AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 5/29/2024

Moroccan Cybercrime Group Steals Up to $100K Daily Through Gift Card Fraud

Microsoft is calling attention to a Morocco-based cybercrime group dubbed Storm-0539 that’s behind gift card fraud and theft through highly sophisticated email and SMS phishing attacks. “Their primary motivation is to steal gift cards and profit by selling them online at a discounted rate,” the company said in its latest Cyber Signals report. “We’ve seen some examples where the threat actor has stolen up to $100,000 a day at certain companies.” Storm-0539 was first spotlighted by Microsoft in mid-December 2023, linking it to social engineering campaigns ahead of the year-end holiday season to steal victims’ credentials and session tokens via adversary-in-the-middle (AitM) phishing pages.

 

2.8 Million Impacted by Data Breach at Prescription Services Firm Sav-Rx

The incident, the organization said, occurred on October 8, 2023, when it identified an interruption to its computer network, and was immediately contained, with the impacted systems restored the next business day. “The disruption to our IT systems did not result in any material disruption to patient care. Prescriptions were shipped on time and without delay. Our adjudication system was not affected so network pharmacy claims adjudicated continuously without impact or delay,” Sav-Rx said. According to the company, however, the attackers accessed non-clinical systems containing personal information and exfiltrated data from them. The compromised information includes names, addresses, dates of birth, email addresses, phone numbers, Social Security numbers, eligibility data, and insurance identification numbers. No clinical or financial information was compromised in the attack.

 

Google won’t comment on a potentially massive leak of its search algorithm documentation

Google’s search algorithm is perhaps the most consequential system on the internet, dictating what sites live and die and what content on the web looks like. But how exactly Google ranks websites has long been a mystery, pieced together by journalists, researchers, and people working in search engine optimization. Now, an explosive leak that purports to show thousands of pages of internal documents appears to offer an unprecedented look under the hood of how Search works — and suggests that Google hasn’t been entirely truthful about it for years. So far, Google hasn’t responded to multiple requests for comment on the legitimacy of the documents.

 

U.S. Sanctions Cybercrime Network Behind Massive Residential Proxy Bothnet Service

The United States has imposed sanctions on a cybercrime network responsible for operating a massive residential proxy botnet service to combat cybercrime. This network, 911.re, has been implicated in various illicit activities. It leverages residential IP addresses to anonymize malicious traffic and evade detection. The 911.re service, a Residential Proxies As A Service (RPAAS) platform, has been operational since early 2018.

According to the U.S. DEPARTMENT OF THE TREASURY reports, It allows users to rent residential IP addresses, making their internet traffic appear as if it originates from legitimate residential users.

 

Microsoft Uncovers ‘Moonstone Sleet’ — New North Korean Hacker Group

A never-before-seen North Korean threat actor codenamed Moonstone Sleet has been attributed as behind cyber attacks targeting individuals and organizations in the software and information technology, education, and defense industrial base sectors with ransomware and bespoke malware previously associated with the infamous Lazarus Group. “Moonstone Sleet is observed to set up fake companies and job opportunities to engage with potential targets, employ trojanized versions of legitimate tools, create a malicious game, and deliver a new custom ransomware,” the Microsoft Threat Intelligence team said in a new analysis. It also characterized the threat actor as using a combination of tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to meet its strategic objectives.

Related Posts