#AxisOfEasy 240: Apple And Meta Unknowingly Provided Hackers With Customer Data


Weekly Axis Of Easy #240


Last Week’s Quote was  “Kids, you tried your best and you failed miserably. The lesson is, never try.” was by Homer Simpson.  Congrats to Kenroy!

This Week’s Quote:  Our knowledge can only be finite, while our ignorance must necessarily be infinite.”… by???

THE RULES: No searching up the answer, must be posted to the blog – the place to post the answer is at the bottom of the post, in the comments section.

The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.

 


This is your easyDNS #AxisOfEasy Briefing for the week of March 28th, 2022, wherein our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy. 
 
In this issue:
  • The LAPSUS$ group compromised IT firm Globant and released 70 GB of data
  • Anonymous hacking group leaks 112 GB of data from two Russian industrial firms 
  • Apple and Meta unknowingly provided hackers with customer data
  • The Orbán administration could not stop the hackers from accessing Hungary’s foreign ministry networks
  • Attacks against Fintech, IT, and media companies were carried out by North Korean hackers using Chrome’s zero-day vulnerability Edited
  • Elon Musk Buys Some Twitter Shares
 
 
Elsewhere online:
  • UPS devices could be targeted by attackers, says the US government
  • A group of suspected LAPSUS$ hackers has been arrested in the UK
  • 35% of Malware Infections Use Log4Shell
  • Vulnerability to be fixed in Western Digital My Cloud OS 5 devices
  • Cybercrime charges for 2018 and 2019 have been filed against an individual from Laval
 

The LAPSUS$ group compromised IT firm Globant and released 70 GB of data

The LAPSUS$ data extortion group announced its return after a week-long vacation, posting images of extracted data and credentials from software services company Globant. The screenshots and torrent files depict a folder listing for multiple companies, including Arcserve, Banco Galicia, BNP Paribas Cardif, Citibanamex, DHL, Facebook, and Stifel, among others.

The passwords for Globant’s code repository have been reused and are easily guessable, prompting LAPSUS$ to call out the “poor security practices in use” at the company. The company stated that the data accessed was limited to specific source codes and project-related documentation.

The LAPSUS$ extortion group has been in the spotlight for their hacks against technology companies like Impresa, NVIDIA, Samsung, Vodafone, Ubisoft, Microsoft, and Okta. The City of London Police arrested and released seven alleged operatives of the criminal cartel last week, but the latest data leak indicates that their operations continue.

Read: https://thehackernews.com/2022/03/lapsus-claims-to-have-breached-it-firm.html?&web_view=true


Anonymous hacking group leaks 112 GB of data from two Russian industrial firms

Two Russian companies have been targeted by the online hacker group Anonymous, whose members stole a trove of their data and posted it online for people to download.

One of the first breaches was against MashOil, a Moscow-based business that designs, manufactures, and maintains equipment used in drilling, mining, and fracking. The Anonymous hacker group claims responsibility for the theft of over 140,000 emails from the company.

The second cyberattack was against RostProekt, a Russian company that operates in the construction industry. Hackread reports that the files can be downloaded from the official website of DDoSecrets following a hack of the company.

An Anonymous affiliate, @DepaixPorteur, revealed they are currently working on a large-scale data leak involving sensitive Russian institutions. In protest against the Russian invasion of Ukraine, Anonymous plans to leak 1.22TB worth of data over the next two weeks.

The famous hacktivist group has been very vocal about its stand with Ukraine. To spread its message over the ongoing conflict, Anonymous has recently leaked 28GB worth of banking data and has addressed the government and the private sector.

Read: https://www.hackread.com/anonymous-hack-russian-industrial-firms-data-leak/?web_view=true


Apple and Meta unknowingly provided hackers with customer data

Bloomberg reported that Apple and Meta, the parent company of Facebook, reportedly provided customer data to hackers posing as law enforcement officials. The tech giants provided basic subscriber details, including customers’ addresses, phone numbers, and IP addresses, to hackers in response to an emergency data request that had been forged.

Seven hackers connected to an investigation into the group have been arrested, and a police investigation is still underway. When asked for comments, Apple directed reporters to its corporate law enforcement guidelines, which establish that the company may contact the supervisor of any law enforcement agency that files an emergency request to determine if the request is legitimate.

On the other hand, Meta’s spokesman Andy Stone said the company reviews data requests for legal sufficiency and works with law enforcement to respond to incidents involving suspected fraudulent requests. Meta’s guidelines state that it will provide user data to law enforcement agencies if they think the request concerns an imminent risk of several physical injury or death when requested.

The hackers forged an emergency data request from Discord, a social media platform used primarily by gamers. On this matter, the gaming platform said that the law enforcement accounts were first verified to be genuine but later found to have been compromised by a malicious actor. Since then, law enforcement has been notified about the compromised email account, and an investigation is underway.

Read: https://www.independent.co.uk/news/world/americas/apple-meta-hackers-customer-data-b2047670.html


The Orbán administration could not stop the hackers from accessing Hungary’s foreign ministry networks

The Orbán government has failed to stop Russian hackers from accessing Hungary’s foreign ministry networks, and investigative site Direkt36 reported earlier this week.

Former intelligence officials claim that Russian intelligence is clearly behind the attack on Hungary’s foreign ministry based on the cyberattack trail, Direkt36 reported.

Direct 36 uncovered Russian intelligence operations against the Hungarian foreign ministry with the aid of foreign ministry documents and over thirty interviews. Hungarian counterintelligence measures were also found to be inadequate. Hackers are said to work for the Federal Security Service, the FSB, which Putin previously headed, and the GRU, the Russian military intelligence service.

The Hungarian state authorities had also known about these hacker groups for a long time, as they have repeatedly attacked Hungarian government networks over the past decade, Direct36 says.

Moscow, the report argues, has access to the Hungarian foreign ministry’s network almost in real-time, and Russian intelligence officers know ahead of time what the Hungarian foreign ministry is planning and thinking.

While the current crisis summits between the EU and NATO are taking place, Russian infiltration continued before and after the invasion of Ukraine. In the meantime, the Hungarian government has not publicly denounced Russia’s cyber espionage.

Several of the cases described in this article came from the experience of former Hungarian intelligence and security officers working in Russian intelligence-related fields. Sources familiar with the ministry’s internal affairs also provided insight into how it handled the cyberattack.

Read: https://www.direkt36.hu/en/putyin-hekkerei-is-latjak-a-magyar-kulugy-titkait-az-orban-kormany-evek-ota-nem-birja-elharitani-oket/


Attacks against Fintech, IT, and media companies were carried out by North Korean hackers using Chrome’s zero-day vulnerability

Google disclosed that two groups of attackers targeted news media, cryptocurrency, and fintech companies in the U.S. and North Korea. The attacks shared direct infrastructure overlaps with previous attacks aimed at security researchers last year. Google TAG researcher Adam Weidemann says they have found evidence that exploit kits were actively deployed on January 4, 2022.

The campaigns targeted visitors using non-Chromium-based browsers to redirect them to known exploitation servers in North Korea. The exploit kit is a multi-stage infection chain that starts with reconnaissance and ends with a package designed to escape the sandbox and carry out further post-exploitation activities.

North Korea’s “double scenario” of espionage and money theft was used to compromise at least two legitimate fintech company websites. The first campaign targeted 250 individuals working for ten different news media, domain registrars, web hosting providers, software vendors, and impersonated companies like Disney and Google to distribute malware payloads. Another activity cluster using the same Chrome zero-day appears to be Operation AppleJeus, which compromised two legitimate fintech company websites to serve an exploit to no less than 85 people.

Read: https://thehackernews.com/2022/03/north-korean-hackers-exploited-chrome.html

 

Elon Musk Buys Some Twitter Shares

The big news on social media and the stock market on Monday was Elon Musk buying 9.2% of Twitter. The stock soared upon news hitting the streets. Roughly a week prior, Elon asked on the platform what should be done about Twitter’s fast eroding adherence to free speech.

As a staunch “free speech absolutist” “(except when it comes to whistleblowers for TSLAQ)” and now largest shareholder of Twitter (roughly 4 times more than ex-CEO Jack Dorsey) it’s anyone’s guess what’s to come.

As he’s been named to the board already, he may take an active role in the direction of the platform.  That must be on the minds of many at this point. So far he has asked whether people wanted an “edit” feature.

The big question is: will he be praised or booed by the media and the masses in the coming days, weeks and months? Only time will tell. If this article is any indication, the attacks seem to have already begun.

Read: https://globalnews.ca/news/8733326/elon-musk-twitter-shareholder/


Elsewhere online:

UPS devices could be targeted by attackers, says the US government
https://www.securityweek.com/us-government-warns-attacks-targeting-ups-devices 

A group of suspected LAPSUS$ hackers has been arrested in the UK
https://thehackernews.com/2022/03/7-suspected-members-of-lapsus-hacker.html

35% of Malware Infections Use Log4Shell
https://www.infosecurity-magazine.com/news/log4shell-used-in-a-third-of/

Vulnerability to be fixed in Western Digital My Cloud OS 5 devices
https://latesthackingnews.com/2022/03/30/critical-vulnerability-affecting-western-digital-my-cloud-os-5-devices-patch-now/ 

Cybercrime charges for 2018 and 2019 have been filed against an individual from Laval
https://montrealgazette.com/news/local-news/laval-man-faces-cybercrime-charges-from-2018-and-2019-rcmp-says 



Previously on #AxisOfEasy


If you missed the previous issues, they can be read online here:

 

 

 

 

3 thoughts on “#AxisOfEasy 240: Apple And Meta Unknowingly Provided Hackers With Customer Data

  1. This week’s quotation sounds an awful lot like Voltaire in Candide… and my sixth grade teacher.

  2. “Our knowledge can only be finite, while our ignorance must necessarily be infinite.”
    Karl Popper
    Has been on my list of aphorisms for ages.

Leave a Reply

Your email address will not be published. Required fields are marked *