The state of cybersecurity in the world has been deteriorating year after year. However, last week proved that while malicious actors are lurking behind the shadows of the internet, there will always be white hat hackers who are going to the extremes to expose them and to stop them from their evil ways.
In this week’s cybersecurity round-up, we will highlight the most controversial and the biggest cybersecurity news in the past week. This includes the biggest data breaches, newest malware discovered, latest hacking groups exposed, and many others.
IronMarch neo-nazi forum exposed by a mysterious hacker
A mysterious hacker has exposed an archive of the now offline forum site called IronMarch, an online community where white supremacists and neo-nazis are sharing thoughts with each other. The mysterious hacker has published today a carbon copy of the site on the file-hosting section of the Internet Archive portal. The archive includes a wide range of information regarding the operations of the forum from user details to forum posts and from private messages to multi-factor authentication settings and forum management logs.
The information contained in the disclosure proves important to law enforcement as it could help them zero-in the identities of IronMarch users who became members of violent and murderous neo-nazi organizations Atomwaffen Division and SIEGE Culture – both of which have been linked to different murders and episodes of violence around the world.
China-backed hackers found compromising SMS to carry out espionage campaigns
APT 41, a China-sponsored hacking organization, has been found to be deploying MessageTap, a malware that compromises servers of telecommunication providers and infrastructures to read and save SMS sent through the network. The report revealed that the group has been deploying the MessageTap malware in the wild from 2012 to the present. The discovery makes it risky to send messages through SMS as the malware can download and read the entire content of a message that it flags.
According to a report by FireEye, MessageTap is looking for keywords in the keyword_parm.txt and then matches it with the IMSI number and the phone number to determine where those messages containing a keyword the hackers are interested in came from. The keywords include the names of political leaders, military and intelligence organizations, and political movements that have been considered by the Chinese government as their enemy. If these keywords exist in a text message, the malware will save the entire content of the SMS for future use.
DarkUniverse hacking group exposed
Cybersecurity experts from Kaspersky Lab discovered a new threat called the DarkUniverse. The team was able to uncover the operation of the APT by analyzing an interesting script from one of the most significant security breaches in the U.S. National Security Agency history. The researchers were able to link the hacking group to previous breaches and attacks that spanned between 2013 to 2017.
The discovery of DarkUniverse was ushered by the analysis of the operations of a group of hackers who was previously known as the ShadowBrokers. In April 2017, ShadowBrokers published heir well-known ‘Lost in Translation’ leak that was developed by the NSA and was later stolen by the hackers. The dispatch is notorious for the publication of Eternal Blue exploit, which aided the campaigns like WannaCry and NotPetya, both of which have plagued the world, leading to millions of dollars of losses.
The DarkUniverse APT is particularly interesting as the organization has been known to personalize the spearphishing campaigns by sending targets with a new letter to encourage him/her to open the malware-laced attachment. The researchers have recorded a total of 20 victims geolocated in Syria, Iran, Afghanistan, Tanzania, Ethiopia, Sudan, Russia, Belarus, and the United Arab Emirates.
California DMV leaked info of more than 3,200 drivers
More than 3,200 drivers have had their social security information leaked after the California Department of Motor Vehicles have admitted that other federal and state government agencies – including the Department of Homeland Securities – had access to their database.
The data breach is particularly important to illegal immigrants who were granted by the state driver’s licenses with the promise that their citizenship status won’t be disclosed to federal immigration officials. At least 88 individuals without proof of legal who have applied for AB 60 licenses in the agency have had their information exposed in the breach. Out of them, six people have had their data accessed by Homeland Security.