Leaked Conti chats confirm gang’s ability to conduct firmware-based attacks
Members of the Conti group have been chatting, and copies of these chats leaked earlier this year, show how the ransomware gang has been working on firmware attack techniques which would give threat actors greater power, since they are harder to detect. They are also highly destructive, and attackers can use them to achieve long-term strategic goals. “Researchers from security firm Eclypsium discovered that the Conti ransomware gang was working on attacks targeting both UEFI/BIOS and the Intel Management Engine (ME) or Intel Converged Security Management Engine (CSME).”
Critical UNISOC chip vulnerability affects millions of Android smartphones
A critical security flaw has been uncovered in UNISOC’s smartphone chipset that could be potentially weaponized to disrupt a smartphone’s radio communications through a malformed packet. “Left unpatched, a hacker or a military unit can leverage such a vulnerability to neutralize communications in a specific location,” Israeli cybersecurity company Check Point said in a report shared with The Hacker News. “The vulnerability is in the modem firmware, not in the Android OS itself.” UNISOC, a semiconductor company based in Shanghai, is the world’s fourth-largest mobile processor manufacturer after Mediatek, Qualcomm, and Apple, accounting for 10% of all SoC shipments in Q3 2021, according to Counterpoint Research.
ExpressVPN removes servers in India after refusing to comply with government order
The Virtual Private Network (VPN) provider ExpressVPN has resorted to removing its Indian-based VPN servers as a response to a cybersecurity directive issued by the Indian Computer Emergency Response Team (CERT-In). The company said in a statement, that customers will “still be able to connect to VPN servers that will give them Indian IP addresses and allow them to access the internet as if they were located in India.” These Virtual India servers will be physically located in Singapore and the U.K. This situation is a result of data retention requirements that are due to take effect in Indian on June 27. These regulations require a VPN service provider to store subscribers’ real names, contact details, and IP addresses assigned to them for at least five years.
Clipminer malware actors steal $1.7 million using clipboard hijacking
Symantec’s Threat Hunter Team has determined that Clipminer, which has already earned $1.7 million in cryptocurrency mining and theft via clipboard hijacking so far, is “likely spread through Trojanized downloads of cracked or pirated software.” This redirects cryptocurrency transactions made on the infected computer simply by replacing a legitimate cryptocurrency wallet address that it has copied with a new addresses under the control of the hacker. “Clipminer uses addresses matching the prefix of the targeted original address to disguise the manipulation.”
Thanks to today’s episode sponsor, Feroot
Learn more at www.feroot.com.
Microsoft blocks Polonium hackers from using OneDrive in attacks
Microsoft has announced a block on the Lebanese based hacking group Polonium. It has been banned from using the OneDrive cloud storage platform “for data exfiltration and command and control while targeting and compromising Israeli organizations.” Microsoft has also suspended more than 20 OneDrive applications used in Polonium’s attacks, has notified the victim organizations and has quarantined the threat actors’ tools through security intelligence updates. “Though the attacks have mainly targeted Israel’s manufacturing, IT, and defense industry sectors since February 2022, Polonium operators have also likely coordinated their hacking attempts with multiple Iran-linked threat actors, according to Microsoft’s analysis.”
Chinese LuoYu hackers deploy cyber-espionage malware via app updates
LuoYu is a Chinese-speaking hacking group that is deploying the WinDealer information stealer malware by switching legitimate app updates with malicious payloads in man-on-the-side attacks. This is achived by monitoring targets’ network traffic for app update requests linked to popular Asian apps such as QQ, WeChat, and WangWang and replace them with WinDealer installers. “Once deployed, WinDealer helps the attackers search for and siphon large amounts of data from compromised Windows systems, install backdoors to maintain persistence, manipulate files, scan for other devices on the network, and run arbitrary commands.”
U.S. cybersecurity officials issue notice on Karakurt extortion group
The FBI, CISA and the Treasury Department-run Financial Crimes Enforcement Network have issued a joint advisory focusing on the Karakurt data extortion gang. The advisory warns that the group has created “significant challenges for defense and mitigation.” Karakurt doesn’t destroy or encrypt victim files, but instead steals data and threatens to publish it, making ransom demands between $25,000 and $13 million in bitcoin. Numerous independent cybersecurity researchers have confirmed that Karakurt is part of the Conti ransomware group.
Your Y2Q Update: Researchers claim quantum device performs 9,000-year calculation in microseconds
According to The Register, “researchers in Canada have conducted a quantum computing experiment that they claim completes a calculation in just a fraction of a second that would take a conventional computer 9,000 years.”An experimental physicist at the quantum computing company Xanadu, reported the results from “a device designed to sample an unknown probability distribution of light passing through a network of optical fibers.” The editors of the magazine Nature, which published the article, pointed out that the experiment was important “because programmable photonic processors were closer to the form that a quantum commercial device might take than other previous proof-of-principle quantum computing experiments.”
(The Register)Â Â