[Information Security Daily]On October 5, 2022, Video Game Company Blizzard Entertainment Suffered a Large Scale DDoS Attack and Hackers Distributed Malicious Tor Browser Installers to Chinese Users Through YouTube Channels | iThome

Recently Ubisoft, Rockstar,2K gamesWhen many game companies have been attacked by the internet, the main purpose of hackers is not to steal player account information or block unlisted game development data for profit. games are relatively rare. Blizzard Entertainment’s new game “Double Attack 2” was recently officially launched. As the server was attacked by DDoS, players have complained about the inability to access the game.

Hackers use YouTube channels to distribute malicious programs. Many of them used to target players trying to crack the game, but there are now country specific attacks, some in the name of allowing Chinese users to access the Dark Web. Tor Browser distribution with malware.

It can be said that recent attacks on developers are quite frequent – most hackers start targeting the packages they use, but if the target of the attack is the package manager, the impact is likely to be more serious. Researchers exposed the PHP Suite Manager vulnerability they discovered, noting that once exploited, attackers could use it to plant malware.

【Attack and Threat】

Game “Battle Strike 2” just launched by video game company Blizzard Entertainment found that players were unable to log in because the company’s servers were hit by a DDoS attack

The new game from video game company Blizzard Entertainment “Overwatch 2” officially launched on October 4, but it was reported that players faced long waits when logging in. Company CEO Mike Ybarra said the reason was a massive DDoS attack on their servers, which resulted in many connection drops or instability, and the company team was working on it.

And this incident is not the first time the company has been hit by a DDoS attack on new games, for example “World of Warcraft Classic”, which launched in late August 2019,A DDoS attack on US servers was reported on September 8while many players experience disconnection and severe lag.

Hackers distribute malicious Tor Browser installer to Chinese users via YouTube channel

Information security company Kaspersky revealed the OnionPoison attack. Hackers have targeted users in China. Since January 9 of this year, they have been distributing Tor browsers with malware through Chinese YouTube channels. Once users click on the URL provided by the hackers, they will download a 74MB executable Once installed, the armed library freebl3.dll will be implanted on the computer.These hackers attempt to collect the victim’s browsing history, accounts of the social network, wireless Internet SSID and other information to extract the victim’s true identity. Researchers began detecting computer infections in March of this year.

But why do hackers use this method to launch attacks? The reason is likely that the Tor browser website is blocked in China and Chinese users need to access it via other channels.

US government warns defense agencies targeted by hackers, stealing secrets through CovalentStealer malware

The US Cybersecurity and Infrastructure Security Agency (CISA) warned on October 4 that state-sponsored hackers, using CovalentStealer malware and the January 2021 Impacket penetration testing tool, will attempt to hack into the country’s defense industrial base, stealing sensitive information.

Attackers are suspected to have invaded the Exchange server through the ProxyLogon vulnerability, then searched for the contents of the mailboxes. After more than a month, they used Shell for reconnaissance. The network environment of the victim organization establishes persistence and lateral movement. Hackers use Impacket to achieve their goals and ultimately pass the stolen data to the OneDrive file sharing service via CovalentStealer.

【Vulnerabilities and patches】

The main flaw of Packagist, component of the PHP suite manager, could be used for supply chain attacks

SonarSource, an information security company, pointed out that in April of this year they discovered that Packagist, the main component of the dependency manager of the PHP Composer suite, has a major vulnerability CVE-2022-24828, with a score of CVSS risk of 8.8. attackers exploit this vulnerability, they will. It has full control over Packagist, which in turn affects dependent suites acquired from the development environment and distributes malware to the victim’s computer.

The researchers pointed out that because it is common for PHP developers to use Composer to manage their suites, the vulnerability is likely to be widespread, estimating that at least one million suite update requests could be hijacked. The development team has released versions 1.10.26, 2.2.12 and 2.3.5 for Composer to be fixed after reporting.

Carlo Gavazzi’s parking management system has major flaws, attackers can gain full access

Claroty, an information security company, found a total of 11 vulnerabilities in the CPY parking management server system and UWP 3.0 monitoring gateway owned by the Italian manufacturer of industrial automation systems Carlo Gavazzi, of which 6 are rated CVSS risk of 9.8. These vulnerabilities include inactive write passwords, lack of authentication, directory traversal vulnerabilities, and SQL injection vulnerabilities, which can allow attackers to take full control of the target system. Carlo Gavazzi released patched versions of UWP 3.0 and CPY in April and June of this year.

【More information security news】

Australian telecom company Optus confirms 2.1 million customer ID numbers were stolen

Chrome app mode used in phishing attacks

Water Labbu Hacking Group Hacked Scam Sites, Taking Victims’ Cryptocurrency Wallets

Recent Information Security Newspaper

[4 ottobre 2022]Microsoft’s proposed mitigations for Exchange zero-day vulnerability can be easily bypassed, US defense contractor hit by BlackCat ransomware

[3 ottobre 2022]Hackers created fake LinkedIn accounts of Fortune 500 information security chiefs and former IT staff tampered with the company’s domain configuration and were sued

[30 settembre 2022]Another zero-day vulnerability in Microsoft Exchange server was blocked by hackers and LNK-based form of malware distribution is on the rise

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Recent News