaxy Store that are engineered to deliver the BadBazaar spyware on infected devices. Slovakian company ESET attributed the campaign to a China-linked actor called GREF“Most likely active since July 2020 and since July 2022, respectively, the campaigns have distributed the Android BadBazaar espionage code through the Google Play store, Samsung Galaxy Store, and dedicated websites representing the malicious apps Signal Plus Messenger and FlyGram,” security researcher Lukáš Štefanko said in a new report shared with The Hacker News. 

 

Hackers attack 2 of the world’s most advanced telescopes, forcing shutdown 

Some of the world’s leading astronomical observatories have reported cyberattacks that have resulted in temporary shutdowns. The National Science Foundation’s National Optical-Infrared Astronomy Research Laboratory, or NOIRLab, reported that a cybersecurity incident that occurred on Aug. 1 has prompted the lab to temporarily halt operations at its Gemini North Telescope in Hawaii and Gemini South Telescope in Chile. Other, smaller telescopes on Cerro Tololo in Chile were also affected. “Our staff are working with cybersecurity experts to get all the impacted telescopes and our website back online as soon as possible and are encouraged by the progress made thus far,” NOIRLab wrote in a statement on its website on Aug. 24. 

 

DOE launches cyber contest to benefit rural utilities 

The Department of Energy is launching a contest for rural utilities to receive $8.9 million in aid for improving defenses against cyberattacks. The Rural and Municipal Utility Advanced Cybersecurity Grant and Technical Assistance Program is intended for utilities with limited resource for cybersecurity defenses, training or in many cases basic staffing. “Rural electric cooperative, municipal, and small investor-owned utilities carry out a critical economic and national security role in the United States — often with limited resources,” David Crane, under secretary for infrastructure at DOE, said in a statement. 

 

Paramount discloses data breach following security incident 

American entertainment giant Paramount Global disclosed a data breach after its systems got hacked and attackers gained access to personally identifiable information (PII). Paramount said in breach notification letters signed by Nickelodeon Animation Studio EVP Brian Keane sent to affected individuals that the attackers had access to its systems between May and June 2023. “Based on our investigation, the personal information may have included your name, date of birth, Social Security number or other government-issued identification number (such as driver’s license number or passport number) and information related to your relationship with Paramount,” the mass media giant told impacted people. 

Related Posts