Our website may use cookies to improve and personalize your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense or Google Analytics. By using the website, you consent to the use of cookies. We’ve updated our Privacy Policy. Please click on the button to check our Privacy Policy.

AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 10/20/2020

Albion Online game maker discloses data breach

A hacker has breached the forum of Albion Online, a popular free medieval fantasy MMORPG, and stole usernames and password hashes, the game maker disclosed on Saturday.  “The intruder was able to access forum user profiles, which include the email addresses connected to those forum accounts,” said Sandbox Interactive GmbH, the company behind Albion Online. The attacker also harvested encrypted passwords. Sandbox Interactive said the passwords were hashed with the Bcrypt password-hashing function and then salted with random data to make it harder for attackers to reverse and crack the password. “These can NOT be used to log in to Albion Online, the website or the forum, nor can they be used to learn the passwords themselves,” the German game maker said. “However, there is a small possibility they could be used to identify accounts with particularly weak passwords.”

 

Chinese hackers impersonated McAfee to attack election campaign staffers

Google warned in June that state-sponsored hackers were targeting 2020 US election campaigns, and now it’s outlining some of the methods those perpetrators used. APT31, a group linked to China, impersonated McAfee (the antivirus software, not its indicted founder) in a bid to trick campaign workers into installing malware. While the software was a real copy stored in GitHub, the ploy would quietly install malware in the background. If successful, the attack would let intruders run arbitrary commands as well as transfer files. Researchers further linked China to a large-scale spam network trying to influence the US through YouTube videos (some from hijacked channels) with “clumsy” translations and computer-generated voices. Google said it had disrupted the network, including the removal of more than 3,000 channels, and that it didn’t have any practical reach. There haven’t been any “significant” coordinated influence campaigns on its platforms that targeted US voters, Google said.

 

Thousands of infected IoT devices used in for-profit anonymity service

Some 9,000 devices—mostly running Android, but also the Linux and Darwin operating Systems—have been corralled into the Interplanetary Storm, the name given to a botnet whose chief purpose is creating a for-profit proxy service, likely for anonymous Internet use. The finding is based on several pieces of evidence collected by researchers from security provider Bitdefender. The core piece of evidence is a series of six specialized nodes that are part of the management infrastructure. Together, these nodes “are responsible for checking for node availability, connecting to proxy nodes, hosting the web API service, signing authorized messages, and even testing the malware in its development phase,” Bitdefender researchers wrote in a report published on Thursday. “Along with other development choices, this leads us to believe that the botnet is used as a proxy network, potentially offered as an anonymization service.”

It’s not the first time researchers have found botnets used to provide networks for quasi-anonymous Internet usage. 

 

US charges six Russian intelligence officers with hacking Ukraine, 2018 Olympics, and Skripal investigation

The Justice Department has charged six Russian intelligence officers with involvement in an extensive hacking campaign, including the notorious Petya ransomware attacks that targeted Ukraine in 2015. According to the indictment, the efforts also targeted the country of Georgia, the French elections, the 2018 winter Olympics, and investigations into the poisoning of former Russian military officer Sergei Skripal. Many of the specific incidents in the indictment have been previously reported, but no law enforcement agency has publicly charged Russia’s GRU with orchestrating the attacks. Russia’s primary military intelligence agency, the GRU has previously been associated with a wide range of cyberattacks dubbed “Fancy Bear” by private-sector researchers. In this case, prosecutors even pin the operation down to a specific GRU building located at 22 Kirova Street in Moscow, which the indictment refers to as “the Tower.”

 

More than 50% of humans in the world use social media

More than 4 billion people around the world now use social media each month, and an average of nearly 2 million new users are joining them every day. The world is spending more time on social media too, with the typical user now spending roughly 15% of their waking life using social platforms. However, social media isn’t the only aspect of digital that’s delivering impressive numbers. The new Digital 2020 October Global Statshot Report – produced in partnership with Hootsuite and We Are Social – shows that connected tech continues to play an ever more important role in various aspects of people’s everyday lives.

 

Mysterious ‘Robin Hood’ hackers donating stolen money

A hacking group is donating stolen money to charity in what is seen as a mysterious first for cyber-crime that’s puzzling experts. Darkside hackers claim to have extorted millions of dollars from companies, but say they now want to “make the world a better place”. In a post on the dark web, the gang posted receipts for $10,000 in Bitcoin donations to two charities. One of them, Children International, says it will not be keeping the money. The move is being seen as a strange and troubling development, both morally and legally. In the blog post on 13 October, the hackers claim they only target large profitable companies with their ransomware attacks. The attacks hold organisations’ IT systems hostage until a ransom is paid.

 

Related Posts