Infosec in Brief Cybercriminals working out of Russia go to great lengths to conceal their real identities, and you won't ever find the state trying to unmask them either - as long as they keep supplying the attacks on Axis nations. It's the reason why we found it so amusing that of all the ways the identity of an organized cybercrime gang leader could be revealed, it was Russian state media that may have recently outed someone of note. Ru has named a man it alleges to be the leader of pro-Russia DDoS merchants Killnet, known as "Killmilk," in an expose following earlier claims that he started targeting the Russian Federation. Known for spearheading major attacks on targets like US government agencies, the European Parliament, and a bunch of hospitals, Killmilk has rarely done any media work but when he has, he wore a balaclava in a continued bid to evade identification. The outlet alleges the person they named has been convicted of drug dealing in the past, and is claimed to have launched attacks on Russian state infrastructure and private sector organizations. Huntress released its SMB security report this week showing that attempted Qakbot exploits have roughly halved since the takedown. The report [PDF] is rich in insights and is well worth a look. Other highlights note that most attacks use no malware at all and instead use living-off-the-land methods - using legitimate tools like remote monitoring applications to blend in with normal network traffic. Attackers establish stealthy persistence with this method that can open up organizations to various follow-on attacks, such as data theft or having that remote access sold to a ransomware group. In the meantime, among the government's many plans to tackle cybercrime is to implement a no-fault, no-liability reporting service that will mandate ransomware incident reporting across the country. It's also funneling $26.2 million AUD into support for Pacific Island nations suffering serious cybersecurity incidents in a program called Cyber Rapid Assistance for Pacific Incidents and Disasters, or RAPID. China-based attackers stole chip designs from NXP after lurking in network for 2 years, claims report. Dutch daily paper NRC reported on Friday that $52 billion market cap NXP Semiconductor had inadvertently played host to Chimera, a group of China-state-linked attackers for over two years, potentially as part of a bigger state spying program to nick Western semiconductor tech. According to the report, the group can be "Recognized" by the password they use to encrypt the loot: fuckyou. NRC's report noted that the chipmaker's data had been exfiltrated using the ChimeRAR tool, a modified version of the zip software. After initial infiltration using reused credentials in 2017, the outlet reported that the miscreants hung around for years, patiently waiting for the motherlode and checking for data only a few times a month, which they snuck out using encrypted files uploaded to OneDrive, Dropbox, and Google cloud. The group targeted chip designs and more, said the report. Semiconductor designer NXP, the second biggest chip player in the Europe after fellow ex-Philips stablemate ASML, told NRC: "As stated in our 2019 annual report, we discovered that some of our IT systems appeared to be compromised. After a thorough investigation, we determined that this did not result in material damage to our business operations. At NXP we take data security very seriously. We have learned from this experience and are prioritizing improving the protection of our IT systems to ward off cyber threats." After having his Poloniex exchange attacked and drained of circa $120 million earlier this month, two additional crypto projects linked to the investor have been attacked this week with losses estimated to be in the region of a further $130 million. The HTX exchange was drained of $30 million worth of assets, CNBC reported, as well as Heco Chain ransacked for $84.5 million - most of which being stablecoins. Also succumbing to an attack this week was crypto investment house Kronos Research, leading to a total loss of $26 million in crypto assets, it said.
This Cyber News was published on www.theregister.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000