Newsletters

Israeli hacking tools maker Cellebrite has banned the Serbian government from using its products, citing misuse of its technology.

The company's decision comes after an Amnesty International report last December accused Serbian law enforcement of using Cellebrite tools to unlock phones and install spyware on the devices of anti-government dissidents and journalists.

Amnesty says this usually happened while victims were being interrogated by police. Their phones were taken away and then returned to them with spyware installed.

The Financial Times has reported that Peter Navarro, one of President Trump's closest advisors, is pushing for the US to remove Canada from the Five Eyes intelligence alliance.

Trump has said he wants to make Canada the 51st American state amid a tariff dispute. Per the FT:

Navarro did not respond to Financial Times requests for comment, but denied pushing the idea after the article was published. Per The Hill: 

Signal Foundation president Meredith Whittaker says the secure messaging app will leave Sweden if the government there passes a new surveillance bill.

The Swedish government is scheduled to discuss a bill next month that would force communication providers to allow police and security services access to message content.

Whittaker told Swedish national public television SVT that adding such a backdoor would undermine its entire network and users across the world, not just in Sweden.

North Korean hackers have stolen over $1.5 billion worth of crypto assets from Bybit, the world's second-largest cryptocurrency exchange.

The incident represents the largest crypto-heist in history (and the largest heist of any kind as well) and is almost 2.5 times larger than the previous leader—the theft of $625 million from the Ronin Network in April 2022.

The hack took place on Friday, February 21, and is considered one of the most complex crypto-heists ever pulled.

Internal strife and conflicts appear to have led to the implosion of another successful Ransomware-as-a-Service platform—this time, BlackBasta, one of last year's most active ransomware groups.

Everything came crashing down last week when one of the BlackBasta members leaked the group's internal Matrix chat logs on the dark web.

The leaker said they shared the data after one of the BlackBasta affiliates launched brute-force attacks targeting Russian banks—a move the leaker didn't agree with because they feared it would trigger an aggressive response from Russian authorities.

US Senator Mark Warner has floated an idea to deal with Salt Typhoon's compromise of US telecommunications networks, basically telling China: get out of our networks or we'll hack yours.

Essentially, Warner’s comments imply that the threat of US hacking could force an understanding between the two nations to stay out of each other's telcos. 

However, we believe the US would be better off just pulling the trigger on its own, similar campaign if it hasn't already. 

A recent CISA report and a series of tweets from Equinix threat intel analyst Will Thomas made me realize that quite a few infosec and adjacent cybersecurity experts are not fully aware that paying ransoms to a rising ransomware crew named RansomHub carries quite a high risk of breaking US sanctions.

The group launched in February 2024, when it started advertising its Ransomware-as-a-Service offering in underground hacking forums.

They got incredibly lucky because, just three weeks later, law enforcement agencies across the globe dismantled LockBit, which was, at the time, the largest RaaS platform on the market.

No intro in this edition since I was traveling over the weekend.

Risky Business is now on YouTube with video versions of our main podcasts. Below is our latest weekly show with Pat and Adam at the helm!

Ukraine hacks Gazprom contractors: Ukraine's military intelligence agency GUR claims to have hacked Gazstroyprom, Gazprom's main construction contractor. GUR hackers have allegedly wiped over 120 servers and more than 10,000 computers. The attack is believed to have impacted Gazprom's ability to build and maintain its oil and gas infrastructure. The hack comes as Ukraine continues to bomb Russian oil and gas infrastructure using drones. [Additional coverage in UNN]

Apple has refused to obey a UK Government order to provide access to encrypted iCloud data in the latest failure by authorities to mitigate the proliferation of 'warrant proof' encryption.

The Washington Post revealed the existence of the UK Government order, known as a Technical Capability Notice (TCN), last week: 

The TCN is designed to preserve lawful access to cloud data stored with Apple's Advanced Data Protection, which was rolled out as an opt-in service in November 2022. The service effectively locks Apple (and law enforcement) out of a user's iCloud storage by encrypting it with keys that only that user can access. 

A threat actor has compromised the AdsPower browser platform and injected malicious code that modified third-party crypto wallet extensions and stole user funds.

The breach took place on January 21 and went undetected for three days before the company removed the code and forcibly uninstalled all the targeted extensions from users' browsers.

According to SlowMist founder Yu Xian, the code worked as a backdoor that extracted mnemonic recovery phrases and private keys from the wallet extension and sent them to an attacker's server.