We have collected the most important news from the world of cybersecurity for the week.
The FBI hacked the smartphone of the shooter of Trump.The Russians confessed to the LockBit ransomware attacks.AT&T paid the hackers 5.7 BTC to delete the stolen data.The FBI hacked the smartphone of the Trump shooter
The FBI, together with the developers of Cellebrite, hacked the phone of Thomas Matthew Crooks, who attempted to assassinate Trump at a rally on July 13. This is reported by Bloomberg.
The shooter used a new Samsung model running Android. Law enforcement officers gained access to the contents of the mobile in 40 minutes using an improved version of Cellebrite for data extraction and analysis.
According to the Associated Press, Crooks "had photos of the former Republican president, President Joe Biden and other officials on his phone." The FBI also found a search query for "information about severe depressive disorder."
The Russians confessed to the LockBit ransomware attacks
Russian citizens Ruslan Astamirov and Mikhail Vasiliev (also holds Canadian citizenship) have pleaded guilty to carrying out numerous cyber attacks on victims around the world using the LockBit ransomware virus. This is reported by the US Department of Justice.
Astamirov (aka BETTERPAY, offtitan and Eastfarmer) used LockBit between 2020 and 2023, receiving a total of $1.9 million in ransom.
Damage from Vasilyev's criminal activities (Ghostrider, Free, Digitalocean90, Digitalocean99, Digitalwaters99 and Newwave110) from 2021 to 2023 amounted to at least $500,000.
Astamirov, who was arrested in June 2023 in Arizona, faces up to 25 years in prison. As part of the plea agreement, he will reimburse damages, including $350,000 in cryptocurrency received from one of the victims.
Vasilyev, who has already been sentenced to four years in Ontario for distributing LockBit, can be added up to 45 years.
Disney will check the potential compromise of internal Slack channels
Disney has launched an investigation into a possible leak from corporate Slack channels, which was announced last week by the hacker group Nullbulge. This is reported by CNN.
The attackers claim to have gained access to "thousands of internal Disney messaging channels," including information about unreleased projects, raw images, source codes and some logins. The total volume of the dump, according to their estimates, is 1.2 TB.
Nullbulge refers to a certain "insider" from among the employees of Disney. However, Vx-underground researchers believe that the hacking was carried out using an infostealer.
We've seen a lot of people discussing the Disney compromise. Let's talk about it.
tl;dr prolly data stealer, not insider threat, leak is real but not going to destroy walt disney
First, the individual(s) who take credit for the compromise allege they had help from an insider.…
AT&T paid hackers 5.7 BTC to delete stolen data
The American telecommunications giant AT&T, which had 109 million subscribers' call logs and text messages stolen as a result of hacking cloud storage company Snowflake, paid ransom to extortionists. This is reported by Wired.
The compromised records did not include the contents of calls or the names of customers, but the metadata of communications could be used to correlate with other identifying information.
Initially, the hackers demanded $ 1 million from AT&T, but later agreed to a third of the amount. 5.7 BTC (more than $370,000 at the time of the transaction) entered the attackers' wallet on May 17. They laundered the cryptocurrency through several exchanges and wallets.
After the payment, AT&T received a video with proof of the removal of stolen data from the computer and cloud server of cybercriminals.
The e-mail addresses of 15 million Trello users are online
The attacker, under the nickname emo, posted more than 15 million email addresses associated with Trello accounts on the hacker forum. This is reported by Bleeping Computer.
In a comment to the publication, emo said that back in January he created a list of 500 million email addresses and, through an unsecured REST API owned by Trello, matched it with linked accounts. Some of them matched.
The leak includes e-mail addresses and information about Trello's public account, including the full username.
Now this dump is billed for eight site credits ($2.32). Potentially, the information can be used for phishing or doxing.
Data: BreachForums.Atlassian, the company that owns Trello, confirmed the incident, adding that it made the necessary updates to the API back in January.
RCN demanded to unblock more than 200 Russian YouTube accounts
Roskomnadzor has sent a request to Google LLC CEO Sundar Pichai to unblock more than 200 YouTube accounts of Russian media, authorities and public figures. This is reported by TASS with reference to the press service of the department.
According to the RCN, since 2020, video hosting has limited access to 207 resources. The sanctions included RT, RBC channels, accounts of musical artists Shaman, Oleg Gazmanov, Yulia Chicherina, writer Zakhar Prilepin, designer Artemy Lebedev and others.
The department called the restrictive measures a violation of the "key principles of the free dissemination of information and unhindered access to it."
Also on ForkLog:
Experts have reported attacks on Russian users of Hamster Kombat.The global failure of Windows systems has triggered a boom in thematic meme coins.Protocol LI.FI lost at least $8 million as a result of the hack. The team later revealed details of the incident.Indian bitcoin exchange WazirX was hacked for $234.9 million. Hackers from North Korea were suspected of the attack.The Degen Chain user lost 90% of the funds during the transaction.An alleged hacker from Trickbot has been arrested in Moscow.The ex-head of Galaxy Interactive lost $3.6 million of funds to launch a crypto casino.The expert tracked the transfers of stolen Bitcoin assets from DMM.What should I read on the weekend?
Together with the BestChange exchanger aggregator, we tell you how to check the purity of funds using its AML service.
https://forklog.com/exclusive/kak-proverit-chistotu-sredstv-s-pomoshhyu-aml-servisa-bestchange-instruktsiya