AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 8/30/2024

Brain Cipher claims attack on Olympic venue, promises 300 GB data leak

Nearly four weeks after the cyberattack on dozens of French national museums during the Olympic Games, the Brain Cipher ransomware group claims responsibility for the incident and says 300 GB of data will be leaked later today. Le Grand Palais and dozens of other national museums and institutions overseen by Réunion des Musées Nationaux – Grand Palais (RMN-GP) were targeted by cybercriminals over August 3-4. French newswires reported at the time that the people behind the attack targeted a system used to “centralize financial data” related to the approximately 40 institutions under RMN-GP’s watch. 

 

OpenAI and Anthropic will share their models with the US government

OpenAI and Anthropic have agreed to let the US government access major new AI models before release to help improve their safety. The companies signed memorandums of understanding with the US AI Safety Institute to provide access to the models both before and after their public release, the agency announced on Thursday. The government says this step will help them work together to evaluate safety risks and mitigate potential issues. The US agency said it would provide feedback on safety improvements, in collaboration with its counterpart agency in the UK.

 

Feds claim sinister sysadmin locked up thousands of Windows workstations, demanded ransom

A former infrastructure engineer who allegedly locked IT department colleagues out of their employer’s systems, then threatened to shut down servers unless paid a ransom, has been arrested and charged after an FBI investigation. Daniel Rhyne, 57, of Kansas City, Missouri, now faces up to 35 years behind bars for the alleged failed ransom attempt after being charged with one count of extortion in relation to a threat to cause damage to a protected computer, one count of intentional damage to a protected computer, and one count of wire fraud. According to court documents [PDF], Rhyne hatched the scheme in November 2023 while working for an unnamed industrial company, headquartered in Somerset County, New Jersey.

 

Iran hunts down double agents with fake recruiting sites, Mandiant reckons

Government-backed Iranian actors allegedly set up dozens of fake recruiting websites and social media accounts to hunt down double agents and dissidents suspected of collaborating with the nation’s enemies, including Israel. The campaign targeted Farsi speakers living in and outside of Iran, began as early as 2017 and lasted until at least March this year. The threat intel team at Google-owned Mandiant uncovered the activity and detailed it in a report published Wednesday.

 

State-backed attackers and commercial surveillance vendors repeatedly use the same exploits

Today, we’re sharing that Google’s Threat Analysis Group (TAG) observed multiple in-the-wild exploit campaigns, between November 2023 and July 2024, delivered from a watering hole attack on Mongolian government websites. The campaigns first delivered an iOS WebKit exploit affecting iOS versions older than 16.6.1 and then later, a Chrome exploit chain against Android users running versions from m121 to m123. These campaigns delivered n-day exploits for which patches were available, but would still be effective against unpatched devices. We assess with moderate confidence the campaigns are linked to the Russian government-backed actor APT29. In each iteration of the watering hole campaigns, the attackers used exploits that were identical or strikingly similar to exploits previously used by commercial surveillance vendors (CSVs) Intellexa and NSO Group.

Related Posts