1. DarkGate Malware Replaces AutoIt with AutoHotkey in Latest Cyber Attacks
DarkGate, a nasty malware-as-a-service (MaaS) program, is evolving its attack methods to bypass security software. This sneaky software, active since 2018, is now using AutoHotkey, a less common scripting tool, to deliver its final malicious payload in version 6.
Here's a quick breakdown of the changes:
- New Delivery Method: Previously, DarkGate relied on AutoIt scripts. Now, it leverages AutoHotkey, making detection trickier.
- Evolving for Evasion: DarkGate keeps updating its tactics to stay ahead of security solutions. This version focuses on features that avoid detection.
- Feature Revamp: Version 6 introduces new functionalities like audio recording and mouse/keyboard control while removing some features from previous versions (like privilege escalation and cryptomining) - possibly to reduce its attack signature.
- Limited Customers, Limited Needs? The feature removal might also be due to a small customer base with specific needs.
2. AI Company Hugging Face Detects Unauthorized Access to Its Spaces Platform
Hugging Face, a popular platform for creating and sharing AI models, has disclosed unauthorized access to its Spaces platform. While the exact number of affected users remains unknown, the company is urging users to take action.
- Security Breach: Hugging Face detected unauthorized access to its Spaces platform, potentially exposing some user secrets.
- Protect Your Keys: The company is revoking potentially compromised tokens and recommends all users refresh their keys and switch to the new, more secure "fine-grained access tokens."
- Investigation Underway: Hugging Face is investigating the incident and has notified law enforcement and data protection authorities.
- AI Security Concerns: This breach highlights the growing security concerns surrounding AI platforms, as attackers could potentially exploit them for malicious purposes.
3. CROOKS Stole More Than $300M Worth of BITCOIN from the Exchange DMM BITCOIN
DMM Bitcoin, a Japanese cryptocurrency exchange, suffered a major security breach resulting in the theft of approximately $304 million worth of Bitcoin.
- Loss Confirmed: Hackers stole 4,502.9 Bitcoin (BTC) from DMM Bitcoin wallets.
- Customer Reassurance: DMM Bitcoin assures users that their deposits are guaranteed and will be reimbursed.
- Limited Services: To prevent further loss, DMM Bitcoin has temporarily suspended account openings, cryptocurrency withdrawals, and specific trading options.
- Investigation Ongoing: DMM Bitcoin is investigating the attack but has not yet disclosed details.
- Historic Theft: This hack ranks as the eighth-largest crypto heist ever, according to Elliptic, a cryptocurrency security firm.
4. Major German party CDU Hit by Sophisticated Cyberattack Ahead of EU Elections
The Christian Democratic Union (CDU), Germany's main opposition party, has been targeted by a sophisticated cyberattack, prompting the party to take parts of its IT infrastructure offline. The attack was confirmed by Germany's Federal Ministry of the Interior (BMI) and is considered "serious" ahead of the European Parliament elections on June 6-9.
- The BMI has informed all German parliamentary parties about the incident and is intensifying protective measures.
- The CDU has launched its own investigation and taken down certain sections of its IT infrastructure.
- The party holds 152 out of 736 seats in the Bundestag and has a membership exceeding 370,000.
The cyberattack highlights the growing threat of politically motivated cyberattacks in Europe.
5. Mysterious Cyber Attack Took Down 600,000+ Routers in the U.S.
- A large-scale cyberattack in October 2023 took down over 600,000 routers in the US, disrupting internet access for many.
- The attack, codenamed "Pumpkin Eclipse" by Lumen Technologies, targeted a single internet service provider (ISP) and specifically affected three SOHO router models: ActionTec T3200, T3260, and Sagemcom.
- The routers were permanently damaged ("bricked") and required replacements.
- The specific ISP hasn't been revealed, but evidence suggests it might be Windstream, due to a reported outage around the same time.
- Users with the affected router models likely experienced internet connection loss and a "steady red light" on their devices.
- The attackers used a common malware called Chalubo to gain access to the routers.
- The exact method of initial infection is unknown, but weak credentials or exploited vulnerabilities are suspected.
- Once in, attackers deployed scripts to download and launch Chalubo, which ultimately bricked the devices.
To stay updated in the cyber security sphere visit our Blogs and subscribe to our newsletter.
Feel free Contact Us to let us help you secure your cyber space.
