Tag Archive for: infamous

‘Infamous Chisel’ malware threat flagged by global security agencies

/in


A coalition of security agencies from Canada, Australia, New Zealand, the United States, and the United Kingdom has raised alarm over a new malware targeting digital currency exchanges and their wallets.

Per a joint security report, the malware targets only Android devices, stealing a trove of personal information from victims. Dubbed the “Infamous Chisel,” the malware has links with Sandworm, a state-backed entity under Russia’s military, according to the report.

The malware was originally designed to extract information from the Ukrainian military as part of a cyberwarfare strategy. However, an analysis of the inner workings of the malware indicates that its application is not limited to military use cases but extends to digital assets as well.

Infamous Chisel has been shown to extract data within the directories of digital currency exchanges, including Binance and Coinbase (NASDAQ: COIN). Per the report, the malware also extracts information from Trust Wallet, but the extent of the financial damage remains unclear.

“The malware periodically scans the device for information and files of interest, matching a predefined set of file extensions,” read the joint report. “It also contains functionality to periodically scan the local network collating information about active hosts, open ports, and banners.”

According to the report, bad actors behind the malware rely on the Tor network to cover their tracks while siphoning data from affected devices.

Despite anonymous communication tools, the joint report surmised that Infamous Chisel makes only an insignificant attempt towards the “concealment of malicious activity.” Experts say the absence of stealth techniques is linked to the lack of “host-based detection systems” for Android devices.

However, the malware makes up for its lack of stealth techniques and extensive functionalities. Aside from data extraction, Infamous Chisel is capable of traffic collection, network scanning, SSH access, remote access, SCP file transfer, and network monitoring.

Agencies contributing to the report include:

  • The U.K. National Cyber Security Centre (NSCS).
  • The U.S. Federal Bureau of Investigation (FBI).
  • The U.S. Cybersecurity and…

Source…

Russian State-Backed ‘Infamous Chisel’ Android Malware Targets Ukrainian Military

/in


Russian Hackers

Cybersecurity and intelligence agencies from Australia, Canada, New Zealand, the U.K., and the U.S. on Thursday disclosed details of a mobile malware strain targeting Android devices used by the Ukrainian military.

The malicious software, dubbed Infamous Chisel and attributed to a Russian state-sponsored actor called Sandworm, has capabilities to “enable unauthorized access to compromised devices, scan files, monitor traffic, and periodically steal sensitive information.”

Some aspects of the malware were uncovered by the Security Service of Ukraine (SBU) earlier in August, highlighting unsuccessful attempts on part of adversaries to penetrate Ukrainian military networks and gather valuable intelligence.

Sandworm, also known by the names FROZENBARENTS, Iron Viking, Seashell Blizzard, and Voodoo Bear, refers to the Russian Main Intelligence Directorate’s (GRU) Main Centre for Special Technologies (GTsST).

Active since at least 2014, the hacking crew is best known for its string of disruptive and destructive cyber campaigns using malware such as Industroyer, BlackEnergy, and NotPetya.

In July 2023, Google-owned Mandiant said that the malicious cyber operations of GRU adhere to a playbook that offers tactical and strategic benefits, enabling the threat actors to adapt swiftly to a “fast-paced and highly contested operating environment” and at the same time maximize the speed, scale, and intensity without getting detected.

Cybersecurity

Infamous Chisel is described as a collection of multiple components that’s designed with the intent to enable remote access and exfiltrate information from Android phones.

Besides scanning the devices for information and files matching a predefined set of file extensions, the malware also contains functionality to periodically scan the local network and offer SSH access.

“Infamous Chisel also provides remote access by configuring and executing TOR with a hidden service which forwards to a modified Dropbear binary providing a SSH connection,” the Five Eyes (FVEY) intelligence alliance said.

A brief description of each of the modules is as follows –

  • netd – Collate and exfiltrate information from the compromised device at set intervals, including from app-specific…

Source…

Infamous British Hacker ‘PlugwalkJoe’ Receives Five-Year US Prison Sentence for Cryptocurrency Theft

/in


Join Our Telegram channel to stay up to date on breaking news coverage

In a groundbreaking ruling, British hacker Joseph O’Connor, known as PlugwalkJoe in the online world, has been handed a five-year prison sentence in the United States.

Notorious British Hacker Sentenced to Five Years in US Prison for Cryptocurrency Theft

British hacker Joseph O’Connor, who is famously recognized as PlugwalkJoe in the digital realm, has received a significant five-year prison sentence in the United States. Following his arrest in Spain in July 2021, O’Connor was subsequently extradited to the US on April 26, 2023. His guilty plea in May encompassed various charges related to computer intrusions, wire fraud, and money laundering conspiracies.

The announcement of O’Connor’s sentencing was disclosed by the US Attorney’s Office for the Southern District of New York on June 23.

According to the statement, O’Connor has not been named, but it confirms that he gained unauthorized access to the accounts and computing systems of the exchange where the targeted executive worked by employing a SIM-swapping technique.

The court’s ruling includes not only the prison term but also a three-year period of supervised release. Additionally, O’Connor has been ordered to forfeit the exact amount he pilfered, which totals $794,012.64.

Furthermore, O’Connor’s criminal activities extend beyond the aforementioned SIM swap attack. He and his accomplices orchestrated the high-profile Twitter hack in July 2020, which netted them approximately $120,000 in stolen cryptocurrency.

The Twitter hack involved the deployment of social engineering techniques and SIM-swapping attacks, enabling O’Connor and his associates to seize control of around 130 prominent Twitter accounts.

Other Illegal Activities

In addition to their activities on Twitter, the group of cybercriminals also gained unauthorized access to two prominent accounts on TikTok and Snapchat. Exploiting their scheme, they deceived unsuspecting Twitter users and profited by selling access to compromised accounts.

One notable incident involved O’Connor attempting to blackmail a Snapchat victim by threatening to release private messages…

Source…

Sun Pharma Hit by Infamous Ransomware Group ALPHV BlackCat

/in


ALPHV BlackCat, the notorious ransomware group, has now come out and listed the Sun Pharmaceutical breach on their leak site on the darknet.

Updated Mar 25, 2023 | 10:48 PM IST

ALPHV BlackCat Strikes Again: Sun Pharma Latest Victim of Devastating Ransomware Attack with Threats to Release Sensitive Data!

On March 2nd 2023, drugmaker Sun Pharmaceutical reported an “information security incident” at the company, adding that the “impacted IT assets have been isolated”.

“The incident has not impacted our core systems and operations. The company is investigating the matter, and appropriate containment and remediation actions are being taken in a controlled manner to address the incident,” Sun told the Bombay Stock Exchange.

ALPHV, the threat actors behind the data breach , have now come out and listed the Sun Pharma ceutical breach on their leak site on the darknet. ALPHV, states on their leak site blog that their teams have been trying to establish a dialogue with Sun Pharmaceuticals. However, “but they (Sun Pharma) apparently decided that we would tolerate their clown attitude towards us. So it’s time to reveal some information about them.”
ALPHV is a ransomware group, they first infiltrate vulnerable systems, and then encrypt the data or the complete system. The group would then ask the company to pay a ransome to get the encryption key back. They also employ data exfiltration tactics. While many smaller companies give in, and that is why ransomware groups are growing in numbers. The I.T team at Sun Pharma did try to catch the hackers, the group in the blog post states that, “Also, their IT department is trying to catch us in their network (yes, we are still in their network), setting up dozens of honeypots in the hope that be caught after all.”

ALPHV BlackCat’s post on their Darknet Leak Site

Their claim of still having access to Sun Pharma’s network is quite a statement as the breach was first reported on March 2nd of this year. To get back at Sun Pharma, the ransomware group has posted screenshots of data samples on their leak site, in addition to a 28mb data sample. The group also claims that they have over 17TB (17000 GB) of data from the Indian Pharmaceutical major….

Source…