Had a busy week and no time to follow the latest news this week? We got you covered with our weekly news recap.
This week, we learned some information related to Iranian APT, and North Korea money laundering schemes. Law enforcement conducted an international operation against darknet market vendors, and a programmer involved with Silk Road pleaded guilty of lying to federal agents. One member of the dark overlord hacking group was sentenced to prison, and Windows XP’s source code leaked online. Finally, researchers discovered a dangerous flaw in the Instagram app, and Shopify and Strava had data privacy issues.
APT#
Rampant Kitten - An Iranian Espionage Campaign
A new report by CheckPoint unravelled an ongoing surveillance operation by Iranian entities. This operation was aimed at Iranian expats and dissidents and has allegedly been going on for years. Multiple attack vectors such as Windows info stealers (targetting Telegram desktop, Windows files, and Keepass), as well as an Android backdoor, and Telegram phishing pages were found.
Secret documents show how North Korea launders money through U.S. banks
Journalists were able to consult a bunch of leaked FinCEN documents detailing how North Korea was able to carry out an elaborate money-laundering scheme for years, using shell and Chinese companies, as well as New York banks. The documents mainly cover the period between 2008 and 2017, where more than USD 174.8 million as allegedly laundered. Banks such as JP Morgan and the Bank of New-York Mellon were involved.
Darknet#
179 Darknet Market Vendors Arrested Across the Globe in a Large Police Operation: DisrupTor
DisrupTor, a nine months operation coordinated by Europol and involving various police forces in Europe and the US, led to the arrest of 179 darknet market vendors across the globe. Police also seized USD 6.5 million in cash and cryptocurrencies, as well as 500 kilograms of drugs, and 64 firearms. Law enforcement agencies used the data issued from the Wall Street Market take-down earlier last year to get the necessary intelligence.
Michael R. Weigand, aka Shabang, pleaded guilty to making false statements to the IRS and FBI saying he was not involved with Silk Road market. Weigland provided technical support to the Silk Road administrator and identified several vulnerabilities within the website. He was also involved in travelling to London remove evidence from Tomas Clark’s (aka Variety Jones / The Plural of Mangoose) residence. Weigand is scheduled to be sentenced on December 18 and risks up to five years in prison.
General Security#
Member of ‘The Dark Overlord’ hacking group sentenced to five years in prison
Nathan Francis Wyatt, a British national, was sentenced to five years in prison and to pay USD 1,467,048. The hacker was involved with The Dark Overlord group since 2016 and was involved with the hacking of companies, stealing their sensitive data and asking them for ransoms not to make them public. He was arrested in the UK in 2017, and extradited in US in the end of 2019.
Windows XP source code leaks online
According to The Verge, torrent files with Windows XP’s source code are currently being shared by various sharing sites. While the code has reportedly been shared for a couple of years already, this is the first time that it is made public. The torrent files are also including references to conspiracy theories involving Bill Gates.
Privacy#
#InstaHack: how researchers were able to take over the Instagram App using a malicious image
Researchers found a critical vulnerability in the Instagram for iOS and Android. The flaw could have allowed attackers to perform remote code execution and to get full control of the application (for example viewing private messages, but also accessing the camera). The flaw could have been exploited by sending a malicious image using any messaging service. When opening Instagram, the picture would have been parsed by Mozjpeg, an open-source JPEG images decoder, and lead to a heap buffer overflow.
Shopify Reveals That Employees Stole Customer Data from Merchants
Shopify, one of the leading eCommerce platform, reported this week that two rogue employees belonging to their support team stole data belonging to 200 merchands. Shopify immediately terminated these employees and reported the incident to the FBI, which is still investigated. So far, there is no evidence of the data being used.
Strava app shows your info to nearby users unless this setting is disabled
Strava, a run tracking app reportedly allowed to show run itinerary of other people, if privacy settings were not explicitly changed. Users reported that only crossing into another user would add them as running together in the application, making the other party’s map itinerary available.Windows XP source code leaks online