January 02, 2024 – Cyber Briefing

👉 What’s going on in the cyber world today?

JinxLoader, DLL Exploit, Lumma Stealer, INC RANSOM, Xerox Corporation, Cactus Ransomware, Coop, Sweden, Orbit Bridge, Australia’s Court, irleaks, Iran, UK Nuclear Waste Project Developer, Black Basta Ransomware, NY Hospitals, Indonesia, Bitcoin Mines, Crypto, Orgon, Anonymous Colombia.

🚨 Cyber Alerts

1. JinxLoader Cyber Threat Unveiled

Cybersecurity firms Palo Alto Networks Unit 42 and Symantec reveal a new threat on the horizon—JinxLoader, a Go-based malware loader employed by threat actors to deploy next-stage payloads like Formbook and XLoader. Paying homage to the League of Legends character Jinx, the malware operates with a straightforward yet potent mission—loading malicious payloads. Advertised on hackforums[.]net for $60 a month or $200 for a lifetime fee, JinxLoader is infiltrating systems through phishing emails, impersonating Abu Dhabi National Oil Company (ADNOC) and relying on multi-step attack sequences to wreak havoc.

2. Windows DLL Threat Unveiled

A new threat emerges as security researchers uncover a sophisticated variant of DLL search order hijacking, presenting a potential security loophole for attackers targeting systems running Microsoft Windows 10 and Windows 11. Cybersecurity firm Security Joes details this novel technique that leverages executables in the trusted WinSxS folder, allowing threat actors to bypass security measures and execute malicious code without requiring elevated privileges. Unlike traditional DLL search order hijacking, this method introduces a subtle and stealthy approach, emphasizing the need for organizations to closely monitor activities in the WinSxS folder and examine parent-child relationships between processes to thwart potential exploitation.

3. Lumma Stealer Threatens Google Accounts

Researchers raise alarm as multiple malware-as-a-service info stealers, notably the Lumma Stealer, now possess the ability to manipulate authentication tokens, providing hackers with persistent access to a victim’s Google account even after a password reset. Cybersecurity firm CloudSEK reports that since November, Lumma Stealer has incorporated this capability, exploiting the undocumented functionality of OAuth 2.0, a widely-used security protocol for Google-connected accounts via single sign-on. The sophistication of this exploit, coupled with its blackboxing approach to hide malicious activities, marks a concerning trend in the evolving landscape of cyber threats, as other malware distribution groups quickly adopt and spread this vulnerability, posing severe risks to affected users and organizations.

4. Researchers Jailbreak AI Chatbots

Researchers at Nanyang Technological University in Singapore employed a technique known as “jailbreaking” to compromise and manipulate chatbots, including ChatGPT, Google Bard, and Microsoft Bing, making them generate content that violated their own guidelines. The research team exploited flaws in the chatbots’ systems, using a database of successful prompts to train a large language model (LLM) capable of automating the generation of jailbreak prompts. Despite developers’ efforts to implement guardrails against generating inappropriate content, the study reveals the vulnerability of AI chatbots to jailbreak attacks, emphasizing the need for continuous vigilance and security enhancements in the development of AI technologies.

💥 Cyber Incidents

5. INC RANSOM Hacks Xerox Corp

Xerox Corp, known for its global document management solutions, confronts a breach claimed by the INC RANSOM ransomware group, threatening to expose allegedly pilfered data. The ransomware group published images of documents as evidence and remains responsible for breaching over 40 organizations since its 2023 inception, heightening concerns about the extent of data compromised from Xerox Corp.

6. Cactus Hack Hits Swedish Coop

Coop, a significant Swedish retail and grocery provider, confronts a severe security threat as the Cactus ransomware group claims access to more than 21,000 directories of personal information. Despite Coop’s unique profit-sharing model, this breach emphasizes the aggressive tactics of ransomware groups, raising alarm about cybersecurity risks within retail sectors. The sophistication displayed by the Cactus ransomware operation in employing encryption methods and legitimate tools for data access amplifies the vulnerability of Coop and its extensive chain of stores.

7. Orbit Chain Hit by $82M Cyber Attack

In a recent cyber attack, hackers reportedly exploited the Orbit Bridge, a crucial bridging service in the cross-chain protocol Orbit Chain, making off with a staggering $82 million. Pseudonymous Twitter user Kgjr and blockchain security firm Cyvers brought attention to the exploit, revealing significant outflows from the Orbit Chain Bridge protocol. The hackers conducted five separate transactions, siphoning $81.68 million in Tether, USD Coin, Ether, Wrapped Bitcoin (WBTC), and Dai to new wallets, raising concerns about the security of the Orbit Chain protocol and its connections to the Klaytn network.

8. Cyber Attack Hits Victoria’s Court System

Australian Victoria’s court system grapples with a cyber-attack, revealing unauthorized access to weeks of recorded hearings. Court Services Victoria (CSV) detected the breach on December 21, tracing back the compromise of the audio-visual technology network to November 1. The breach, affecting supreme, county, magistrates, and coroner’s courts, raised concerns about data access, with CSV taking measures to isolate the affected network and strengthen security across the broader court technology system.

9. Iran Cyber Breach Exposes 160M Records

A mysterious hacker, known as ‘irleaks,’ targeted major insurance companies in Iran, offering over 160 million records for sale, sparking concerns about sensitive data breaches. The hacker claimed possession of extensive personal details, prompting worries over cybersecurity vulnerabilities within the country’s insurance sector and beyond. Hudson Rock’s analysis confirmed the authenticity of the leaked data, hinting at a potentially coordinated cyber operation by an unidentified nation-state actor.

10. UK Nuclear Waste Project Faces Cyber Threats

Cyber-hackers have set their sights on Radioactive Waste Management (RWM), the company overseeing the £50 billion Geological Disposal Facility (GDF) project, aimed at building an extensive underground nuclear waste store in the UK. The unsuccessful breach attempt was orchestrated via LinkedIn, where hackers targeted individuals associated with the GDF project. Although the cyber incidents had no significant impact, the revelation underscores the persistent threats faced by major projects, emphasizing the need for robust cybersecurity measures in critical infrastructure development.

📢 Cyber News

11. Decryptor Recovers Black Basta Files

Security Research Labs has developed a decryptor, known as the “Black Basta Buster,” exploiting a flaw in the Black Basta ransomware’s encryption algorithm. Victims targeted from November 2022 to the present may be able to recover their files for free using this tool. Although effective for recent attacks, the decryption technique is no longer applicable to newer incidents as Black Basta developers patched the bug in their encryption routine about a week ago, tightening security measures in the ransomware.

12. NY Hospitals Pursue Ransomware Data

Two New York hospitals, Carthage Area Hospital and Claxton-Hepburn Medical Center, join forces in the North Star Health Alliance to serve over 220,000 residents, seeking legal action to retrieve data stolen by LockBit ransomware and stored on a Boston cloud company’s servers. The hospitals’ lawsuit aims to recover patients’ sensitive information, including financial details and health records, demanding the destruction of all copied data from the ransomware gang, a move crucial to safeguarding affected individuals and preventing further data misuse. LockBit’s wider disruptive impact on emergency care, affecting hospitals globally, underscores the urgency and severity of this ransomware threat, as it continues to target organizations worldwide, extorting millions since 2020.

13. Bitcoin Mining Crackdowns

Indonesian police have closed 10 Bitcoin mining operations, accusing organizers of nearly $1 million in electricity theft. The North Sumatra Police confiscated 1,134 mining machines and equipment, alleging tampering with electrical circuits to power the extensive operation. This follows a Chinese official’s life sentence for facilitating electricity access for a $329 million Bitcoin mining enterprise, highlighting the global crackdown on unauthorized power usage in the crypto mining sector.

14. Crypto Theft Declines, But Risks Persist

Despite a decrease in crypto theft this year, hackers still managed to steal around $2 billion in various cyberattacks, marking a downturn in the trend since 2020, according to crypto security firms De.FI and TRM Labs. Notable incidents included the $600 million breach of the Ronin network in 2022 and the $200 million hack against Mixin Network in 2023. The report emphasizes the ongoing vulnerabilities within the DeFi ecosystem, pointing out both the strides made in addressing them and the persistent challenges faced by the industry.

15. Anonymous Colombia Hacker Sentenced

A judge in Bogotá sentenced Andres Felipe Cardoso Alvarez, alias Orgon, reportedly linked to Anonymous Colombia, to over 3 years and 5 months in prison for computer crimes. Cardoso illicitly accessed multiple private and public websites, including the Colombian president’s office, mayoral offices, and environmental entities. The Police Cyber Center, contributing to the investigation, highlighted the decentralized structure of Anonymous Colombia, emphasizing that members work independently within hacking operations.