Seven years ago, Ross Ulbricht was arrested in the science fiction section of a San Francisco library and charged with running the sprawling, dark web drug bazaar known as the Silk Road. When the FBI laid hands-on Ulbricht’s laptop that day, they found keys to unlock only a fraction of the bitcoins that he had accumulated over the Silk Road’s years of the bustling black market drug trade. Today the Justice Department finally announced where a billion-dollar transaction of the Silk Road’s treasure ended up: stolen by a secret hacker and now seized by the US Treasury.
Gaming company Capcom reported that they have been attacked by ransomware that affected access to specific systems – including email and file servers – and encrypted 1 terabyte (TB) of sensitive data. Currently, the organization is discussing with law enforcement and taking measures to restore its systems. There are no further details on how the attack began at this time. The episode is not the first time threat actors have been observed targeting video game development organizations.
Several companies and large corporations from Israel have been hacked and had their systems encrypted using a new strain of ransomware named Pay2Key, in what appears to be a targeted attack against Israeli companies. The entry point for all intrusions is currently considered to be weakly secured RDP (Remote Desktop Protocol) services. To avoid detection of their activities, the Pay2Key operators usually set up a pivot point on the local network, through which they proxy all their communications to reduce their detectable network footprint. Once the encryption ends, ransom notes are left on the hacked systems, with the Pay2Key gang usually asking for payments up to 9 bitcoins.
Top toymaker Mattel is the victim of a ransomware attack that strongly encrypted some data and temporarily disabled a limited number of business functions. It’s unclear how the attack occurred, the malware used threat actors behind the attack, and the ransomware strain used by adversaries.
“A forensic investigation of the incident has concluded, and no exfiltration of any sensitive business data or retail customer, supplier, consumer, or employee data was identified. There has been no material impact on Mattel’s operations or financial condition as a result of the incident,” the company message.
Apple has published security updates today for iOS to patch three zero-day vulnerabilities that were discovered doing abuse in attacks upon its users. According to Google Project Zero they discovered and reported the attacks to Apple, the three iOS zero-days are:
All three bugs are considered to have been used collectively, as a part of an exploit chain, allowing attackers to compromise iPhone devices remotely.
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.