{"id":74634,"date":"2023-02-25T06:00:00","date_gmt":"2023-02-25T04:00:00","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=74634"},"modified":"2025-09-09T21:17:17","modified_gmt":"2025-09-09T18:17:17","slug":"leak-at-call-of-duty-publisher-coinbase-staff-phishing-and-other-cybersecurity-developments","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/leak-at-call-of-duty-publisher-coinbase-staff-phishing-and-other-cybersecurity-developments\/","title":{"rendered":"Leak at Call of Duty publisher, Coinbase staff phishing and other cybersecurity developments"},"content":{"rendered":"<p>We round up the week\u0019s most important cybersecurity news.<\/p>\n<div class=\"wp-block-text-wrappers-keypoints article_keypoints\">\n<ul class=\"wp-block-list\" id=\"block-565b2667-398b-48f7-b3b8-588a95f7b56d\">\n<li>Coinbase staff were targeted by SMS phishing.<\/li>\n<li>The FBI detected malicious activity on an internal network.<\/li>\n<li>A Call of Duty update schedule was leaked publicly.<\/li>\n<li>GoDaddy disclosed a multi-year compromise of its systems.<\/li>\n<\/ul>\n<\/div>\n<h2 class=\"wp-block-heading\"><strong>Coinbase staff targeted by SMS phishing<\/strong><\/h2>\n<p>On February 17, the cryptocurrency exchange Coinbase <a href=\"https:\/\/www.coinbase.com\/blog\/social-engineering-a-coinbase-case-study\">stated<\/a> that its employees had fallen victim to an SMS phishing campaign. The incident occurred on February 5.<\/p>\n<p>The targeted employees received text messages about the urgent need to log in to their account via the provided link. One recipient clicked it, entered their login and password.<\/p>\n<p>The <span data-descr=\"two-factor authentication \" class=\"old_tooltip\">2FA<\/span> on the account was bypassed by the attackers, who called the employee impersonating the IT department. The victim followed instructions and authenticated on their device.<\/p>\n<p>The Coinbase security team detected the suspicious activity, promptly blocking the compromised account.<\/p>\n<p>The attacker managed to obtain limited contact information of employees, including names, email addresses and phone numbers.<\/p>\n<p>At the same time, the exchange stressed that customer data and their funds were not affected.<\/p>\n<p>Coinbase suspected that the attack was carried out by the hacker group 0ktapus, also known as Scattered Spider, which has at least 130 similar breaches against other organisations.<\/p>\n<h2 class=\"wp-block-heading\"><strong>FBI records malicious activity on internal network<\/strong><\/h2>\n<p>On February 17, an unknown intruder breached the computer system of the FBI&#8217;s New York field office, according to CNN.<\/p>\n<p>According to informed sources, the affected segment was used to investigate crimes related to the sexual exploitation of children.<\/p>\n<p>According to the agency, this was a single incident that was promptly contained. The FBI provided no further comment on the investigation, including potential threat sources.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Call of Duty update schedule leaked online<\/strong><\/h2>\n<p>The game developer and publisher Activision confirmed unauthorized access to one of its internal Slack channels and data theft. The incident occurred in December 2022, but public disclosure came only after researchers from Vx-underground reported it.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">.<a href=\"https:\/\/twitter.com\/Activision?ref_src=twsrc%5Etfw\">@Activision<\/a> was breached December 4th, 2022. The Threat Actors successfully phished a privileged user on the network. They exfiltrated sensitive work place documents as well as scheduled to be released content dating to November 17th, 2023.<\/p>\n<p>Activision did not tell anyone. <a href=\"https:\/\/t.co\/urD64iIlC5\">pic.twitter.com\/urD64iIlC5<\/a><\/p>\n<p>\u2014 vx-underground (@vxunderground) <a href=\"https:\/\/twitter.com\/vxunderground\/status\/1627477748359872513?ref_src=twsrc%5Etfw\">February 20, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>They published a number of edited screenshots from December 4, 2022, obtained directly from the attackers. They show confidential internal documents relating to the Call of Duty franchise, as well as the content publication schedule for 2023.<\/p>\n<p>According to Vx-underground, the breach was carried out through a phishing SMS attack targeting an employee. After that the hackers gained access to Activision&#8217;s Slack channel.<\/p>\n<p>The game developer itself did not provide details of the breach, but assured that the game&#8217;s source code and players&#8217; personal data were not affected.<\/p>\n<p>According to Insider Gaming, the leak includes full names, email addresses, phone numbers, salary ranges and other employee data. In addition, the compromised Activision employee, according to journalists, works in the human resources department and has access to a large amount of confidential information.<\/p>\n<h2 class=\"wp-block-heading\"><strong>GoDaddy reports multi-year systems compromise<\/strong><\/h2>\n<p>In an SEC filing, the registrar GoDaddy disclosed the fact of a targeted attack on its systems lasting for several years.<\/p>\n<p>According to the company, unknown actors compromised the shared hosting environment running cPanel, stole the source code and installed malware on their servers.<\/p>\n<p>The issue came to light in early December 2022 after customers complained their sites were redirected to random domains.<\/p>\n<p>GoDaddy noted that the attack was carried out by an organised group targeting hosting providers worldwide. Their objective was to infect sites with malware to conduct phishing campaigns and other malicious actions.<\/p>\n<p>The registrar&#8217;s team is now working with external cybersecurity experts and law enforcement authorities to investigate the incident.<\/p>\n<h2 class=\"wp-block-heading\"><strong>A new infostealer gains traction in the dark Web<\/strong><\/h2>\n<p>Among cybercriminals, a new infostealer Stealc, capable of stealing data from browsers, extensions and cryptocurrency wallet addresses, is gaining popularity. Sekoia experts noted this.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/t.co\/CnRXY1H4Ke\">https:\/\/t.co\/CnRXY1H4Ke<\/a> uncovered a new <a href=\"https:\/\/twitter.com\/hashtag\/infostealer?src=hash&#038;ref_src=twsrc%5Etfw\">#infostealer<\/a> advertised as <a href=\"https:\/\/twitter.com\/hashtag\/Stealc?src=hash&#038;ref_src=twsrc%5Etfw\">#Stealc<\/a> on underground forums since early 2023 and already widespread in the wild.<\/p>\n<p>In a nutshell, Stealc is a copycat of the prominent <a href=\"https:\/\/twitter.com\/hashtag\/Vidar?src=hash&#038;ref_src=twsrc%5Etfw\">#Vidar<\/a> and <a href=\"https:\/\/twitter.com\/hashtag\/Raccoon?src=hash&#038;ref_src=twsrc%5Etfw\">#Raccoon<\/a> stealers.<a href=\"https:\/\/t.co\/3FqVt4y9ZM\">https:\/\/t.co\/3FqVt4y9ZM<\/a><\/p>\n<p>\u2014 SEKOIA.IO (@sekoia_io) <a href=\"https:\/\/twitter.com\/sekoia_io\/status\/1627610499188662272?ref_src=twsrc%5Etfw\">February 20, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Since January 2023, the malware has been actively advertised on hacker forums and Telegram channels.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh3.googleusercontent.com\/Jwjgn5MsLxf_Jm5hft4YKT9EYY5wJ8VdRJ3sz1gESVJ4wjvGDBSQKIOYZyVXqMOLnSsT5CANY3uHdLeX0aalQTVnKRNaRvt4lazlkBmzLmcq0s1zfV3lv90JGkDDAXAY4MkkaxDcdYWtB2lk2ASdIw4\" alt=\"Advertisement for Stealc stealer on XSS, published by Plymouth on 9 January, 2023.\"\/><figcaption>Data: Sekoia.<\/figcaption><\/figure>\n<p>In particular, authors note that Stealc&#8217;s developers drew on existing &#8220;market&#8221; solutions, including Vidar, Raccoon, Mars and Redline. However, unlike them, the new stealer can be configured to capture specific file types.<\/p>\n<p>Researchers identified more than 40 Stealc command servers and several dozen malware samples, indicating interest among cybercriminals.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Experts flag surge in attacks via social media and messaging apps<\/strong><\/h2>\n<p>Positive Technologies specialists studied the most current cybersecurity threats of the fourth quarter of 2022. Among the main trends is the increase in attacks through social networks and messaging apps.<\/p>\n<p>Also criminals used malware, social engineering and exploitation of vulnerabilities.<\/p>\n<p>As a result, there were disruptions to critical infrastructure, large-scale data leaks of user data and product source code.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh5.googleusercontent.com\/A8yZntWNLiVIivl0HdjXGwiKyc0Kk4iB0Ts2oIpCx4le63R0emT_jILxse3KUTIiNLHUzBSraNf7ZXI20B6RO69zQ-B9XbNZ1PHFj4VsdRoHxjPEYCJHqFeHR_kN8z_CP-KsMgYT0N9012cCAd7GNqQ\" alt=\"Call of Duty publisher leak, Coinbase employee phishing and other cybersecurity events\" \/><figcaption>Data: Positive Technologies.<\/figcaption><\/figure>\n<p>The total number of cyberattacks during the study period rose by 15% year-on-year from Q4 2021.<\/p>\n<p>Also on ForkLog:<\/p>\n<ul class=\"wp-block-list\">\n<li>Sam Bankman-Fried charged with <a href=\"https:\/\/u1f987.com\/en\/news\/sam-bankman-fried-charged-with-conspiracy-to-commit-bank-fraud\">\u0432 \u0441\u0433\u043e\u0432\u043e\u0440\u0435 \u0441 \u0446\u0435\u043b\u044c\u044e \u0431\u0430\u043d\u043a\u043e\u0432\u0441\u043a\u043e\u0433\u043e \u043c\u043e\u0448\u0435\u043d\u043d\u0438\u0447\u0435\u0441\u0442\u0432\u0430<\/a>.<\/li>\n<li>Edge Wallet suffered <a href=\"https:\/\/u1f987.com\/en\/news\/edge-wallet-reports-leak-of-2000-private-keys\">\u0443\u0442\u0435\u0447\u043a\u0430 2000 \u0437\u0430\u043a\u0440\u044b\u0442\u044b\u0445 \u043a\u043b\u044e\u0447\u0435\u0439<\/a>.<\/li>\n<li>A Belarus resident lost <a href=\"https:\/\/u1f987.com\/en\/news\/belarusian-trader-loses-70000-attempting-to-cash-out-cryptocurrency\">$70 000<\/a> trying to cash out cryptocurrency.<\/li>\n<li>Founders of Forsage charged with <a href=\"https:\/\/u1f987.com\/en\/news\/forsage-founders-charged-in-340m-crypto-pyramid-scheme\">\u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442\u043d\u043e\u0439 \u043f\u0438\u0440\u0430\u043c\u0438\u0434\u044b \u043d\u0430 $340 \u043c\u043b\u043d<\/a>.<\/li>\n<li>Voyager to be investigated for <a href=\"https:\/\/u1f987.com\/en\/news\/ftc-probes-voyager-over-misleading-crypto-marketing\">\u0432\u0432\u043e\u0434\u044f\u0449\u0438\u0439 \u0432 \u0437\u0430\u0431\u043b\u0443\u0436\u0434\u0435\u043d\u0438\u0435 \u043a\u0440\u0438\u043f\u0442\u043e\u043c\u0430\u0440\u043a\u0435\u0442\u0438\u043d\u0433<\/a>.<\/li>\n<li>Vinnik&#8217;s lawyer admitted <a href=\"https:\/\/u1f987.com\/en\/news\/vinniks-lawyer-signals-possibility-of-a-prisoner-exchange\">\u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0435\u0433\u043e \u043e\u0431\u043c\u0435\u043d\u0430<\/a>.<\/li>\n<li>A Bitcoin consultant for North Korea detained in Moscow.<\/li>\n<li>Hackers stole <a href=\"https:\/\/u1f987.com\/en\/news\/hackers-steal-300000-via-phishing-site-of-a-well-known-ethereum-conference\">$300 000<\/a> through a phishing site tied to a well-known Ethereum conference.<\/li>\n<li>The TrickBot botnet was sanctioned by the US and the UK.<\/li>\n<li>NBA star Paul Pierce will pay <a href=\"https:\/\/u1f987.com\/en\/news\/nba-star-paul-pierce-to-pay-1-4-million-for-ethereummax-promotion\">$1.4 million for advertising EthereumMax<\/a>.<\/li>\n<li>Journalists reported the murder of OneCoin founder Ruja Ignatova.<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\"><strong>What to read this weekend?<\/strong><\/h2>\n<p>In the education section &#8220;Kryptorium&#8221; we discuss the Ronin sidechain reboot after the massive breach.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We round up the week\u2019s most important cybersecurity news.<\/p>\n","protected":false},"author":1,"featured_media":74635,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1238,1233],"class_list":["post-74634","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybersecurity-digest","tag-industry-digests"],"aioseo_notices":[],"amp_enabled":true,"views":"34","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/74634","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=74634"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/74634\/revisions"}],"predecessor-version":[{"id":74636,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/74634\/revisions\/74636"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/74635"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=74634"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=74634"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=74634"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}