Cyber Threat Report | April 2024

With multiple vulnerabilities, exploited in the wild, April continued to see the rising cybersecurity risk posed by nation-state actors.

Cybersecurity experts saw:

• an espionage campaign on Cisco firewall products;
• the continued exploitation of Ivanti flaws;
• just how much Akira ransomware has extorted from victims.

On the other hand, after a year-long Europol investigation, the largest phishing-as-a-service platform was shut down. As well:

• Google filed a lawsuit against fake investment apps;
• Samourai Wallet founders were charged;
• OneCoin's head of legal was sentenced.

Read on to discover the latest news in the cybersecurity space!

Cybercrime Breaking News

"ArcaneDoor" - a said espionage campaign, carried out by nation-states - is targeting Cisco firewall products , using its Adaptive Security Appliance (ASA). Cisco also alerted that one of its multifactor authentication (MFA) service providers, Duo, was breached by hackers .

The MITRE Corporation revealed that a nation-state breached its unclassified research and prototyping networks by exploiting two zero-day Ivanti Connect Secure flaws .?

Earlier last month, Google-owned security company, Mandiant, warned about hackers continuing to exploit vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways . One of the hackers, which Mandiant assessed with "medium confidence", is said to be the China-based hacking group Volt Typhoon, which has been targeting the US energy and defense sector.?

Palo Alto Networks published guidance to remediate a critical security flaw, PAN-OS, which has been actively exploited in the wild .

A new CISA, FBI, Europol, and Netherlands’ National Cyber Security Centre report highlights how malicious actors disseminating Akira ransomware have extorted around $42 million .

Omni Hotels & Resorts confirmed a cyber attack on its systems happened at the end of March .

Targus - technology accessory manufacturer - operations were disrupted due to a cyber attack .

Frontier Communications, a telecom company, shut down some of its operations due to a cyber attack .

Hacker "IntelBroker" claims to have accessed federal agencies' data , (from the State Department, Defense Department, and National Security Agency) by hacking technology consulting firm Acuity.

Greylock McKinnon Associates, a consulting firm that provides services for the Department of Justice, fell victim to a cyber attack . The personal data of 341,000 may have been leaked.

Researchers:

• Revealed how a botnet, operated by Romanian hacker group, RUBYCARE , has been active in the last decade.
• Find four new vulnerabilities, affecting LG TVs software (LG WebOS versions four through seven).
• Disclose around 30 phishing websites, posing as genuine E-ZPass ones. The news comes as the FBI releases information about how the agency has received +2K complaints about smishing texts , pretending to be from the road toll collection services.

Cyberwar between Russia and Ukraine: Updates

Ukraine's state security service said it's building a case against the hackers , who targeted the country's biggest telecom operator, Kyivstar , to be presented at the International Criminal Court in The Hague.

Germany's defense minister, Boris Pistorius, announced that a cyber branch will be implemented, as part of the country's military restructuring . The branch aims to protect against cyber threats from Russia, targeting NATO state members.

The Ukrainian military sent awards to One Fist - a team of hackers, across the globe, who have stolen data from Russian military organizations and spied on troops via hacked cameras .

Hacktivists RGB-TEAM claimed to have hacked Russia's prosecutor general website and obtained Russian criminal records from the past 30 years (between 1993 and 2022).

Cybersecurity Justice

Europol and law enforcement from 19 countries shut down the largest phishing-as-a-service platform, LabHost. The year-long investigation uncovered at least 40 000 phishing domains linked to LabHost’s 10 000 users.

Two companies and four individuals, said to have perpetrated "malicious" cyber activities for the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command, were sanctioned by the U.S. Department of the Treasury’s Office of Foreign Assets Control .?

The hacker, who breached a Finnish psychotherapy center, is sentenced to over six years in prison .

FinTech Updates

LockBit claimed to have hacked the D.C. Department of Insurance, Securities and Banking (DISB) and stolen 800GB of data.

Google filed a suit against two developers, who are said to have made and uploaded 87 fake investment apps to the Google Play Store .?

The two cryptocurrency mixer Samourai Wallet founders have been charged for laundering over $100 million and the unlicensed transmission of over $2 billion .

Court convicts trader, behind $110 million theft from cryptocurrency exchange platform Mango Market .

The US Justice Department sentenced OneCoin's Head of Legal and Compliance to four years of imprisonment .

Hacker of decentralized cryptocurrency exchange platforms, the "Crypto Exchange" and "Nirvana", is sentenced to three years of imprisonment .?

Two individuals, behind an alleged scheme to distribute the Hive RAT trojan, have been arrested in the US and Australia .

The Department of Justice unsealed an indictment against a perpetrator believed to have carried out a cryptojacking scheme , during which he stole more than $3.5 million worth of computing resources from two cloud computing services.

Russia charged six believed hackers, who are said to be behind the theft of 160,000 credit cards from international digital stores.

Cybersecurity News Across The Globe

• One of the biggest lenses and optical gear manufacturers’, Japan-based Hoya Corporation, production may have been affected due to an “IT system incident” .
• Hacktivists, Belarusian Cyber-Partisans, claimed to have breached the country's largest fertilizer manufacturer for its supposed role in political repression .
• A German database company's, GBI Genios, operations were affected by a ransomware attack.

This month, AMATAS was recognized by HeartCount as a “High Team Satisfaction” achiever and top performer in seven categories (team satisfaction, well-being, feedback, output, allegiance, relationship, and delight).

AMATAS will continue to monitor this space and deliver salient information regularly.?

Stay tuned for our next report and if you are interested in any of our privacy and cybersecurity services, please do reach out through our website www.amatas.com or by e-mailing [email protected] .

As always – be vigilant, stay alert, and think twice.