{"id":10181,"date":"2024-01-27T07:00:00","date_gmt":"2024-01-27T05:00:00","guid":{"rendered":"https:\/\/forklog.com\/en\/major-data-breach-uncovered-trickbot-developer-sentenced-and-other-cybersecurity-events\/"},"modified":"2024-01-27T07:00:00","modified_gmt":"2024-01-27T05:00:00","slug":"major-data-breach-uncovered-trickbot-developer-sentenced-and-other-cybersecurity-events","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/major-data-breach-uncovered-trickbot-developer-sentenced-and-other-cybersecurity-events\/","title":{"rendered":"Major Data Breach Uncovered, Trickbot Developer Sentenced, and Other Cybersecurity Events"},"content":{"rendered":"<p>We have compiled the most significant cybersecurity news of the week.<\/p>\n<div class=\"wp-block-text-wrappers-keypoints article_keypoints\">\n<ul class=\"wp-block-list\">\n<li>A 12 TB data leak from popular social networks and messengers has been discovered.<\/li>\n<li>The developer of Trickbot has been sentenced to five years and four months in prison.<\/li>\n<li>LockBit claimed to have stolen data from Subway.<\/li>\n<li>Microsoft and Hewlett Packard Enterprise accused Russian hackers of attacking their systems.<\/li>\n<\/ul>\n<\/div>\n<h2 class=\"wp-block-heading\"><strong>12 TB Data Leak from Popular Social Networks and Messengers Discovered<\/strong><\/h2>\n<p>Researchers at Cybernews have uncovered the largest data leak in history from popular resources worldwide, dubbed the &#8220;Mother of All Breaches&#8221; (MOAB).<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">The Mother of All Breaches combines historic breaches and new material. In total, 26 billion records were revealed.<br \/>Learn more in ?\u2935\ufe0f<a href=\"https:\/\/twitter.com\/hashtag\/MOAB?src=hash&#038;ref_src=twsrc%5Etfw\">#MOAB<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/cybersecurity?src=hash&#038;ref_src=twsrc%5Etfw\">#cybersecurity<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/datasecurity?src=hash&#038;ref_src=twsrc%5Etfw\">#datasecurity<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/databreach?src=hash&#038;ref_src=twsrc%5Etfw\">#databreach<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/password?src=hash&#038;ref_src=twsrc%5Etfw\">#password<\/a> <a href=\"https:\/\/t.co\/7uLcvh5CmO\">pic.twitter.com\/7uLcvh5CmO<\/a><\/p>\n<p>\u2014 CyberNews (@CyberNews) <a href=\"https:\/\/twitter.com\/CyberNews\/status\/1750832201040810254?ref_src=twsrc%5Etfw\">January 26, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>In addition to information from past leaks, MOAB includes previously unpublished data. The 12 TB dataset contains 26 billion records in 3800 folders, each corresponding to a separate breach.<\/p>\n<p>The affected services include:<\/p>\n<ul class=\"wp-block-list\">\n<li>Chinese chat platform Tencent \u2014 1.4 billion records;<\/li>\n<li>Weibo \u2014 504 million;<\/li>\n<li>MySpace \u2014 360 million;<\/li>\n<li>Twitter \u2014 281 million;<\/li>\n<li>Music platform Deezer \u2014 258 million;<\/li>\n<li>LinkedIn \u2014 251 million;<\/li>\n<li>VK \u2014 101 million;<\/li>\n<li>Telegram \u2014 41 million and others.<\/li>\n<\/ul>\n<p>Government organizations in various countries were also affected.\u00a0<\/p>\n<p>Experts warned that the sensitive information contained in the dataset could be used for a wide range of attacks. They recommended users change all their passwords and check for specific data leaks using a special <a href=\"https:\/\/cybernews.com\/personal-data-leak-check\/\">tool.<\/a><\/p>\n<h2 class=\"wp-block-heading\"><strong>Trickbot Developer Sentenced to Five Years and Four Months in Prison<\/strong><\/h2>\n<p>A U.S. court has <a href=\"https:\/\/www.justice.gov\/opa\/pr\/russian-national-sentenced-involvement-development-and-deployment-trickbot-malware\">sentenced<\/a> Russian national Vladimir Dunaev, involved in the development of the Trickbot botnet, to five years and four months in prison.\u00a0<\/p>\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/u1f987.com\/wp-content\/uploads\/Vladimir-Dunaev.webp\" alt=\"Vladimir-Dunaev\" class=\"wp-image-224823\"\/><figcaption class=\"wp-element-caption\">Source: Cleveland.com<\/figcaption><\/figure>\n<p>Since 2016, the malware has functioned as an infostealer and banking trojan, used to attack financial organizations, government agencies, private companies, and individuals.<\/p>\n<p>Dunaev, also known by the alias FFX, was arrested in South Korea in September 2021 and later extradited to the U.S. After his arrest, he pleaded guilty to <a href=\"https:\/\/www.documentcloud.org\/documents\/21094966-vladimir-dunaev-trickbot-malware-dev-indictment\">charges<\/a> of conspiracy to commit computer and bank fraud, as well as identity theft.<\/p>\n<p>Six of his accomplices are also involved in the case.<\/p>\n<p>The activities of Trickbot, which caused tens of millions of dollars in damages, were halted in 2022.<\/p>\n<h2 class=\"wp-block-heading\"><strong>LockBit Claims Data Theft from Subway<\/strong><\/h2>\n<p>The hacker group LockBit has posted information about a breach of the Subway restaurant chain on its leak site, according to <a href=\"https:\/\/cybernews.com\/news\/subway-claimed-by-lockbit-ransomware\/\">Cybernews<\/a>.<\/p>\n<p>The perpetrators claim to have downloaded the company&#8217;s internal system, amounting to hundreds of gigabytes of data, including the network&#8217;s finances, franchise payments, and branch turnovers.<\/p>\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"484\" src=\"https:\/\/u1f987.com\/wp-content\/uploads\/2024-01-22-Lockbit-Subway-02-Detailseite-31d31ee46b83ebca-1024x484.webp\" alt=\"2024-01-22-Lockbit-Subway-02-Detailseite-31d31ee46b83ebca\" class=\"wp-image-224816\" srcset=\"https:\/\/u1f987.com\/wp-content\/uploads\/2024-01-22-Lockbit-Subway-02-Detailseite-31d31ee46b83ebca-1024x484.webp 1024w, https:\/\/u1f987.com\/wp-content\/uploads\/2024-01-22-Lockbit-Subway-02-Detailseite-31d31ee46b83ebca-300x142.webp 300w, https:\/\/u1f987.com\/wp-content\/uploads\/2024-01-22-Lockbit-Subway-02-Detailseite-31d31ee46b83ebca-768x363.webp 768w, https:\/\/u1f987.com\/wp-content\/uploads\/2024-01-22-Lockbit-Subway-02-Detailseite-31d31ee46b83ebca-1536x727.webp 1536w, https:\/\/u1f987.com\/wp-content\/uploads\/2024-01-22-Lockbit-Subway-02-Detailseite-31d31ee46b83ebca.webp 1600w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Source: Screenshot from LockBit&#8217;s leak site.<\/figcaption><\/figure>\n<p>The hackers have yet to present data samples, giving Subway&#8217;s administration until February 2 to pay the ransom.<\/p>\n<p>The company is conducting an internal investigation.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Microsoft and Hewlett Packard Enterprise Accuse Russian Hackers of System Attacks<\/strong><\/h2>\n<p>Microsoft <a href=\"https:\/\/msrc.microsoft.com\/blog\/2024\/01\/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard\/\">identified<\/a> the Russian group Midnight Blizzard as responsible for a recent attack on its corporate systems.<\/p>\n<p>Preliminary investigations revealed that in late November 2023, hackers <span data-descr=\"brute force method of hacking\" class=\"old_tooltip\">brute-forced<\/span> access to an old test account. Through this, they infiltrated the email environment and compromised the mailboxes of company executives, legal department staff, and cybersecurity specialists.<\/p>\n<p>Microsoft claims the hackers initially sought information about themselves in the emails.\u00a0<\/p>\n<p>The incident was only discovered on January 12, 2024. The company assured that the client environment, production systems, and source code were not affected.<\/p>\n<p>The second victim of Midnight Blizzard was Hewlett Packard Enterprise, from whose corporate email information about cybersecurity specialists and employees was also <a href=\"https:\/\/www.sec.gov\/Archives\/edgar\/data\/1645590\/000164559024000009\/hpe-20240119.htm\">stolen<\/a>. The hackers had been in the system since May 2023, but were only discovered on December 12.<\/p>\n<p>Both companies continue their investigations.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Data of 15 Million Trello Users Up for Sale on Darknet<\/strong><\/h2>\n<p>An unknown perpetrator used <span data-descr=\"automated method of extracting data from web pages\" class=\"old_tooltip\">scraping<\/span> the Trello <span data-descr=\"Application Programming Interface\" class=\"old_tooltip\">API<\/span> to link email addresses to over 15 million user profiles, reports <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/trello-api-abused-to-link-email-addresses-to-15-million-accounts\/\">Bleeping Computer<\/a>.<\/p>\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"531\" src=\"https:\/\/u1f987.com\/wp-content\/uploads\/hacking-forum-post-1024x531.webp\" alt=\"hacking-forum-post\" class=\"wp-image-224815\" srcset=\"https:\/\/u1f987.com\/wp-content\/uploads\/hacking-forum-post-1024x531.webp 1024w, https:\/\/u1f987.com\/wp-content\/uploads\/hacking-forum-post-300x155.webp 300w, https:\/\/u1f987.com\/wp-content\/uploads\/hacking-forum-post-768x398.webp 768w, https:\/\/u1f987.com\/wp-content\/uploads\/hacking-forum-post-1536x796.webp 1536w, https:\/\/u1f987.com\/wp-content\/uploads\/hacking-forum-post.webp 1600w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Source: Bleeping Computer.<\/figcaption><\/figure>\n<p>The database is currently for sale on a hacker forum. It contains:<\/p>\n<ul class=\"wp-block-list\">\n<li>First and last name;<\/li>\n<li>Email address;<\/li>\n<li>Username;<\/li>\n<li>Profile link.<\/li>\n<\/ul>\n<p>The hacker noted that the public availability of the API allowed access without logging into a Trello account or using an authentication key. IP access restrictions were bypassed using proxies.\u00a0<\/p>\n<p>Trello confirmed the abuse and stated that only registered users will now be able to access the API.\u00a0<\/p>\n<p>Nevertheless, the obtained information could be used in phishing campaigns impersonating Trello to steal more sensitive information, including passwords.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Russian Lawmakers Pass Bill &#8220;Against Journalistic Investigations&#8221; in First Reading<\/strong><\/h2>\n<p>The Russian State Duma has passed in the first reading a <a href=\"https:\/\/sozd.duma.gov.ru\/bill\/502104-8#bh_note\">package of bills<\/a> tightening liability for data leaks. The documents include a direct ban on working with databases often used by investigative journalists.\u00a0<\/p>\n<p>Officials could face fines of up to 2 million rubles for leaking personal information of citizens, and legal entities up to 15 million. The fines vary depending on the scale of the incident.<\/p>\n<p>Criminal liability is also introduced for the use, transfer, collection, and storage of personal data obtained illegally, and for creating information resources that distribute such data. The maximum prison term is up to 10 years.\u00a0<\/p>\n<h2 class=\"wp-block-heading\"><strong>Fraudsters Turn to Voice Deepfakes for Money Scams<\/strong><\/h2>\n<p>Since the beginning of 2024, there has been an increase in the use of audio deepfakes in Russia, <a href=\"https:\/\/t.me\/F_A_C_C_T\/3068\">according to<\/a> F.A.C.C.T. specialists.\u00a0<\/p>\n<p>Fraudsters create a fake account of an organization&#8217;s leader using photos from official websites or social media. They then use artificial intelligence to mimic the leader&#8217;s voice in chats with subordinates.<\/p>\n<p>The goal is to gain trust and persuade an employee, such as the company&#8217;s chief accountant, to make payments to the criminals&#8217; accounts.<\/p>\n<p>Also on ForkLog:<\/p>\n<ul class=\"wp-block-list\">\n<li>A hacker breached the X account of Algorand&#8217;s CEO to criticize the project.<\/li>\n<li>Researchers discovered a critical vulnerability in Bitcoin ATMs.<\/li>\n<li>A former Orbit Bridge employee is suspected of aiding an $80 million attack.<\/li>\n<li>North Korean hackers&#8217; attacks on the crypto market have become less profitable.<\/li>\n<li>&#8220;Privacy is not a crime&#8221;: Tornado Cash developers have started a fundraising campaign.<\/li>\n<li>macOS malware was found installing infected Bitcoin wallets.<\/li>\n<li>Phishing of crypto firm clients through a hacked email service netted hackers $600,000.<\/li>\n<li>Socket recovered 1032 ETH after a security incident.<\/li>\n<li>EigenLayer to offer applications a &#8220;shared security&#8221; mechanism.<\/li>\n<li>The SEC explained the reason for the X account hack.<\/li>\n<li>Report: Losses from hacks in the BNB Chain network decreased by 85%.<\/li>\n<li>Nethermind fixed a critical bug in the Ethereum client.<\/li>\n<li>Hackers accessed data of 66,000 Trezor users.<\/li>\n<li>Experts uncovered an automated scam scheme worth $32 million.<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\"><strong>What to Read Over the Weekend?<\/strong><\/h2>\n<p>Exchange OKX revealed how it stores and protects users&#8217; bitcoins.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We have compiled the most significant cybersecurity news of the week. A 12 TB data leak from popular social networks and messengers has been discovered. The developer of Trickbot has been sentenced to five years and four months in prison. LockBit claimed to have stolen data from Subway. Microsoft and Hewlett Packard Enterprise accused Russian [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":10180,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1238,1233],"class_list":["post-10181","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybersecurity-digest","tag-industry-digests"],"aioseo_notices":[],"amp_enabled":true,"views":"51","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/10181","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=10181"}],"version-history":[{"count":0,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/10181\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/10180"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=10181"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=10181"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=10181"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}