2022, Hacking and Information Security - Cyber Security Informer

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

Cyber threat analysts at Silent Push said they recently received reports from a partner organization that identified an aggressive scanning effort against their website using an Internet address previously associated with a campaign by FIN7 , a notorious Russia-based hacking group. co — first came online in February 2023.

Hacking

Hacking Cybercrime Advertising Data breaches

Four REvil Ransomware members sentenced for hacking and money laundering

Security Affairs

OCTOBER 27, 2024

Four former members of the REvil ransomware group were sentenced in Russia for hacking and money laundering, marking a rare case of Russian gang members being convicted in the country. The cases have been sent to the Russian Prosecutor General’s Office for consolidation, and all defendants have been held since early 2022.

Ransomware

Ransomware Hacking Malware Cybercrime

Subaru Starlink flaw allowed experts to remotely hack cars

Security Affairs

JANUARY 25, 2025

To confirm their findings, the researchers reached out to their friend and asked if they could hack her car. Additionally, attackers could secretly obtain personal information such as the victims name, phone number, email, and physical address. Admin panel access exposed vehicle data (e.g., name, ZIP, phone, email, billing details).

Hacking

Hacking Accountability Passwords Authentication

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Security Affairs

JANUARY 15, 2025

At the beginning of the year, and as a positive start for us, and in order to solidify the name of our group in your memory, we are proud to announce our first official operation: Will be published of sensitive data from over 15,000 targets worldwide (both governmental and private sectors) that have been hacked and their data extracted.”

VPN

VPN Passwords Firewall Firmware

US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT

Security Affairs

JANUARY 4, 2025

networks since the summer of 2022. “ Flax Typhoon is a China-linked hacking group that has been active since 2021, it targets critical infrastructure globally, exploiting vulnerabilities for persistent access. . According to OFAC, between 2022 and 2023, Flax Typhoon hacked U.S. critical infrastructure sectors.“

Cybersecurity

Cybersecurity IoT Hacking Technology

Black Basta ransomware gang hit BT Group

Security Affairs

DECEMBER 4, 2024

Black Basta ransomware-as-a-service (RaaS) has been active since April 2022, it impacted several businesses and critical infrastructure entities across North America, Europe, and Australia. Black Basta is a ransomware-as-a-service (RaaS) variant, first identified in April 2022. reads the CSA.

Ransomware

Ransomware Telecommunications Healthcare Insurance

Bitfinex hacker Ilya Lichtenstein was sentenced to 5 years in prison

Security Affairs

NOVEMBER 15, 2024

. “Ilya Lichtenstein was sentenced today to five years in prison for his involvement in a money laundering conspiracy arising from the hack and theft of approximately 120,000 bitcoin from Bitfinex, a global cryptocurrency exchange.” Billion in stolen cryptocurrency stolen during the 2016 hack of Bitfinex.

Cryptocurrency

Cryptocurrency Hacking Government Accountability

Sansec uncovered a supply chain attack via 21 backdoored Magento extensions

Security Affairs

MAY 5, 2025

Sansec researchers reported that multiple vendors were hacked in a coordinated supply chain attack, the experts discovered that a backdoor was hidden in 21 applications. Sansec identified these backdoors in the following packages which were published between 2019 and 2022.” ” reads the report published by Sansec.

eCommerce

eCommerce Hacking Authentication Software

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

Security Affairs

OCTOBER 12, 2024

Since April 2021, Russian state-sponsored hackers have exploited vulnerabilities, including Zimbra’s CVE-2022-27924 for injecting commands to access credentials and emails, and JetBrains TeamCity’s CVE-2023-42793 for arbitrary code execution through an authentication bypass.

Data collection

Data collection Authentication Hacking Government

Feds seized $23 million in crypto stolen using keys from LastPass breaches

Security Affairs

MARCH 10, 2025

authorities seized $23M in crypto linked to a $150M Ripple wallet theft, experts believe the incident is linked to the 2022 LastPass breach. authorities seized $23M in crypto tied to a $150M Ripple hack, suspected to have been carried out by hackers from the 2022 LastPass breach. ” reads the complaint. ” However.

Password Management

Password Management Cryptocurrency Passwords Data breaches

Poland probes Pegasus spyware abuse under the PiS government

Security Affairs

DECEMBER 3, 2024

The news of the hack was reported by the Gazeta Wyborcza daily, and unfortunately, it isn’t the first time that the Pegasus spyware was used in the country. In 2021, the University of Toronto-based Citizen Lab Internet reported that a Polish opposition duo was hacked with NSO spyware.

Spyware

Spyware Government Surveillance Hacking

US DoJ charges five alleged members of the Scattered Spider cybercrime gang

Security Affairs

NOVEMBER 21, 2024

The cybercrime group Scattered Spider is suspected of hacking into hundreds of organizations over the past two years, including Twilio , LastPass , DoorDash , and Mailchimp. As this case shows, phishing and hacking has become increasingly sophisticated and can result in enormous losses. ” reads the press release published by DoJ.

Cybercrime

Cybercrime Identity Theft Cryptocurrency Phishing

Google Threat Intelligence Group (GTIG) tracked 75 actively exploited zero-day flaws in 2024

Security Affairs

APRIL 29, 2025

In 2024, Google tracked 75 exploited zero-day vulnerabilities, down from 98 in 2023 but up from 63 in 2022. “Microsoft Windows exploitation continued to increase, climbing from 13 zero-days in 2022, to 16 in 2023, to 22 in 2024.” ” continues the report. ” concludes the report.

Surveillance

Surveillance Mobile Software Hacking

Pro-Russia hackers NoName057 targets Italy again after Zelensky’s visit to the country

Security Affairs

JANUARY 12, 2025

The group NoName57 has been active since March 2022 and has targeted government and critical infrastructure organizations worldwide. In September 2022, Avast researchers observed the group using the Bobik botnet to launch DDoS attacks. NoName057(16) uses multiple tools to carry out their attacks.

DDOS

DDOS Banking Government Marketing

New ‘Bring Your Own Installer (BYOI)’ technique allows to bypass EDR

Security Affairs

MAY 6, 2025

” The team at Stroz Friedberg ran the experiment on a Windows Server 2022 machine that had SentinelOne version 23.4.6.223 installed and confirmed that the agent was running properly and showing as online in the management dashboard. “At the time of Stroz Friedbergs investigation and testing, this option was not enabled by default.”

Ransomware

Ransomware Hacking Information Security

U.S. CISA adds Microsoft Outlook, Sophos XG Firewall, and other flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

FEBRUARY 6, 2025

Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, CISA Known Exploited Vulnerabilities catalog ) is a Remote Code Execution flaw in Microsoft Outlook. CISA orders federal agencies to fix this vulnerability by February 27, 2025.

Firewall

Firewall Hacking Cybersecurity Risk

Pro-Russia group NoName targeted the websites of Italian airports

Security Affairs

DECEMBER 28, 2024

The group NoName57 has been active since March 2022 and has targeted government and critical infrastructure organizations worldwide. In September 2022, Avast researchers observed the group using the Bobik botnet to launch DDoS attacks. NoName057(16) uses multiple tools to carry out their attacks.

DDOS

DDOS Artificial Intelligence Government Cybercrime

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

Security Affairs

FEBRUARY 13, 2025

In 2022, the Russian APT used multiple wipers in attacks aimed at Ukraine, including AwfulShred , CaddyWiper , HermeticWiper , Industroyer2 , IsaacWiper , WhisperGate , Prestige , RansomBoggs , and ZeroWipe. On September 2022, the Sandworm group was observed impersonating telecommunication providers to target Ukrainian entities with malware.

Telecommunications

Telecommunications DNS Passwords Hacking

Ransomware attack hit Indian multinational Tata Technologies

Security Affairs

FEBRUARY 1, 2025

On October 14, 2022, Tata Power, Indias largest power generationcompany, announced a cyber attack hit its infrastructure. Threat actors hit the company’s information technology (IT) infrastructure. The gang claims to have breached the corporate network on October 3rd, 2022.

Technology

Technology Ransomware Engineering Manufacturing

The US Treasury’s OCC disclosed an undetected major email breach for over a year

Security Affairs

APRIL 9, 2025

The OCC reviewed email logs since 2022, disabled impacted accounts, and reported the breach to CISA. The confidentiality and integrity of the OCCs information security systems are paramount to fulfilling its mission, said Acting Comptroller of the Currency Rodney E. The breach was confirmed on Feb.

Accountability

Accountability Banking Information Security Hacking

Blackbasta group claims to have hacked Atlas, one of the largest US oil distributors

Security Affairs

MAY 21, 2024

The Blackbasta extortion group claims to have hacked Atlas, one of the largest national distributors of fuel in the United States. The gang published a series of documents as proof of the hack, including people’s ID cards, data sheets, payroll payment requesters and a picture of the folder exfiltrated from the victim’s systems.

Hacking

Hacking Ransomware Phishing Malware

FBI seized the notorious BreachForums hacking forum

Security Affairs

MAY 15, 2024

An international law enforcement operation coordinated by the FBI led to the seizure of the notorious BreachForums hacking forum. BreachForums is a cybercrime forum used by threat actors to purchase, sell, and exchange stolen data, including credentials, and personal and financial information. In March 2023, U.S.

Hacking

Hacking Cybercrime Information Security

Notorious ransomware programmer Mikhail Pavlovich Matveev arrested in Russia

Security Affairs

NOVEMBER 29, 2024

Russian authorities arrested ransomware affiliate Mikhail Matveev, aka Wazawaka, for developing malware and ties to hacking groups. On or about May 27, 2022, the man and his Hive coconspirators allegedly hit a nonprofit behavioral healthcare organization in New Jersey. The attacks hit law enforcement agencies in Washington, D.C.

Ransomware

Ransomware Healthcare Hacking Malware

Hunters International gang claims the theft of 1.4 TB of data allegedly stolen from Tata Technologies

Security Affairs

MARCH 5, 2025

Ransomware group Hunters International claims to have hacked Tata Technologies, threatening to leak 1.4 On October 14, 2022, Tata Power, Indias largest power generation company, announced a cyber attack hit its infrastructure. Threat actors hit the companys information technology (IT) infrastructure. TB of stolen data.

Technology

Technology Ransomware Engineering Manufacturing

CNN, Paris Hilton, and Sony TikTok accounts hacked via DMs

Security Affairs

JUNE 5, 2024

Semafor first reported that CNN’s TikTok account had been hacked, forcing the broadcaster to take down its account for several days. The TikTok spokesperson also added that their security team was recently alerted of malicious actors targeting CNN’s account. .” TikTok spokesperson Alex Haurek told Forbes.

Accountability

Accountability Hacking Malware Information Security

The Mask APT is back after 10 years of silence

Security Affairs

DECEMBER 18, 2024

The APT group targeted an organization in Latin America in 2019 and 2022. While investigating the 2022 attack, the researchers noticed that the victim organization had also suffered a 2019 attack using “Careto2” and “Goreto” frameworks. ” reads the analysis published by Kaspersky.

Cyber Attacks

Cyber Attacks Hacking Government Malware

Hacking firm I-Soon data leak revealed Chinese gov hacking capabilities

Security Affairs

FEBRUARY 26, 2024

Recently the leak of a collection of files apparently stolen from the Chinese government hacking contractor, I-Soon, exposed Chinese hacking capabilities. Recently someone has leaked on GitHub [ 1 , 2 ] a collection of files apparently stolen from the Chinese hacking firm, I-Soon.

Hacking

Hacking Government Marketing Spyware

Finnish Customs dismantled the dark web drugs market Sipulitie

Security Affairs

OCTOBER 16, 2024

The same admin later launched a chat-based drug sales platform, Tsätti, in 2022, which was taken offline along with Sipulitie. Law enforcement agencies from the United Kingdom, United States, and Ireland participated in the operation that began towards the end of 2022.

Marketing

Marketing Cybercrime Scams Hacking

Russia-linked threat actors threaten the UK and its allies, minister to say

Security Affairs

NOVEMBER 25, 2024

He will allege that Russian state-aligned hacking groups have executed at least nine cyberattacks against NATO nations, targeting critical infrastructure. Starting January 13, 2022, the group employed the WhisperGate wiper in attacks against Ukrainian organizations. These operations include espionage, sabotage, and reputational damage.

Cyber Attacks

Cyber Attacks Government Hacking Cyber threats

As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide

Security Affairs

MAY 12, 2024

Black Basta ransomware affiliates have breached over 500 organizations between April 2022 and May 2024, FBI and CISA reported. Black Basta ransomware-as-a-service (RaaS) has been active since April 2022, it impacted several businesses and critical infrastructure entities across North America, Europe, and Australia.

Ransomware

Ransomware Hacking Healthcare Retail

J-magic malware campaign targets Juniper routers

Security Affairs

JANUARY 24, 2025

Lumen experts also mentioned another variant of cd00r, codenamed SEASPY , that was used in a campaign targeting Barracuda Email Security Gateway (ESG) appliances that dates back in 2022. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,newsletter)

Malware

Malware VPN Encryption Hacking

Internet Archive was breached twice in a month

Security Affairs

OCTOBER 21, 2024

The Internet Archive was breached again, attackers hacked its Zendesk email support platform through stolen GitLab authentication tokens. The exposed token had been available since December 2022 and was reportedly rotated multiple times since then.

Internet

Internet Internet Data breaches Authentication

Hackers Stole Access Tokens from Okta’s Support Unit

Krebs on Security

OCTOBER 20, 2023

In an interview with KrebsOnSecurity, Okta’s Deputy Chief Information Security Officer Charlotte Wylie said Okta initially believed that BeyondTrust’s alert on Oct. The disclosure from Okta comes just weeks after casino giants Caesar’s Entertainment and MGM Resorts were hacked. But she said that by Oct.

Social Engineering

Social Engineering Engineering Accountability Hacking

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

The botnet is comprised of two complementary activity clusters, the experts believe it has been active since at least February 2022. In early July and August of 2022, the researchers noticed several Cisco RV320s , DrayTek Vigor routers , and NETGEAR ProSAFEs that were part of the botnet.

VPN

VPN Government Malware Manufacturing

Russia-linked group Nebulous Mantis targets NATO-related defense organizations

Security Affairs

APRIL 30, 2025

Since mid-2022, theyve deployed RomCom via spear-phishing for espionage, lateral movement, and data theft. “After March 2022, attacks using Cuba ransomware were entirely replaced by Industrial Spy , which appears to be a continuation of the former. ” continues the report.

Encryption

Encryption Ransomware Malware Phishing

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

APRIL 22, 2024

Microsoft reported that the Russia-linked APT28 group (aka “ Forest Blizzard ”, “ Fancybear ” or “ Strontium ” used a previously unknown tool, dubbed GooseEgg, to exploit the Windows Print Spooler flaw CVE-2022-38028. The vulnerability CVE-2022-38028 was reported by the U.S.

Government

Government Education Phishing Malware

Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’

Security Affairs

OCTOBER 14, 2024

Law enforcement agencies from the United Kingdom, United States, and Ireland participated in the operation that began towards the end of 2022. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, dark web)

Marketing

Marketing Cybercrime DDOS Cryptocurrency

Ukraine’s intelligence service hacked Russia’s Federal Air Transport Agency, Rosaviatsia

Security Affairs

NOVEMBER 27, 2023

Ukraine’s intelligence service announced the hack of the Russian Federal Air Transport Agency, ‘Rosaviatsia.’ ’ Ukraine’s intelligence service announced they have hacked Russia’s Federal Air Transport Agency, ‘Rosaviatsia.’ In the same period in 2022, 50 such incidents were recorded.

Hacking

Hacking Engineering Government Manufacturing

DoJ charged three Russian citizens with operating crypto-mixing services

Security Affairs

JANUARY 11, 2025

By allegedly operating these mixers, the defendants made it easier for state-sponsored hacking groups and other cybercriminals to profit from offenses that jeopardized both public safety and national security. was active from 2018 to 2022, while Sinbad.io Wible, head of the Justice Department’s Criminal Division.

Cybercrime

Cybercrime Cryptocurrency Hacking Ransomware

Mandrake Android spyware found in five apps in Google Play with over 32,000 downloads since 2022

Security Affairs

JULY 30, 2024

A new version of the Mandrake Android spyware has been found in five apps on Google Play, which have been downloaded over 32,000 times since 2022. Researchers from Kaspersky discovered a new version of the Mandrake Android spyware in five app on Google Play, totaling over 32,000 downloads between 2022 and 2024.

Spyware

Spyware Malware Mobile Marketing

Experts warn of a new wave of Bumblebee malware attacks

Security Affairs

OCTOBER 22, 2024

Bumblebee has been active since March 2022 when it was spotted by Google’s Threat Analysis Group (TAG), experts noticed that cybercriminal groups that were previously using the BazaLoader and IcedID as part of their malware campaigns switched to the Bumblebee loader. .”

Malware

Malware Phishing Ransomware Hacking

Brazil’s Polícia Federal arrested the notorious hacker USDoD

Security Affairs

OCTOBER 16, 2024

However, the Brazilian national turned into more complex cybercriminal activities by 2022. The link between Luan’s hacktivism and cybercrime was established due to his bad Operational security (opsec). Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, USDoD)

Data breaches

Data breaches Media Cybercrime Accountability

Cybercrime group FIN7 advertises new EDR bypass tool on hacking forums

Security Affairs

JULY 18, 2024

On May 19th, 2022, a user named “goodsoft” advertised an AV killer tool for $4,000 on the exploit[.]in Later, on June 14th, 2022, a user named “lefroggy” posted a similar ad on the xss[.]is On August 10, 2022, a user named “goodsoft” advertised “PentestSoftware” for $6,500 per month on the exploit[.]in

Advertising

Advertising Cybercrime Hacking Ransomware

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

Security Affairs

NOVEMBER 2, 2024

Between 2020 and 2022, attackers launched multiple campaigns to exploit zero-day vulnerabilities in publicly accessible network appliances, focusing on WAN-facing services. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, China-linked threat actors)

Firmware

Firmware Government Firewall Malware

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Four REvil Ransomware members sentenced for hacking and money laundering

Trending Sources

Subaru Starlink flaw allowed experts to remotely hack cars

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT

Black Basta ransomware gang hit BT Group

Bitfinex hacker Ilya Lichtenstein was sentenced to 5 years in prison

Sansec uncovered a supply chain attack via 21 backdoored Magento extensions

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

Feds seized $23 million in crypto stolen using keys from LastPass breaches

Poland probes Pegasus spyware abuse under the PiS government

US DoJ charges five alleged members of the Scattered Spider cybercrime gang

Google Threat Intelligence Group (GTIG) tracked 75 actively exploited zero-day flaws in 2024

Pro-Russia hackers NoName057 targets Italy again after Zelensky’s visit to the country

New ‘Bring Your Own Installer (BYOI)’ technique allows to bypass EDR

U.S. CISA adds Microsoft Outlook, Sophos XG Firewall, and other flaws to its Known Exploited Vulnerabilities catalog

Pro-Russia group NoName targeted the websites of Italian airports

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

Ransomware attack hit Indian multinational Tata Technologies

The US Treasury’s OCC disclosed an undetected major email breach for over a year

Blackbasta group claims to have hacked Atlas, one of the largest US oil distributors

FBI seized the notorious BreachForums hacking forum

Notorious ransomware programmer Mikhail Pavlovich Matveev arrested in Russia

Hunters International gang claims the theft of 1.4 TB of data allegedly stolen from Tata Technologies

CNN, Paris Hilton, and Sony TikTok accounts hacked via DMs

The Mask APT is back after 10 years of silence

Hacking firm I-Soon data leak revealed Chinese gov hacking capabilities

Finnish Customs dismantled the dark web drugs market Sipulitie

Russia-linked threat actors threaten the UK and its allies, minister to say

As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide

J-magic malware campaign targets Juniper routers

Internet Archive was breached twice in a month

Hackers Stole Access Tokens from Okta’s Support Unit

China’s Volt Typhoon botnet has re-emerged

Russia-linked group Nebulous Mantis targets NATO-related defense organizations

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’

Ukraine’s intelligence service hacked Russia’s Federal Air Transport Agency, Rosaviatsia

DoJ charged three Russian citizens with operating crypto-mixing services

Mandrake Android spyware found in five apps in Google Play with over 32,000 downloads since 2022

Experts warn of a new wave of Bumblebee malware attacks

Brazil’s Polícia Federal arrested the notorious hacker USDoD

Cybercrime group FIN7 advertises new EDR bypass tool on hacking forums

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

Stay Connected