Newsletters

Deepfake incident confirmed: British multinational design and engineering company Arup has confirmed that it is the company at the heart of a deepfake incident from February this year. The company lost $25 million after a scammer tricked one of its Hong Kong employees to send funds to a wrong bank account. The employee said he transferred the funds after the scammers invited him to a meeting with deepfake versions of his colleagues and the company's chief financial officer.

Pump.fun crypto-heist: A threat actor exploited a vulnerability in a smart contract to steal $2 million worth of tokens from DeFi platform Pump.fun. The hack took place on May 16, and the company described the incident as a flash loan attack. A threat actor named STACOverflow took public credit for the breach on Twitter. So far this year, hackers have stolen more than half a billion US dollars worth of crypto-assets. [Additional coverage in CryptoSlate]

Flutterwave hack: Hackers have stolen ₦11 billion ($7.3 million) from the accounts of Flutterwave, a Nigerian company that creates software for banks and financial services providers. The incident took place in April, according to African tech news outlet TechCabal. The stolen funds were sent to multiple accounts at local banks, from where they were laundered to new locations. This is Flutterwave's fourth hack over the past year. The company has now lost over ₦33 billion ($22 million) in four incidents since February last year.

Five days after a threat actor advertised Europol stolen data on a hacking forum, law enforcement agencies moved to seize the site.

Agencies from the US, the UK, Australia, New Zealand, Switzerland, and Iceland took down the second incarnation of BreachForums, a well-known hacking forum where threat actors went to sell, buy, and leak hacked data.

The takedown took place on May 15 and comes more than a year after authorities took down the site's first version in March 2023.

The burgeoning use of spyware in Southeast Asia, including Indonesia, presents risks to human rights, according to Amnesty International.

An Amnesty International report released at the beginning of May describes how Indonesian entities procure surveillance technologies through what it calls a "murky ecosystem of surveillance suppliers, brokers and resellers that obscures the sale and transfer of surveillance technology". 

Amnesty International and media collaborators including Haaretz and Inside Story used open source intelligence such as commercial trade databases and spyware infrastructure mapping to find: 

Lazarus breach: South Korea's intelligence agency NIS says North Korean hackers stole over 1,000 GB worth of data and documents from the country's court computer network. The intrusion took place between January 2021 and February 2023 and impacted the IT network of the Seoul court. Officials linked the hack to the Lazarus Group APT. [Additional coverage in Yonhap]

BC breach: The government of Canada's British Columbia province says a recent security breach is the work of a foreign state-backed threat actor. [Additional coverage in CBC]

Helsinki breach: The City of Helsinki in Finland has disclosed a data breach of its Education Division. The hack took place at the end of April through a vulnerability in a remote access server. Helsinki officials say the intruder gained access to files and personal data of both students and city education personnel. Officials say some of the stolen files contain sensitive information.

Another Europol breach: Europol has taken its EPE (Europol Platform for Experts) platform offline in the aftermath of a security breach. The agency started an investigation into the breach hours after a threat actor listed alleged Europol classified documents on a hacking forum. The data was leaked by a hacker named IntelBroker. The same individual previously claimed to have breached the US ICE, the US DOD, HPE, and security firm Zscaler. This marks Europol's second data breach after a first incident in March of last year. [Additional coverage in BleepingComputer]

Christie's hack: The Christie's auction house shut down its website last week in the aftermath of a cyberattack. The attack took place ahead of a week of major auctions expected to bring in around $840 million in sales. The company's website was supposed to allow remote customers to place bids for desired items. Christie's officials didn't share any details and described the incident as a "technology security issue." [Additional coverage in Artnet]

Ohio Lottery ransomware attack: The Ohio Lottery says the personal data of almost 540,000 customers was stolen in a ransomware attack last December. A ransomware group named DragonForce took credit for the incident. The group leaked more than 94GB of files in late January after the Ohio Lottery refused to pay the ransom.

Sixty-eight of the world's largest tech companies have signed a voluntary pledge to design and release products with better built-in security features.

The pledge is part of CISA's Secure by Design (SbD) initiative, a project the agency started last year to promote better cybersecurity baselines and practices.

Signatories include the likes of Amazon, Google, Microsoft, HPE, Cloudflare, and Netgear. The full list is in the table below.

Microsoft has finally embraced security as a top priority. This is great news for customers as the move will turbocharge competition between firms over which of them is most secure. 

Last week, Microsoft CEO Satya Nadella issued an all-hands memo making it clear that security was the company’s top priority. Nadella wrote:

Nadella also said part of senior leadership's compensation will be based on progress towards security milestones. 

Law enforcement agencies have doxed, charged, and sanctioned the administrator of the LockBit ransomware operation.

Officials say the LockBit admin—known as LockBitSupp—is a 31-year-old Russian national named Dimitry Yuryevich Khoroshev from the city of Voronezh in Southwest Russia.

On Tuesday, the US Justice Department unveiled a 26-count indictment in Khoroshev's name, claiming he personally pocketed more than $100 million from LockBit ransom payments. That's about a fifth of all LockBit ransom payments.

Microsoft has re-committed to prioritizing security, in a sign the company fears the reputational damage it stands to incur after a duo of facepalm-worthy hacks it suffered over the past year.

Back in November, Microsoft announced the Secure Future Initiative (SFI), a somewhat generic plan to overhaul the company's cloud security. The pinky promise to improve security came after a Chinese state-sponsored group hacked Microsoft in June and pivoted to US government networks.

A month later, in December, Microsoft revealed that days after its SFI announcement—by a stroke of irony—it also got hacked by Russian hackers, which then proceeded to steal data from its internal email server, including from executives and its security team (gasp!).

Reports on interesting and puzzling malware strains are quite rare in infosecland, where most of the time, you're bound to read about cryptominers, Mirai clones, and the same 5-6 malware loaders and infostealers over and over again.

This week, Lumen's Black Lotus Labs team published a report on a new malware strain named Cuttlefish that they found on both SOHO and enterprise-grade routers.

The interesting part about the report was that Cuttlefish appears to have been designed to work as a traffic interception system on the infected devices.