CryptosLabs Scam Ring Targets French-Speaking Investors, Rakes in €480 Million
Cybersecurity researchers have exposed the workings of a scam ring called CryptosLabs that’s estimated to have made €480 million in illegal profits by targeting users in French-speaking individuals in France, Belgium, and Luxembourg since April 2018.
The syndicate’s massive fake investment schemes primarily involve impersonating 40 well-known banks, fin-techs, asset management firms, and crypto Read More
The Hacker News | #1 Trusted Cybersecurity News Site
Hackers Attacking Power Generator Systems to Infect With Ransomware
A new variant of SystemBC malware was found to be deployed to a critical infrastructure target. This malware was responsible for the DarkSide Colonial Pipeline Incident in 2021. There have been several Ransomware attacks during the second quarter of 2023.
Threat actors target several organizations and infrastructures with ransomware attacks. But only a few ransomware attacks were targeting electric utilities.
More than 56% of the targets reported that they faced a loss of private information or an outage in their Operational Technology (OT) Environment.
In addition to this, recent reports indicate that a south african electric utility infrastructure was targeted with Cobalt Strike Beacon and DroxiDat, which was discovered to be the new variant of SystemBC payload.
This incident was found to be targeted during the third and fourth week of March 2023 and was part of a small wave attack across the world.
API Attacks Have Increased by 400% – Understand the Fundamentals of Protecting Your APIs with a Positive Security Model – Register Now for a Free Webinar
Technical Details
The current variant of SystemBC has a proxy-capable backdoor and changes maliciously. System BC has been available since 2018 which acts as “Malware as a service” (MaaS) and is sold on various underground forums.
SystemBC has three parts: a C2 web server with an admin panel, a C2 proxy listener on the server side, and a backdoor payload on the target.
DroxiDat acts as the payload component of SystemBC and previously had a size of 15-30kb+ which is now compacted to ~8kb.
DroxiDat does not act as a download and execute type payload as in the previous versions but can connect to remote listeners to pass the data between the C2 and the target and change the system registry.
There were two instances of DroxiDat found at C:perflogs alongside the CrowdStrike Beacon on multiple systems.
The current variant of SystemBC has many important capabilities like Retrieving machine names or usernames, session creation with C2 by decrypting the settings, encrypted communication with C2, and creating or deleting registry keys.
It is highly suspected that this was done by a Russian-speaking RaaS cybercrime unit. Expected threat actors also include Pistachio Tempest or FIN12. A complete report has been published by Securelist, which provides detailed information about the current variant of SystemBC and its activities.
Developments in the C2C market. Cyberespionage against Westminster. Notes from Russia’s hybrid war. And don’t take that typo to Timbuktu.
WormGPT is a new AI threat. TeamTNT seems to be back. Chinese intelligence services actively pursue British MPs. Gamaredon’s quick info theft. Russia’s FSB bans Apple devices. The troll farmers of the Internet Research Agency may not yet be down for the count. Anonymous Sudan claims a “demonstration” attack against PayPal, with more to come. Carole Theriault looks at popular email lures. My conversation with N2K president Simone Petrella on the White House’s National Cybersecurity Strategy Implementation Plan. And, friends, don’t take this typo to Timbuktu. Read More
FBI: Lazarus hackers readying to cash out $41 million in stolen crypto
The FBI warned that North Koreans are likely readying to cash out tens of millions worth of stolen cryptocurrency out of hundreds of millions stolen in the last year alone. […] Read More