AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/17/2022

INTERPOL arrests ‘Black Axe’ cybercrime syndicate members 

INTERPOL has arrested over 70 suspected members of the ‘Black Axe’ cybercrime syndicate, with two believed to be responsible for $1.8 million in financial fraud. The suspects were arrested as part of ‘Operation Jackal,’ an international law enforcement operation between September 26 and 30, 2022, in South Africa. Black Axe was founded in 1977 in Nigeria and is considered one of the world’s most far-reaching and dangerous crime syndicates. 

 

Indian Energy Company Tata Power’s IT Infrastructure Hit By Cyber Attack 

Tata Power Company Limited, India’s largest integrated power company, on Friday confirmed it was targeted by a cyber attack. The intrusion on IT infrastructure impacted “some of its IT systems,” the company said in a filing with the National Stock Exchange (NSE) of India. It further said it has taken steps to retrieve and restore the affected machines, adding it put in place security guardrails for customer-facing portals to prevent unauthorized access. The Mumbai-based electric utility company, part of the Tata Group conglomerate, did not disclose any further details about the nature of the attack, or when it took place. 

 

Airborne Drones Are Dropping Cyber-Spy Exploits in the Wild 

Once limited to abstract academic conversation among cybersecurity enthusiasts, drones loaded with cyber-spying equipment are now being used in the real world to breach networks and steal information. Cybersecurity researcher Greg Linares shared a Twitter thread on Oct. 10 providing an overview of a drone-based cyberattack he was privy to over the summer. He explained it started when an unnamed financial company picked up unusual traffic on its network. A trace of the Wi-Fi signal behind the network activity led the threat hunters to the roof, where two drones were found. 

 

Phishing works so well crims won’t bother with deepfakes, says Sophos chap 

Panic over the risk of deepfake scams is completely overblown, according to a senior security adviser for UK-based infosec company Sophos. “The thing with deepfakes is that we aren’t seeing a lot of it,” Sophos researcher John Shier told El Reg last week. Shier said current deepfakes – AI generated videos that mimic humans – aren’t the most efficient tool for scammers to utilize because simpler and cheaper attacks like phishing and other forms of social engineering work very well. “People will give up info if you just ask nicely,” said Shier. 

 

New “Prestige” ransomware impacts organizations in Ukraine and Poland 

The Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a novel ransomware campaign targeting organizations in the transportation and related logistics industries in Ukraine and Poland utilizing a previously unidentified ransomware payload. We observed this new ransomware, which labels itself in its ransom note as “Prestige ranusomeware”, being deployed on October 11 in attacks occurring within an hour of each other across all victims.  

 

Ransom Cartel Ransomware: A Possible Connection With REvil 

Ransom Cartel is ransomware as a service (RaaS) that surfaced in mid-December 2021. This ransomware performs double extortion attacks and exhibits several similarities and technical overlaps with REvil ransomware. REvil ransomware disappeared just a couple of months before Ransom Cartel surfaced and just one month after 14 of its alleged members were arrested in Russia. When Ransom Cartel first appeared, it was unclear whether it was a rebrand of REvil or an unrelated threat actor who reused or mimicked REvil ransomware code. 

Related Posts