Spanish hacker arrested, UK offensive cyber principles, eFile malware
Prominent Spanish hacker arrested
Spanish police arrested José Luis Huertas, known by the alias Alcaseca, believed responsible from multiple notable cyberattack in the country. Among other activities, he created the Udyat search engine used for selling stolen personal information. Police launched an investigation into his activity back in November, after a network breach at Spain’s national council of the judiciary that stole data on over half a million taxpayers. He’s also charged with impersonating a media executive and money laundering.
The UK’s Offensive Cyber Capabilities Principles
The UK’s National Cyber Force, or NCF shared its principles it uses to conduct covert offensive cyber operations. The NCF qualified these by saying it “would rarely if ever get involved” if another response from the government would more effectively deal with a challenge from another nation state. Overall the NCF outline three overall principles, operations need to be accountable, precise, and calibrated. Its operation can include attacks against IT networks and technology to make it less effective or unable to function entirely. The document further places the NCF’s actions within the UK’s existing legal framework, attempting to show how the agency assess targets for escalation and de-escalation.
eFile site serving malware
Bleeping Computer confirmed that the IRS-authorized e-file software service provider eFile.com delivered a malicious JavaScript file since at least April 1st. Some users on Reddit reported seeing suspicious behavior with the eFile site as far back as mid-March. The file prompts users to download a next stage payload. Researchers at MalwareHunterTeam say this payload contained a Windows backdoor that could eventually give full access to machines, essentially communicating with a C2 server to enroll the machine into a full on botnet. The malware is no longer on the site, and did not impact the IRS’ e-file infrastructure. Antivirus solution are also reportedly spotting the malicious file.