Dean of Telegram Users, DPRK Cyberspy Expo, and Other Cybersecurity Events.
This week’s top cybersecurity news has been compiled: (1) Experts have exposed APT43 hackers engaged in espionage for the DPRK; (2) The media learned about the Rostec tool for the dean of Telegram users; (3) GitHub has removed the Twitter source repository; (4) A phisher gang that stole $4.3 million from EU residents was arrested in Ukraine, and (5) Trend Micro finds the OpcJacker malware that steals cryptocurrency.
Experts Exposed Hackers APT43Spy for North Korea
According to experts, the DPRK General Intelligence Office is behind the cyber criminals, and its main targets are government and research organizations in the United States, Europe, Japan, and South Korea. APT43 sends phishing emails to victims of fictitious officials, redirecting them to controlled sites to collect credentials. To steal funds, the group uses malicious Android apps that target cryptocurrency holders in China.
Stolen assets are laundered through mixers and cloud mining services using fake aliases and addresses. At the same time, APT43 pays for equipment and infrastructure using PayPal, and American Express, as well as stolen Bitcoins.
The Media Familiar with the Rostec Tool for the Dean of Telegram Users
Russian state corporation Rostec has bought a platform that allows it to reveal the identities of anonymous Telegram users. This is confirmed by a joint investigation by The Bell and Meduza. According to them, the software package called “Hunter” explores more than 700 open data sources, including social networks, blogs, forums, instant messaging, bulletin boards, cryptocurrency Blockchains, the darknet, as well as government automated services.
Rostec plans to sell Okhotnik to all departments of the Ministry of Internal Affairs of the Russian Federation and operational and technical units of the FSB during 2023.
GitHub Removed Twitter Feeds Repository
The administration of the GitHub service removed the private repository of the user FreeSpeechEnthusiast that contained the source code of Twitter after DMCA – Notifications of the social network. Now the social network is trying through the court to force GitHub to provide identifying information about the culprit of the leak and the people who accessed it.
It is not known how long Twitter’s source code has been online. However, according to media reports, it appears to be about a few months.
Phisher Gang Who Stole $4.3 Million from EU Residents Arrested in Ukraine
The gang has created more than 100 phishing sites, with cheap products targeting European users. All payment information specified by customers became automatically known to the attackers. The group also set up call centers in Vinnitsa and Lvov, whose operators convinced potential victims to make purchases.
More than 1,000 victims from the Czech Republic, Poland, France, Spain, Portugal, and other EU countries have been identified. The total amount of damage exceeds $4.3 million. During a series of raids, mobile phones, SIM cards, and computer equipment were seized. The attackers face up to 12 years in prison with forfeiture. Meanwhile, the investigation continues.
Trend Micro Finds OpcJacker Malware Stealing Cryptocurrency
Trend Micro researchers discovered the OpcJacker malware, which since mid-2022 has been distributed under the guise of cryptocurrency apps and other legitimate programs on fake sites. OpcJacker features include key logger creating screenshots, stealing sensitive data from browsers, downloading add-on modules, and replacing cryptocurrency addresses on the clipboard.
The main purpose of the malware is still unknown, but experts believe that its ability to steal cryptocurrency indicates the financial motivation of the attacker.
By Audy Castaneda
