Voici la sélection des cyberattaques majeures découvertes la semaine passée.
Vous retrouvez ci-dessous les liens directs vers les articles les plus intéressants. Pour information, cette veille est préparée avec un vrai cerveau non artificiel, alors bonne lecture et merci de soutenir le Décodeur !
Les actus sélectionnées cette semaine
LoanDepot hit by suspected ransomware attack | TechCrunch
The mortgage and loan giant told regulators that it’s experiencing a cybersecurity incident involving the “encryption of data.”
Piratage – Attention aux QR Codes ! | UnderNews
Ces derniers jours, des propriétaires de voitures électriques dans le Loiret ont été victimes de vols de données bancaires à cause de QR Codes compromis sur les bornes de recharge.
Syrian Hackers Distributing Stealthy C#-Based Silver RAT to Cybercriminals
Anonymous Arabic releases Silver RAT, a trojan that slips past security and takes hidden control
Alert: Water Curupira Hackers Actively Distributing PikaBot Loader Malware
Beware of Water Curupira! This threat actor is spreading PikaBot, more than a malware loader – it’s a gateway to ransomware attacks.
Beirut Airport Cyberattack Targets Hezbollah
In addition to posting messages criticizing the group, the cyberattackers disrupted flight information and baggage handling systems.
Bangladesh Election App Crashes Amid Suspected Cyberattack
The country’s election commission pointed the blame at traffic coming from Ukraine and Germany.
Ukraine Claims Revenge Hack Against Moscow Internet Provider
Reports say M9 Telecom servers were destroyed in retaliation for Russia-backed cyberattack against Kyivstar mobile phone operator.
Volt Typhoon Ramps Up Malicious Activity Against Critical Infrastructure
The Chinese state-sponsored APT has compromised as many as 30% of Cisco legacy routers on a SOHO botnet that multiple threat groups use.
Turkish hackers Sea Turtle expand attacks to Dutch ISPs, telcos
The Turkish state-backed cyber espionage group tracked as Sea Turtle has been carrying out multiple spying campaigns in the Netherlands, focusing on telcos, media, internet service providers (ISPs), and Kurdish websites.
Netgear, Hyundai latest X accounts hacked to push crypto drainers
The official Netgear and Hyundai MEA Twitter/X accounts (together with over 160,000 followers) are the latest hijacked to push scams designed to infect potential victims with cryptocurrency wallet drainer malware.
Paraguay warns of Black Hunt ransomware attacks after Tigo Business breach
The Paraguay military is warning of Black Hunt ransomware attacks after Tigo Business suffered a cyberattack last week impacting cloud and hosting services in the company’s business division.
Ransomware victims targeted by fake hack-back offers
Some organizations victimized by the Royal and Akira ransomware gangs have been targeted by a threat actor posing as a security researcher who promised to hack back the original attacker and delete stolen victim data.
Pro-Ukraine hackers breach Russian ISP in revenge for KyivStar attack
A pro-Ukraine hacktivist group named ‘Blackjack’ has claimed a cyberattack against Russian provider of internet services M9com as a direct response to the attack against Kyivstar mobile operator.
Finland warns of Akira ransomware wiping NAS and tape backup devices
The Finish National Cybersecurity Center (NCSC-FI) is informing of increased Akira ransomware activity in December, targeting companies in the country and wiping backups.
Chinese Hackers Exploit Zero-Day Flaws in Ivanti Connect Secure and Policy Secure
Ivanti Connect Secure hit by two zero-day flaws, exploited by suspected China-linked hackers to breach under 10 customers.
La cyberattaque russe contre le principal opérateur télécom ukrainien se précise
Le Service de sécurité de l’Ukraine (SBU) a donné plus de détails sur la cyberattaque menée mi-décembre contre l’opérateur Kyivstar et ses 24 millions d’abonnés. Une opération attribuée à Sandworm, une unité du renseignement militaire russe.
Comment un ingénieur néerlandais a propagé Stuxnet en installant des pompes à eau
Le quotidien néerlandais De Volkskrant vient de donner des nouveaux détails sur l’opération Olympic Games, considérée comme la première action de cyberguerre de l’histoire.
The SEC’s X account was hijacked to post a fake approval of Bitcoin ETFs
The official SEC account posted a false notice claiming the agency has approved Bitcoin ETFs. SEC Chair Gary Gensler confirmed the agency’s account had been compromised.
Hundreds of Thousands of Dollars Worth of Solana Cryptocurrency Assets Stolen in Recent CLINKSINK Drainer Campaigns | Mandiant
On January 3, 2024, Mandiant’s X social media account was taken over and subsequently used to distribute links to a cryptocurrency drainer phishing page. Working with X, we were able to regain control of the account and, based on our investigation over the following days, we found no evidence of malicious activity on, or compromise of, any Mandiant or Google Cloud systems that led to the compromise of this account.
Bundesamt für Cybersicherheit warnt vor neuerlicher DDoS-Welle
Kommende Woche besucht der ukrainische Präsident Wolodymyr Selenskyj das WEF in Davos. Es könnte wieder zu DDoS-Angriffen auf Schweizer Unternehmen und Behörden kommen.