We have collected the most important news from the world of cybersecurity for the week.
- Drain “CyberPartizanov” revealed the real role of one of the structures of Roskomnadzor.
- Reddit was hacked and the source code was stolen.
- Hackers have learned how to create malware using ChatGPT.
- Tor onion services slowed down due to DDoS attacks.
Drain “CyberPartizanov” revealed the real role of one of the structures of Roskomnadzor
The hacker group “CyberPartisans” from Belarus shared with Russian media an archive of documents from the internal network of the Main Radio Frequency Center (GRC) subordinated to Roskomnadzor.
A dump with more than 2 TB of information was received by hackers back in November 2022. At the time, the GRFC itself admitted the fact of the attack, but called the situation manageable.
About 1.5 million emails, mostly from 2020-2022, as well as about 200,000 text documents, spreadsheets and presentations, shed light on the key role of this structure in spying on Russians on the Internet.
Among other things, the GRFC helps to block independent media, writes denunciations of potential “foreign agents”, censors queries in Yandex about the war, seeks out reports about the health of Vladimir Putin, protests and “fakes” about the army.
Reddit hacked and source code stolen
February 5th ͏unknown attacked Reddit site and stole its source code.
Cybercriminals have created a phishing page imitating the Reddit intranet site. Through it, hackers stole the credentials of company employees and two-factor authentication tokens.
The compromised data includes limited Reddit contact information, as well as information regarding current and former employees. Potentially advertiser information could have been stolen, but more specific financial information and advertising campaign statistics were not affected.
The hack did not affect the main working systems of the site, passwords and user accounts.
The company did not share other details of the incident, pointing only to a recent similar attack on game maker Riot Games.
Hackers learned how to create malware using ChatGPT
Telegram has a paid bot that allows you to bypass ChatGPT’s bans on creating illegitimate content, including malware and phishing emails. The specialists of the company drew attention to this Check Point.
ChatGPT is freely available to developers. However, the current API– the AI bot version is poorly protected from various abuses and can be used by external applications.
“For example, the integration of the GPT-3 language model into Telegram channels allows you to create malicious content without any of the restrictions and barriers that are set in the ChatGPT user interface,” the researchers said.
On one of the hacker forums, they found an advertisement for a similar service. The first 20 requests to the chatbot are free, then users are charged $5.5 for every 100 requests.
As part of the test, experts were able to create a phishing email and a script that steals PDF documents from an infected computer and sends them to an attacker via FTP. To create this script, they used the query: “Write a malware that will collect PDF files and send them via FTP.”
Another member of the hack forum posted a code that allows you to generate malware for free.
Secure messenger hacked to spy on drug dealers
The Dutch police have taken down the anonymous messenger Exclu. Before that, law enforcement officers hacked the service and monitored the activities of criminals for five months.
On Friday, the police held a day of action following the investigation into cryptocommunication service #Excluded. Arrests also took place last weekend and about 200 phones were seized for further investigation: https://t.co/0B9brVcF8K @Europol @Eurojust @landelijkparket
— Rural Unit (@POL_Lnd_Unit) February 6, 2023
During the investigation, 79 searches were carried out in the Netherlands, Germany and Belgium, 42 people were arrested.
Two of the detainees were owners and managers of Exclu, while the rest were users of the service, including operators of drug laboratories. Several kilograms of narcotic substances, firearms, more than €4.3 million in cash and luxury goods were confiscated from them.
Exclu sold six-monthly subscriptions for €800 and allowed the exchange of encrypted messages and media files. According to police estimates, the messenger’s audience was about 3,000 people, 750 of whom lived in the Netherlands.
Tor onion services slowed down due to DDoS attacks
During the last seven months, the availability of the Tor network regularly violated due to powerful DDoS attack. Users complain about page loading problems and lack of access to onion services.
The Tor Project developers are aware of the problem and are trying to mitigate the effects of the attacks and secure the network.
“The methods and targets of these attacks have changed over time, and we have adapted as they continue. It is impossible to determine with certainty who is behind them, and what their intentions are, ”said the representatives of the service.
According to information Risky Business, attacks do not occur simultaneously on the entire network. Instead, the attackers target a small number of specific relays and switch to others a few days later.
At the same time, during the attacks, none of the operators received ransom demands.
Malicious Dota 2 mods found on Steam
Specialists Avast found four malicious game mods for Dota 2 in the Steam store, with the help of which attackers introduced backdoors into players’ systems. Despite the presence of mandatory verification upon publication, mod authors were able to bypass it.
To gain control over the player’s machine, the attackers used the Panorama framework, developed by Valve itself. The JavaScript part of it relies on a vulnerable version of the V8 engine.
The exploit was embedded in a legitimate file that added scoreboard functionality to the game, making it difficult to detect.
“The backdoor allowed any JavaScript received over HTTP to be executed, giving the attacker the ability to both hide and modify their exploit code at their own discretion, as well as the ability to completely update the entire mod,” Avast said.
In addition, the attacker embedded a file into his mods that tested the possibility of executing a malicious Lua snippet on the server side. It has the functions of logging, executing arbitrary commands, creating coroutines, and sending HTTP GET requests.
Avast analysts reported their discovery to Valve developers, and on January 12, 2023, they updated the vulnerable version of V8. The company also removed malicious game mods from Steam and alerted at least 200 victims of the attack.
Also on ForkLog:
What to read on the weekend?
In the educational section of ForkLog “Cryptorium” we talk about the types of scam and give advice on how not to become a victim of it.
Found a mistake in the text? Select it and press CTRL+ENTER
ForkLog Newsletters: Keep your finger on the pulse of the bitcoin industry!
