AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 7/22/2024

Russia-linked FIN7 hackers sell their security evasion tool to other groups on darknet

A notorious cybercriminal group known as FIN7 advertises its custom tool for security evasion on darknet forums and sells it to other criminal gangs, researchers have found. The tool, known as AvNeutralizer, is used by criminal hackers to bypass threat detection systems on victims’ devices. Researchers have previously discovered that the tool was used exclusively for six months by another hacker group, Black Basta. In a new report, the cybersecurity firm SentinelOne said that it observed multiple ransomware groups using updated versions of AvNeutralizer, suggesting that the customer list  was no longer limited to Black Basta.

 

North Korea likely behind takedown of Indian crypto exchange WazirX

Indian crypto exchange WazirX has revealed it lost virtual assets valued at over $230 million after a cyber attack that has since been linked to North Korea. According to a late Thursday WazirX Xeet, the attack targeted one of its multi-signature wallets – digi-cash lockers that are designed to offer superior security by requiring multiple private keys to authorize a transaction. WazirX’s transaction verification process requires approval by multiple parties. The hacked wallet had six signatories – five from WazirX team and one from Liminal. Most transactions on the WazirX platform require approval from three of the company’s signatories, plus final approval from Liminal’s signatory.

 

Beijing’s attack gang Volt Typhoon was a false flag inside job conspiracy: China

China has wildly claimed the Volt Typhoon gang, which Five Eyes nations accuse of being a Beijing-backed attacker that targets critical infrastructure, was in fact made up by the US intelligence community. The nation’s National Computer Virus Emergency Response Center, National Engineering Laboratory for Computer Virus Prevention Technology, and infosec vendor 360 Digital Security Group last week published a report [PDF] on Vault Typhoon titled “<Lie to me/>: A secret Disinformation Campaign targeting US Congress and Taxpayers conducted by US Government agencies.”

 

MediSecure: Ransomware gang stole data of 12.9 million people

MediSecure, an Australian prescription delivery service provider, revealed that roughly 12.9 million people had their personal and health information stolen in an April ransomware attack. The company was forced to shut down its website and phone lines to contain the attack, disclosing it on May 16 as a “cyber security incident.” At the time, the Australian National Cyber Security Coordinator (NCSC), who was helping MEdiSecure to mitigate the breach, described it as a “large-scale ransomware data breach.”

 

Microsoft Says 8.5 Million Windows Devices Impacted by CrowdStrike Incident, Publishes Recovery Tool

Microsoft on Saturday said an estimated 8.5 million Windows devices were impacted by the faulty software update from CrowdStrike that triggered massive IT outages across the global economy on Friday. Microsoft also released a USB tool on Saturday to help IT administrators expedite the repair process for Windows clients and servers impacted by the CrowdStrike Falcon agent issue. To use the tool, users must have a Windows 64-bit client with at least 8GB of free space from which the tool can be run to create the bootable USB drive, along with administrative privileges on the Windows client. While less than one percent of all Windows machines have been impacted, Microsoft says it is deploying hundreds of its engineers and experts to work directly with customers to restore services.

Related Posts