We have collected the most important news from the world of cybersecurity for the week.
- Scientists from the USA were able to calculate geolocation through the manipulation of SMS.
- The FBI has offered a $10 million reward for information about the Cl0p hackers.
- The database of the BreachForums darknet forum has been leaked to the network.
- In the Russian Federation legalized fines for “illegal use of foreign messengers”.
Scientists from the USA were able to calculate geolocation through the manipulation of SMS
American scientists from Cornell University, as part of the Freaky Leaky SMS attack, were able to calculate the location of the recipient with high accuracy, focusing on the time of sending message delivery reports.
SMS status information is being processed SMSC. At the same time, routing delays occur in the process of propagation through network nodes. The machine learning algorithm developed by the researchers calculates the predictable travel time of standard signaling routes based on the constant characteristics of mobile networks.
An attack requires a number of additional metrics, including the known location of the target.
Next, the victim needs to send several SMS disguised as advertisements or “silent” messages, notifications of which are not displayed on the recipient’s device.
The SMS delivery time measurements are combined in each case with the corresponding location signatures.
As part of the experiment, the authors of the article sent packets of 20 messages every hour for three days to several test devices in the United States, the United Arab Emirates and several European countries, covering a dozen operators with various communication technologies.
As a result, they determined the location of the recipient with an accuracy of up to 96% in different countries and up to 86% for two locations within the same country.
Despite the complexity of the attack and a number of practical limitations, experts suggest that it potentially threatens user privacy.
FBI Offers $10 Million Reward for Information on Cl0p Hackers
The US Cybersecurity and Infrastructure Protection Agency and the FBI have announced a $10 million reward for information about the Cl0p ransomware group.
Advisory from @CISAgov, @FBI: https://t.co/jenKUZRZwt
Do you have info linking CL0P Ransomware Gang or any other malicious cyber actors targeting US critical infrastructure to a foreign government?
Send us a tip. You could be eligible for a reward.#StopRansomware pic.twitter.com/fAAeBXgcWA
— Rewards for Justice (@RFJ_USA) June 16, 2023
The announcement follows a massive attack in May that hit 85 organizations at the time of writing, including PwC, Ernst & Young, Medibank and Metro Vancouver Transit Police.
Using SQL-Vulnerability in the MOVEit Transfer managed file transfer solution, hackers infected devices with malware and stole information from databases. Under the threat of a drain, the attackers demand multimillion-dollar ransoms.
Law enforcement officers are collecting information about the connection of Cl0p and other attackers targeting critical US infrastructure with foreign governments.
Darknet forum database leaked online BreachForums
On June 19, a table of registered users of the closed darknet forum BreachForums appeared in the public domain. This is reported by the Telegram channel “Information Leaks”.
The partial dump contains 4202 entries with logins, hashed passwords, emails and registration IP addresses.
According to experts, the hacking was organized by competing groups.
In parallel, a court in Amsterdam sentenced 25-year-old hacker Erkan Sezgin to three years in prison for selling hacked data on another closed darknet forum, RaidForums, phishing, and laundering more than €700,000 in cryptocurrencies.
US mobile accessories maker discovers hack two months later
The popular American manufacturer of accessories for mobile devices, iOttie, has reported that its website has been hacked. The incident occurred on April 12, but the company discovered it only on June 13.
During this time, the site collected customer credit card information, as well as their personal information, including names, access codes, and account PINs.
iOttie reported 241 casualties.
Russia legalizes fines for “illegal use of foreign messengers”
The State Duma in the third reading adopted a law on the introduction of administrative liability for “illegal use of foreign messengers” when sending personal and financial information.
The normative act applies only to departments and officials, it will not affect ordinary users.
The list of banned messengers includes:
- Discord;
- Microsoft Teams
- Skype for Business;
- snapchat;
- Telegram;
- threema;
- viber;
- whatsapp;
- WeChat.
For their use, officials face a fine of 30,000 to 50,000 rubles, legal entities – from 100,000 to 700,000 rubles.
The law will come into force from the moment of its official publication.
Experts found LockBit malware for different operating systems
LockBit ransomware operators have developed malware samples for various operating systems. This was reported by experts from Kaspersky Lab.
They found a ZIP file with modules for different platforms, including Apple M1, ARM v6, ARM v7, FreeBSD. All variants are based on an earlier version of the malware, LockBit Linux/ESXi.
Experts also found that for some time LockBit has been using the code of other, lesser-known hacker groups, such as BlackMatter and DarkSide. This simplifies the activities of potential partners and expands the scope of possible attacks of the LockBit ransomware itself.
The latest data from Kaspersky Threat Attribution Engine showed that the LockBit Green sample variant uses approximately 25% of the code written by the now defunct Conti ransomware group.
Also on ForkLog:
What to read on the weekend?
In a special article, we consider practices for protecting bitcoin wallets.
Found a mistake in the text? Select it and press CTRL+ENTER
ForkLog Newsletters: Keep your finger on the pulse of the bitcoin industry!
.