“Spying on the Russian Federation” through Apple, a major leak of Super VPN and other cybersecurity events


We have collected the most important news from the world of cybersecurity for the week.

  • The FSB announced the hacking of thousands of Apple phones by US intelligence agencies.
  • Super VPN database with 360 million records leaked to the network.
  • The State Duma of the Russian Federation adopted a law on the confiscation of property of hackers.
  • RaidForums user data appeared on a new darknet platform.

FSB says 1,000 Apple phones have been hacked by US intelligence agencies

The Federal Security Service of the Russian Federation (FSB) announced the exposure of a spy operation by US intelligence agencies, carried out by hacking thousands of Apple devices.

According to the department, the studied phones, through “software vulnerabilities provided by the manufacturer,” were infected with unknown malware that allows you to monitor users.

Among the victims are Russian subscribers, foreign diplomats based in the Russian Federation, the former Soviet republics, NATO countries, Israel, Syria and China, as well as dozens of employees of the cybersecurity company Kaspersky Lab.

The latter’s CEO, Evgeny Kaspersky, described the incident as an “extremely sophisticated, professionally targeted cyberattack” targeting “top and mid-level” employees.

At the same time, Kaspersky Lab researchers stated that they independently discovered anomalous traffic in the corporate Wi-Fi network around the beginning of the year. However, the oldest traces of infection date back to 2019. The company passed this information on to the computer emergency response team.

Based on the results of the investigation, the FSB concluded that there was “close cooperation” between Apple and NSAbut did not provide evidence that the corporation was involved in or knew about the spy campaign.

Apple denied the allegations in an interview with Reuters. The NSA declined to comment.

Super VPN database leaked with 360 million records

Popular free service Super VPN accidentally exposed more than 360 million records of its users. Researcher Jeremy Fowler drew attention to this.

The 133 GB database contained email addresses, source IP addresses, geolocation, and records of the VPN servers used.

Data: vpnmentor.

Among the leaked information were also secret keys, unique identifiers of application users and their numbers. UUIDwhich you can use to get more information (about your phone or device model, operating system, internet connection type, and version of the VPN app).

In addition, the database included payment information and links to sites visited by users.

The combined number of Super VPN downloads on Google Play and the App Store exceeds 100 million.

After receiving a notification from the researcher, the owners of the service reconfigured the database. Officially, they did not comment on the incident.

The State Duma of the Russian Federation adopted a law on the confiscation of property of hackers

On May 30, the State Duma of the Russian Federation adopted a law on the confiscation of property obtained as a result of hacker attacks and other crimes in the field of computer information.

The withdrawal procedure will apply in the following cases:

  • illegal access to legally protected computer information;
  • impact on the critical information infrastructure of the Russian Federation;
  • creation, use and distribution of malicious programs;
  • violation of the rules for the operation of means of storage, processing or transmission of computer information;
  • if the act entailed “destruction, blocking, modification or copying of computer information” and major damage.

A number of experts in a commentary to RBC suggested that, theoretically, cryptocurrencies could also fall under the scope of the article, since at the legislative level they are equated with property.

RaidForums User Data Appears on New Darknet Platform

One of the administrators of the darknet forum Exposed, under the nickname Impotent, published the personal data of 478,000 users of the now closed hacker platform RaidForums. Reported by Bleeping Computer.

Data: Bleeping Computer.

The SQL file contains registration information for the period March 20, 2015 to September 24, 2020, including usernames, email addresses, hashed passwords, and registration dates. Part of the information has been removed from the dump, and its creator is unknown.

The journalists noted that the database was most likely already available to law enforcement after the takeover and liquidation of RaidForums in April 2022. However, this information may be useful for information security researchers who are profiling intruders.

Hackers announced the theft of information from the database “Tasty – and that’s it»

Unidentified people have posted in the public domain a file with the data of job seekers on the Vkusno — i dot network for the period from January 1, 2018 to May 25, 2023. This is reported by the Telegram channel in2security.

The database consists of 295,914 lines containing full name, age, citizenship, phone number (215,677 unique numbers), vacancy, place and job status, test result for applicants, and other service information.

Data: in2security.

According to media reports, the security service and the IT department of the fast food restaurant chain are already checking information about the leak.

Medium platform blocked in Russia

On May 31, Roskomnadzor restricted access to all domains and subdomains of the Medium social journalism platform in the Russian Federation.

In a media commentary, the agency explained the blocking by “failure to remove false information” about the war in Ukraine.

Medium was launched in 2012 by Twitter co-founders Evan Williams and Biz Stone. According to SimilarWeb, medium.com is one of the top 500 most visited sites with almost 130 million unique users per month.

More than 421 million downloaded malware found on Google Play

Doctor Web specialists detected the Trojan module Android.Spy.SpinOk in more than a hundred applications from the Google Play store, downloaded more than 421 million times in total.

Found malware collects information about files stored on devices, transfers them to attackers, and can also replace and upload the contents of the clipboard to a remote server.

The malware keeps users in apps with the help of mini-games, a task system, as well as alleged prize draws.

During initialization, the Trojan connects to the command and control server, sending a request to it containing a lot of technical information about the infected device, including sensor data. This allows attackers to correct the operation of a malicious application, avoiding its detection.

The researchers alerted Google of the identified threat.

Also on ForkLog:

What to read on the weekend?

In an exclusive ForkLog article, we tell you how MiCA will change the tracking of cryptocurrency transfers in the EU and its impact on the fight against money laundering.

Found a mistake in the text? Select it and press CTRL+ENTER

ForkLog Newsletters: Keep your finger on the pulse of the bitcoin industry!


Leave a Reply