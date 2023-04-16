Voici le rapport de veille de la semaine faisant le tour des actualités les plus intéressantes. Certaines d’entre elles seront développées dans les prochains articles. Bonne lecture et merci pour le café 😉

US extradites Nigerian charged in $6m email fraud scam A suspected Nigerian fraudster is scheduled to appear in court Friday for his alleged role in a $6 million plot to scam businesses via email.

Siemens Metaverse exposes sensitive corporate data While metaverse is no longer a buzzword, amid the sudden popularity of ChatGPT and similar AI tools, those virtual worlds are still here, presenting exciting opportunities for companies, users, and, unfortunately, threat actors. Siemens, a German multinational with over $71 trillion in revenue and 300,000 employees worldwide, has also jumped on the metaverse bandwagon.

Volvo retailer leaks sensitive files Volvo’s retailer in Brazil, Dimas Volvo, leaked sensitive files through its website. The leaked files could have served malicious actors in various ways, including hijacking official communication channels and infiltrating the company’s systems. The issue causing the leak has been fixed.

Hackers claim vast access to Western Digital systems One of the hackers who breached Western Digital provided some details about the hack, the data stolen, and what the hackers are demanding.

Classified intel leaked to Discord server leads to 21-year-old’s arrest Law enforcement officials arrested a 21-year-old who is suspected of sharing classified intelligence on Discord.

Pentagon Leaks Show Russian Hackers Claim Breach of Canadian Pipeline A leaked intelligence briefing that emerged over the weekend seems to reveal a hacking episode carried out by a pro-Russian hacktivist group against a major Canadian gas pipeline. A glut of classified Pentagon documents have poured onto the internet in recent days in what is reputed to be a major leak of American national security secrets.

La Police de Los Angeles diffuse, par erreur, les photos d'agents infiltrés

Underground drug-money bank laundering EUR 180 million liquidated by law enforcement | Europol During a coordinated action day in March 2023, law enforcement arrested five suspects in Belgium, another suspect in Spain, and seized various criminal assets. The criminal network had relied on investments in cryptocurrencies and the distribution of cash via an underground banking system.

Estonian National charged with helping Russia acquire US hacking tools The Estonian man is accused of having helped the Russian government and military to purchase US-made electronics and hacking tools. The defendant was arrested in Estonia on March 28, 2023, he used several Estonian-based business entities (the « Estonian Shell Companies ») to buy goods that would have been unavailable to Russian end-users.

A cyber attack hit water controllers for irrigating fields in Jordan Valley A cyberattack blocked several controllers for irrigating fields in the Jordan Valley. The systems operated by the Galil Sewage Corporation monitor the irrigation process and wastewater treatment in the Jordan Valley. The company experts spent the entire day recovering the operations, at this time the source of the attack is still unclear.

OpenAI launched a bug bounty program OpenAI launched a bug bounty program and it is offering up to $20,000 to bug hunters that will report vulnerabilities in its ChatGPT chatbot service. The company explained that ChatGPT is in scope, including ChatGPT Plus, logins, subscriptions, OpenAI-created plugins (e.g. Browsing, Code Interpreter), plugins users create themselves, and all other functionality.

Russia-linked APT29 is behind recent attacks targeting NATO and EU Poland’s Military Counterintelligence Service and its Computer Emergency Response Team linked a recent string of attacks targeting NATO and European Union countries to the Russia-linked APT29 group (aka SVR group, Cozy Bear, Nobelium, and The Dukes). APT29 along with APT28 cyber espionage group was involved in the Democratic National Committee hack and the wave of attacks aimed at the 2016 US Presidential Elections.

Dutch Police mails RaidForums members to warn they’re being watched Dutch Police is sending emails to former RaidForums members, asking them to delete stolen data and stop illegal cyber activities and warning that they are not anonymous. RaidForums was a very popular and notorious hacking and data leak forum known for hosting, leaking, and selling stolen data obtained from breached organizations.

Police disrupts $98M online fraud ring with 33,000 victims Europol and Eurojust announced today the arrest of five individuals believed to be part of a massive online investment fraud ring with at least 33,000 victims who lost an estimated €89 million (roughly $98 million). The coordinated action took place across two action days in March and involved the search of 15 locations (including five illegal call centers) across Bulgaria, Romania, and Israel.

Pakistan-based Transparent Tribe Hackers Targeting Indian Educational Institutions The Transparent Tribe threat actor has been linked to a set of weaponized Microsoft Office documents in intrusions directed against the Indian education sector to deploy a continuously maintained piece of malware called Crimson RAT. While the suspected Pakistan-based threat group is known to target military and government entities in the country, the activities have since expanded to include the education vertical.

North Korean Hackers Uncovered as Mastermind in 3CX Supply Chain Attack Lazarus sub-group Labyrinth Chollima identified as the mastermind behind 3CX supply-chain cyberattack.

Russia-Linked Hackers Launches Espionage Attacks on Foreign Diplomatic Entities Russia-linked APT29 (Cozy Bear) is behind an ongoing cyber espionage campaign targeting foreign ministries & diplomatic entities in NATO states, EU, &

FBI & FCC Warn on ‘Juice Jacking’ at Public Chargers, but What’s the Risk? US government agencies are warning that malware planted in public charging stations for phones and other electronics can sneak onto your device when you least expect it. On April 6, the FBI Denver office published a morsel of advice. » Avoid using free charging stations in airports, hotels, or shopping centers, » its tweet stated.

EU privacy regulators to create task force to investigate ChatGPT The European Data Protection Board (EDPB) plans to launch a dedicated task force to investigate ChatGPT after a number of European privacy watchdogs raised concerns about whether the technology is compliant with the EU’s General Data Protection Regulation (GDPR).