William Turton and Kartikay Mehrotra of Bloommberg report: Hackers breached the United Nations’ computer networks earlier this year and made off with a trove of data that could be used to target agencies within the intergovernmental organization. The hackers’ method for gaining access to the UN network appears to be unsophisticated: They likely got in…
Category: Commentaries and Analyses
REvil ransomware’s servers reappear without fanfare or explanation
Brett Callow of Emsisoft broke the unpleasant news on Twitter last night — REvil’s dedicated leak site, “The Happy Blog,” which had disappeared after the Kaseya supply chain attack, had reappeared at its old onion address. Unfortunately, the Happy Blog is back online #REvil pic.twitter.com/vMr9qTOht2 — Brett Callow (@BrettCallow) September 7, 2021 There were no…
Afghanistan becomes the primary target for ransomware attacks following Taliban takeover
Paul Skeldon reports; The recent Taliban takeover of the government in Afghanistan has brought a lot of chaos upon the nation – and cybercriminals are seeing that such disorder in the country is another chance for them to benefit. According to the Atlas VPN team data analysis, Afghanistan became the primary target for ransomware attacks worldwide in…
Microsoft Outlook shows real person’s contact info for IDN phishing emails
Ax Sharma reports: If you receive an email from someone@arstechnіca.com, is it really from someone at Ars? Most definitely not—the domain in that email address is not the same arstechnica.com that you know. The ‘і’ character in there is from the Cyrillic script and not the Latin alphabet. This isn’t a novel problem, either. Up until a few…
North Korean hackers breach prominent defector’s accounts in targeted attack
Jeongmin Kim and Nils Weisensee report: In a multilingual social engineering attack, North Korean hackers broke into several accounts of a prominent defector and used their access to send a malicious document to a contact working on DPRK issues, an NK News investigation found. The attackers also used one of the accounts to message journalists at NK News in…
Chinese hackers behind July 2021 SolarWinds zero-day attacks
Catalin Cimpanu reports: In mid-July this year, Texas-based software provider SolarWinds released an emergency security update to patch a zero-day in its Serv-U file transferring technology that was being exploited in the wild. At the time, SolarWinds did not share any details about the attacks and only said that it learned of the bug from…