Tag Archive for: maker

Silicon Heist: Notorious LockBit 3.0 Ransomware Gang Targets World’s Biggest Chip Maker TSMC in a Daring $70M Ransom

/in


The LockBit 3.0 ransomware group is shaking the tech world, aiming a $70M ransom gun at TSMC, the world’s largest dedicated chip foundry. Non-payment threats include publishing network entry points, passwords, and logins – a potential Armageddon for the semiconductor behemoth and its mega-clients, including Apple, Qualcomm, and Nvidia.

Updated Jun 30, 2023 | 11:32 AM IST

The Silicon Underworld Rises: A Sinister 70M Ransom

KEY HIGHLIGHTS

  • LockBit 3.0 targets TSMC, world’s largest chip foundry, demanding a staggering $70M digital ransom.
  • A TSMC data breach could send shockwaves across the tech industry, impacting major clients including Apple, Qualcomm, and Nvidia.
  • LockBit 3.0 threatens to expose network access points, passwords, and logins if the ransom is not paid.
In an audacious cyber stunt, the LockBit 3.0 ransomware group has set its sights on the colossal titan of the semiconductor industry , the Taiwan Semiconductor Manufacturing Company Limited ( TSMC ). Notoriously shaking up the digital underworld, the group has demanded an eye-watering $70 million to avoid leaking sensitive data and network details. The startling news has sent tremors through the global tech industry, given the immense repercussions this could have for TSMC’s high-profile clientele, including tech behemoths like Apple , Qualcomm , and Nvidia .

LockBit 3.0 DarkWeb Leaksite

LockBit 3.0: The DarkWeb’s Demanding Deities

The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing & Analysis Center (MS-ISAC) define LockBit 3.0 operations as a Ransomware-as-a-Service (RaaS) model. This model follows a trajectory from previous versions of the ransomware, LockBit 2.0, and LockBit. The rapid adaptation and diversified tactics of LockBit affiliates pose a significant challenge for network defense and mitigation.

The Dreadful Digital Drill

The cyber villains gain initial access via a range of invasive tactics, including remote desktop protocol (RDP) exploitation, drive-by compromise, phishing campaigns, and the abuse of valid accounts. Once they’ve breached the perimeter, they…

Source…

Headset Maker Says ‘Ransomware Time-Bomb’ Bricked Its Devices

/in


A headset company is blaming a product malfunction on a contractor it says secretly installed malicious code into the firmware, which activated years later. But the contractor says the problem is the result of an expired software license.

The issue has been affecting owners of drone-flying headsets from Croatian company Orqa. This past weekend, customers saw their headsets mysteriously enter into a bootloader mode, essentially bricking(Opens in a new window) the goggles.

After investigating and trying to patch the problem, Orqa on Tuesday claimed(Opens in a new window) it had discovered the culprit. “We found that this mysterious issue was a result of a ransomware time-bomb, which was secretly planted a few years ago in our bootloader by a greedy former contractor, with an intention to extract exorbitant ransom from the company,” it said. 

“The perpetrator was particularly perfidious, because he kept occasional business relations with us over these last few years, as he was waiting for the code-bomb to ‘detonate,’ presumably so as not to raise suspicion,” Orqa added. 

The contractor also timed the attack to detonate during a long weekend, when many people outside the US had Monday off for International Workers’ Day.  

“Supposedly, this would put the company in the panic mode, and give the perpetrator a sufficient leverage to extort his ransom,” Orqa said. That’s because many consumers would have been flying their drones over the long weekend, including at drone races, while company staff were offline.

But it looks like the bricking wasn’t a traditional ransomware attack, but rather due to a corporate dispute. Over the weekend, a company called SWARG posted(Opens in a new window) on Facebook that it owned the copyrights to the firmware and “implemented a time-limited license into the code used” in the headsets.

Swarg statement


(Credit: Facebook)

SWARG is now demanding Orqa pay to receive an extended license. In the meantime, the contractor has posted a new firmware version on its Facebook page that can extend the license for Orqa customers until July.

Recommended by Our Editors

Orqa views the dispute differently, and claims SWARG is essentially trying to extort it for…

Source…

Israeli Phone Malware Maker QuaDream Apparently Ready To Call It Quits After Suffering A Little Negative Press

/in


from the cut-and-run dept

QuaDream, an NSO-alike with links to Israeli intelligence services, first made international headlines last year. And for the worst reasons. An investigation found QuaDream (much like NSO Group) sold iPhone-targeting malware to human rights violators. These sales were given a layer of plausible deniability, handled by a Cyprus-based company on behalf of QuaDream as it collected paychecks from garbage governments around the world.

Further investigations by Toronto’s Citizen Lab uncovered QuaDream’s links to abusive governments, as well as abusive deployments of its zero-click exploit to target journalists, activists, political opponents, and dissidents.

Now that it’s inadvertently shown its whole ass to the world, it appears QuaDream is shuttering its malware business. Or at least, it wants all of its critics to believe that’s what it’s doing. But this report from the Jerusalem Post indicates that, real or otherwise, QuaDream’s latest business move involves laying off several actual human beings.

Israeli cybersecurity company QuaDream reportedly summoned many of its 40 employees to a pre-termination hearing on Monday ahead of widespread layoffs, according to Globes.

This downturn (and its unfortunate effect on 40 QuaDream employees) is being blamed on everything but the company’s decision to sell to human rights abusers, engage in zero oversight of its products’ deployment, and it’s willingness to engage in ethically awful business practices.

QuaDream, which can only access iPhones (unlike NSO, which can also hack Android phones), wrote in a letter to court: “The crisis in the industry began due to the public disclosure of the activities of some of the companies from 2018 onward, which resulted in the fact that in November 2011, the US Chamber of Commerce put NSO and Candiru on its blacklist. Immediately after that, at the start of 2022, the regulator in Israel decided to reduce the number of countries to which it is allowed to sell the companies’ products in the industry from 102 to only 37, which caused a severe economic crisis in the entire industry.”

When you’re blaming a government for harming your business by…

Source…

EVERYONE in Cyber Security Should Understand Reversing (its EASY)

/in