SAN MATEO, CA, September 26, 2022 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Brought to you by NetworkTigers.
- “Metador” hacking group discovered.
- Australian telco company hit with a ransomware attack
- Game publisher 2K hacked.
- Wintermute crypto market maker hacked
- Rockstar Games breached
- Uber blames Lapsus$ for hack
- American Airlines discloses data breach
- North Korean hackers using a new method in a spear-phishing campaign
- LastPass: attackers had four days of internal access
“Metador” hacking group discovered
Security researchers have dubbed a hacking group “Metador” which has reportedly been lurking in the shadows for around two years. Targeting telecoms and ISPs, the group’s incentive seems to be espionage. The group appears to be highly capable and experienced in operations security. While information is not sufficient to determine the group’s origin or affiliation, their tactics and skillset imply that they are state-sponsored. Read more.
Australian telco company hit with a ransomware attack
Optus, the second largest Australian telecom, has suffered a data breach that has exposed the sensitive data of millions of current and former customers. Security researchers have validated the hacker’s claims, asking for $1 million in crypto in exchange for not leaking the stolen data to the web. Optus is facing customer backlash, as the breach was not disclosed to them directly but reported in the media days after the company was aware of the situation. Read more.
Game publisher 2K hacked
2K, a major game publisher best known for its NBA titles, has reported that it has been hacked. The company’s support system was compromised, allowing hackers to send out legitimate-looking emails that led users to download malicious software. 2K shares the same parent company as Rockstar Games, Take-Two Interactive. However, at this point, there is no indication that the two breaches are related. Read more.
Wintermute crypto market maker hacked
In the latest DeFi hack, crypto market maker Wintermute has found itself the victim. Attackers have made off with $160 million after hacking 90 assets. Wintermute has, in a statement, assured users that the company remains solvent despite the attack but has not yet disclosed how the hack took place or who they believe may be responsible. Read more.
Rockstar Games breached
Rockstar Games, best known for their Grand Theft Auto Series, has suffered a hack that resulted in a trove of unfashioned gameplay footage for their upcoming installment in the series leaked online. The hacker claiming responsibility posted the clips to an online forum and purports to be the same individual who recently hacked Uber. The hacker has also claimed to have stolen the game’s source code. Read more.
Uber blames Lapsus$ for hack
Last week’s brazen hack of Uber was at the hands of an attacker associated with the Lapsus$ cybercrime collective. Uber has refuted some of the hacker’s initial claims about how they were able to breach the company and is working with law enforcement and several third-party forensic firms to recover from the attack. Uber has stated that the hacker did not access sensitive user information and that any such data is encrypted. Read more.
American Airlines discloses data breach
American Airlines has reported that the company experienced a data breach in July of 2022 that affected a limited number of employee email accounts. American Airlines has not disclosed the number of affected employees or customers, only stating that the number is “very small” and that the breach resulted from a phishing attack. Those affected are being offered two years of identity theft protection and monitoring. Read more.
North Korean hackers using a new method in spear-phishing campaign
New findings from Mandiant report that North Korean hacker gangs are using a new spear phishing technique to get victims to install a backdoor on their system via “trojanized versions of the PuTTY SSH open-source terminal emulator.” The hackers lure victims with fraudulent job offerings from Amazon. Over WhatsApp, the targeted individuals are provided with a link that installs malicious code into their system. Read more.
LastPass: attackers had four days of internal access
In an update regarding the recent hack of LastPass, the company revealed that the hackers responsible for the breach had access to internal systems for four days before they were detected. LastPass still maintains that the attackers had no access to sensitive customer data or encrypted password vaults. The criminals gained access to LastPass after impersonating a developer and successfully authenticating their multi-factor authentication. Read more.