Audits
Services
Services
Smart Contract Audit
Blockchain Protocol Audit
Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
Smart Contract Audit
Mitigate weaknesses in your smart contract and improve its functionality with a double line-to-line code analysis and a separate review by a lead auditor.
Blockchain Protocol Audit
Secure the entire architecture and implementation layers of your blockchain protocol with professional security audits and testing.
Penetration Testing
Proactively detect vulnerabilities in your Web3 project by subjecting your systems to a simulated cyberattack in a secure and controlled environment.
dApp Audit
Identify vulnerabilities in applications interacting with blockchain networks with secure code review and static security analysis.
Crypto Wallet Audit
Code review & static security analysis for crypto wallet apps.
Cross-Chain Bridge Audit
Code review & security analysis for cross-chain crypto bridges.
Bug Bounty
Receive only relevant bug reports or undergo crowdsourced penetration testing with the help of thousands of ethical hackers curated by HackenProof.
Proof of Reserves
Enhance transparency in crypto exchanges with independent on-chain proof of assets’ true collateralization.
CCSS Audit
Assess and strengthen your security practices, identify vulnerabilities, and safeguard valuable digital assets in the ever-evolving cryptocurrency landscape.
Tokenomics Audit & Design
Ensure your token model robustness and efficiency and convey trust to investors and community with our thorough, independent audit of protocol economic security.
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

The window to exchange $HAI for Hacken Equity Shares ($HES) is now open > Claim your spot today

Weekly News Digest #37

Weekly News Digest #37

Share via:

Fujifilm has experienced a ransomware attack

Anne Neuberger, the top cyber official at the National Security Council, released an open letter warning organizations to take actions to prevent risks. Fujifilm, the Japanese conglomerate, has fallen victim to the massive ransomware attack. Malicious actors accessed without authorization the company’s servers and the entity has been forced to shut down its network. It took the company 2 days to investigate the scope of the attack that has affected the entity’s phone and email services.

According to Vitali Kremez, CEO at Advanced Intel, Fujifilm was hit with the Qbot Trojan in May and the malicious actors behind this attack are suspected of committing the recent ransomware crime since they have been working with the REvil ransomware gang. This ransomware group has been responsible for committing attacks against JBS and Colonial Pipeline. Due to the high level of digital risks, the White House has issued special warning to organizations.

A new backdoor has been created by Chinese cybercriminals to spy on governments

The Chinese threat actors have created the special backdoor used in cyberespionage campaigns. According to Check Point Research, it took the Chinese actors 3 years to design, develop, test, and deploy the backdoor to attack the systems of the Ministry of Foreign Affairs of the Southeast Asian government. The spear phishing messages impersonated other departments of the same government. The malicious actors were using the weaponized, official-looking documents sent via email to target members of staff.

When victims open the files attached, the deployment of Royal Road takes place. The exploitation of Microsoft Word’s Equation Editor vulnerabilities (CVE-2017-11882, CVE-2018-0798, and CVE-2018-0802). The Chinese threat actors developed the backdoor to spy and exfiltrate data to a command-and-control server (C2). The server may be also used to grab and execute additional malware payloads.

Police intercepted $83 million in financial theft on their way to financial fraudsters

Over $83 million were intercepted by the police in Asia at the result of the 6-month Operation Haechi-i that was aimed at combating money laundering activities, investment fraud, and romance scams related to illegal online gambling, voice phishing, and online sextortion. As a result of the operation carried out by Interpol, 1,600 bank accounts were frozen, 585 arrests took place, and 1,400 individual criminal investigations were initiated. As of now, 892 cases have been solved.

The cross-border collaboration is required to address the issue of financial cybercrime. And the operation initiated by Interpol is a great example of international collaboration since the law enforcement officers from Cambodia, South Korea, Indonesia, Singapore, China, and other countries were involved in this operation. The Haechi-i operation was the first operation in a series of anti-cybercrime operations that will be carried out within the next 3 years.

JBS: meat supplier was hacked by the Russia-linked group

JBS, the largest meat processing company in the world, experienced a ransomware attack initiated by the Russian cybercriminal group. Due to the cyber attack some of the JBS operations in Canada, Australia, and the USA were shut down. According to JSB, the ransom has been demanded by the gang from Russia. JBS informed the FBI about the incident and the latter contacted the Russian government for clarifications.

According to the statement made by the FBI, the JBS attack is likely to be attributable to REvil and Sodinokibi malicious groups. Most of the members of the REvil group are based in Russia and other countries of the former Soviet Union. The issue of cyberattacks will be among topics discussed during the official meeting of Joseph Biden and Vladimir Putin that will take place in 2 weeks. JBS has not disclosed whether the payment of ransom to threat actors took place.

Competitions for cryptocurrency and NFT hacks are launched by the Russian underground forums

Huge prizes are offered to cybercriminals for compromising cryptocurrency services. Such competitions are launched by cybercriminals to develop new offensive techniques and methods to compromise even highly protected systems. According to Intel 471, the underground competition run by the Russian operators for the last month has been focused on identifying new methods to target cryptocurrency technologies. Criminal cyber actors are interested in developing non-standard methods to compromise crypto wallets to steal Bitcoin and Ethereum. The authors of the best method could earn up to $100,000.

The underground forums are not a new event in the cyberworld. Such forums are organized regularly and the key reason behind the forum in question is related to the fact that cryptocurrency has become a very lucrative instrument. There are a number of crypto and blockchain-related vulnerabilities that malicious actors are actively trying to exploit.