Tag Archive for: daring

Silicon Heist: Notorious LockBit 3.0 Ransomware Gang Targets World’s Biggest Chip Maker TSMC in a Daring $70M Ransom

/in


The LockBit 3.0 ransomware group is shaking the tech world, aiming a $70M ransom gun at TSMC, the world’s largest dedicated chip foundry. Non-payment threats include publishing network entry points, passwords, and logins – a potential Armageddon for the semiconductor behemoth and its mega-clients, including Apple, Qualcomm, and Nvidia.

Updated Jun 30, 2023 | 11:32 AM IST

The Silicon Underworld Rises: A Sinister 70M Ransom

KEY HIGHLIGHTS

  • LockBit 3.0 targets TSMC, world’s largest chip foundry, demanding a staggering $70M digital ransom.
  • A TSMC data breach could send shockwaves across the tech industry, impacting major clients including Apple, Qualcomm, and Nvidia.
  • LockBit 3.0 threatens to expose network access points, passwords, and logins if the ransom is not paid.
In an audacious cyber stunt, the LockBit 3.0 ransomware group has set its sights on the colossal titan of the semiconductor industry , the Taiwan Semiconductor Manufacturing Company Limited ( TSMC ). Notoriously shaking up the digital underworld, the group has demanded an eye-watering $70 million to avoid leaking sensitive data and network details. The startling news has sent tremors through the global tech industry, given the immense repercussions this could have for TSMC’s high-profile clientele, including tech behemoths like Apple , Qualcomm , and Nvidia .

LockBit 3.0 DarkWeb Leaksite

LockBit 3.0: The DarkWeb’s Demanding Deities

The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing & Analysis Center (MS-ISAC) define LockBit 3.0 operations as a Ransomware-as-a-Service (RaaS) model. This model follows a trajectory from previous versions of the ransomware, LockBit 2.0, and LockBit. The rapid adaptation and diversified tactics of LockBit affiliates pose a significant challenge for network defense and mitigation.

The Dreadful Digital Drill

The cyber villains gain initial access via a range of invasive tactics, including remote desktop protocol (RDP) exploitation, drive-by compromise, phishing campaigns, and the abuse of valid accounts. Once they’ve breached the perimeter, they…

Source…

Teen hacker arrested in Spain following daring cyberattacks

/in


What just happened? Police in Spain have arrested a teenager named José Luis Huertas who they claim stole confidential data on more than half a million taxpayers from the national revenue service. The 19-year-old, who is known by multiple aliases including ‘Alcaseca,’ Mango,’ and ‘chimichurri,’ is also believed to be behind multiple other high-profile cyberattacks.

Policia Nacional said Huertas is one of the most dangerous hackers in the country, and is responsible for creating a search engine called ‘Udyat’ (‘The Eye of the Horus’) to facilitate the selling of stolen data. In an online interview, he also claimed to have access to the personal data of more than 90 percent of the Spanish population.

The leaked data reportedly includes account numbers, bank balances, and other private and confidential information of Spanish citizens. Authorities believe Huertas would have used the stolen data to create an online database and sold it to third parties for a profit. According to investigators, much of his illegal activity was monetized through cryptocurrencies.

Huertas is described as a ‘serious’ national security threat by the Spanish police due to the magnitude of his cyberattacks and the sensitivity of the data he stole. He is said to be an expert in crypto assets and hiding the money trail with complex digital maneuvers meant to throw investigators off his scent.

According to Bleeping Computer, Huertas is also accused of stealing €300,000 from Paolo Vasile, the CEO of Gestevisión Telecinco/Mediaset España. Other charges against him include attacking high-state institutions and money laundering.

His arrest was the result of an investigation that started in November 2022 after he allegedly hacked into the computer network of the General Council of the Judiciary and accessed sensitive data controlled by several public institutions, including the State Tax Administration Agency.

Huertas is said to have lived a life of luxury that the police say is not commensurate with his age, especially for someone without a steady source of income. He allegedly made expensive trips, wore luxury labels, frequented fashionable entertainment venues, and even drove a…

Source…

Cyber hackers steal $600m in daring cryptocurrency heist after spotting ‘vulnerability’ in blockchain site

/in


HACKERS have stolen $600 million in a daring cryptocurrency heist after spotting a blockchain vulnerability.

In one of the biggest ever cryptocurrency thefts, the cyber criminals exploited a vulnerability in Poly Network, a platform that looks to connect different blockchains so that they can work together.

Hackers have made off with hundreds of millions of dollars in cryptocurrency

1

Hackers have made off with hundreds of millions of dollars in cryptocurrencyCredit: Getty

A blockchain is where encrypted data can be supposedly transferred securely, making it nearly impossible to duplicate or counterfeit.

The site said the hackers have taken thousands of digital tokens such as Ether.

“The amount of money you hacked is the biggest one in the defi history,” Poly Network said in a tweeted message to the thieves, using a reference to decentralised finance involving cryptocurrency.

The platform added that the money as stolen from “tens of thousands of crypto community members”.

Poly Network threatened police involvement, but also pleaded with the hackers to “work out a solution”.

The site said an initial probe investigation found a hacker exploited a “vulnerability between contract calls”.

About $267m of Ether currency has been taken, $252m of Binance coins and roughly $85 million in USDC tokens.

Once the hackers stole the money, they began to send it to various other cryptocurrency addresses, CNBC reports.

Researchers at security company SlowMist said a total of more than $610 million worth of cryptocurrency was transferred to three different addresses.

SlowMist said that their researchers had “grasped the attacker’s mailbox, IP, and device fingerprints” and are “tracking possible identity clues related to the Poly Network attacker”.

The researchers concluded that the theft was “likely to be a long-planned, organized and prepared attack”.

LONG PLANNED ATTACK

The site urged cryptocurrency exchanges to “blacklist tokens” coming from the addresses that were linked to the hackers.

Cryptocurrency systems have been were developed independently, so have struggled to work in conjunction with each other.

Each digital coin has its own blockchain and they’re different to each other but Poly Network claims to be able to make these various blockchains…

Source…

Cautionary tale: What happens after daring elite hackers to hack you?

/in

After all the big breaches reported last year, Real Future’s Kevin Roose wanted to see how well he would fare in a personal pen-test. Issuing such a “hack me” challenge is rarely wise as New York University Professor and PandoDaily editor Adam Penenberg found out a few years ago after asking TrustWave to hack him if it could. Roose posted a video showing “what happens when you dare expert hackers to hack you” and the resulting pwnage was not pretty.

To read this article in full or to leave a comment, please click here

Network World Security