Hackers

Activision Probing Malware Stealing Passwords from Gamers

Call Of Duty
Video game giant Activision is investigating a hacking campaign that’s targeting players with the goal of stealing their credentials, TechCrunch has learned. Somehow, the hackers are getting malware on the victim’s computers and then stealing passwords for their gaming accounts and crypto wallets, among others, according to sources. Zeebler described the effort as an “infostealer malware campaign,” where malware designed as legitimate-looking software unknowingly installed by the victim surreptitiously steals their usernames and passwords. Zeebler told TechCrunch that he found out about the hacking campaign when a PhantomOverlay customer had their account for the cheat software stolen. After that, Zeebler said he contacted Activision Blizzard as well as other cheat makers, whose users appear to be affected.

Catch Change Healthcare Hackers: US Grants $10M in Assistance

Unitedhealthcare Photo Screen Display Ap
The State Department blamed the prolific ransomware group for targeting U.S. critical infrastructure, including healthcare services. Last month, an affiliate group of the ALPHV/BlackCat gang took credit for a cyberattack and weeks-long outage at U.S. health tech giant Change Healthcare, which processes around one-in-three U.S. patient medical records. The affiliate group went public after accusing the main ALPHV/BlackCat gang of swindling the contract hackers out of $22 million in ransom that Change Healthcare allegedly paid to prevent the mass leak of patient records. Change Healthcare has said since that it ejected the hackers from its network and restored much of its systems. U.S. health insurance giant UnitedHealth Group, the parent company of Change Healthcare, has not yet confirmed if any patient data was stolen.

UK Accuses China of Major Voter Data Breach

Uk Polling Booth Elections Cyberattack
The U.K. government has blamed China for a 2021 cyberattack that compromised the personal information of millions of U.K. voters. The data breach began as early as 2021 but wasn’t detected until a year later. Dowden said that a separate attempted cyberattack by a China-backed hacking group targeted the email accounts of U.K. lawmakers in 2021, but that parliamentary authorities mitigated the attempted breaches before any email accounts were compromised. The Norwegian government previously attributed a 2018 data breach on its systems to APT31. In 2020, Google security researchers linked APT31 to the targeting of email accounts belonging to the Trump and Biden presidential campaigns.

Microsoft Reports ‘Ongoing Attack’ by Russian Hackers

Gettyimages 452481358
On Friday, Microsoft said Russian government hackers continue to break into its systems using information obtained during a hack last year. This time, the Russian hackers dubbed Midnight Blizzard have targeted Microsoft’s source code and other internal systems, the company said. This has included access to some of the company’s source code repositories and internal systems,” Microsoft wrote in a blog post. This new intrusion comes after Microsoft revealed in January that Russian government hackers had broken into the company’s systems last November. Midnight Blizzard is believed to be a hacking group working for Russia’s Foreign Intelligence Service, known by its Russian initials, SVR.

Is banning ransom payments necessary?

Cash Ransomware Ransom Payments Hackers Getty
As cybercriminals continue to reap the financial rewards of their attacks, talk of a federal ban on ransom payments is getting louder. Since then, just as talk of a potential ransom payment ban has gotten louder, so has the ransomware activity. Is a ban on ransom payments the solution? For a ban on ransom payments to be successful, international and universal regulation would need to be implemented — which, given varying international standards around ransom payments, would be almost impossible to enforce. Given the brazen nature of these attackers, it’s unlikely that they would be deterred by a ban on ransom payments.

NSA Reports Ivanti Cyberattacks Detected Targeting US Defense Industry

Nsa Glass Windows Surveillance Intelligence
The U.S. National Security Agency has confirmed that hackers exploiting flaws in Ivanti’s widely used enterprise VPN appliance have targeted organizations across the U.S. defense sector. Confirmation that the NSA is tracking these cyberattacks comes days after Mandiant reported that suspected Chinese espionage hackers have made “mass attempts” to exploit multiple vulnerabilities impacting Ivanti Connect Secure, the popular remote access VPN software used by thousands of corporations and large organizations worldwide. Mandiant said earlier this week that the China-backed hackers tracked as a threat group it calls UNC5325 had targeted organizations across a variety of industries. This includes the U.S. defense industrial base sector, a worldwide network of thousands of private sector organizations that provide equipment and services to the U.S. military, Mandiant said, citing earlier findings from security firm Volexity. Akamai said in an analysis published last week that hackers are launching approximately 250,000 exploitation attempts each day and have targeted more than 1,000 customers.

Experts Warn: ConnectWise Software Vulnerabilities Being Exploited in Large-Scale Cyber Attacks

Yellow Padlock Cyber Rating Getty
Security researchers say a pair of easy-to-exploit flaws in a popular remote access tool used by more than a million companies around the world are now being mass-exploited, with hackers abusing the vulnerabilities to deploy ransomware and steal sensitive data. ConnectWise first disclosed the flaws on February 19 and urged on-premise customers to install security patches immediately. Finnish cybersecurity firm WithSecure said in a blog post Monday that its researchers have also observed “en-mass exploitation” of the ScreenConnect flaws from multiple threat actors. It’s not yet known how many ConnectWise ScreenConnect customers or end users are affected by these vulnerabilities, and ConnectWise spokespeople did not respond to TechCrunch’s questions. The company’s website claims that the organization provides its remote access technology to more than a million small to medium-sized businesses that manage over 13 million devices.

Security Experts Warn: ConnectWise Vulnerabilities Being Exploited by Hackers to Deploy LockBit Ransomware

Ransomware Bugs Black Samuil Levich Getty
Security experts are warning that a pair of high-risk flaws in a popular remote access tool are being exploited by hackers to deploy LockBit ransomware — days after authorities announced that they had disrupted the notorious Russia-linked cybercrime gang. In a post on Mastodon on Thursday, Sophos said that it had observed “several LockBit attacks” following exploitation of the ConnectWise vulnerabilities. “Two things of interest here: first, as noted by others, the ScreenConnect vulnerabilities are being actively exploited in the wild. Rogers said that Huntress has seen LockBit ransomware deployed on customer systems spanning a range of industries, but declined to name the customers affected. The company’s website claims that the organization provides its remote access technology to more than a million small to medium-sized businesses.

US Implements Sanctions Against LockBit Members in Wake of Ransomware Takedown

Lockbit Seized Ransomware Screenshot
The U.S. government has sanctioned two key members of LockBit, the Russian-speaking hacking and extortion gang accused of launching ransomware attacks against victims across the U.S. and internationally. The U.S. sanctions announced Tuesday are the latest round of actions targeting the hackers behind LockBit and other prolific ransomware gangs. In 2022, Russian-Canadian dual national Mikhail Vasiliev was arrested on allegations of launching multiple LockBit ransomware attacks. A third suspect, Russian national Mikhail Pavlovich Matveev, was accused of involvement in several ransomware operations, including LockBit. Security researchers say that ransomware victims who pay a ransom are more likely to experience subsequent ransomware attacks.