Hacken Token
$ -- --.--

Weekly News Digest #40

US schools targeted by the new GoLang Trojan ChaChi

ChaChi is written in the Go programming language and has been actively used to commit an attack against different US institutions such as schools and government bodies. According to the statement made by BlackBerry Threat Research research team, ChaChi has also been actively used to commit ransomware attacks. Currently, malicious groups are shifting from using C and C++ programming languages and start widely adopting the GoLang (Go) programming language taking into account its versatility and ease of cross-platform code compilation.

For the last few years, there has been a 2,000% increase in the number of Go-based samples. ChaChi appeared in the hands of malicious actors in the first half of 2020 and was linked to cyberattacks against local authorities in France. The latest samples of this malware are linked to cyberattacks initiated against US educational institutions. The modern sample of ChaChi can perform such activities as data exfiltration, backdoor creation, credential dumping, etc. 

Read more 

Warning by Microsoft: attackers use the call centre to force you to download ransomware

Security specialists of the technological giant Microsoft are fighting against the criminal group BazarCall that utilizes call centres to infect victims’ computers with malware called BazarLoader. It is a malware loaded that is used by malicious actors to distribute ransomware. The criminal group has been utilizing the scheme involving call centres since January 2021. According to Brad Duncan from Palo Arto Network, backdoor access to an infected Windows computer is provided via this malware. Upon infecting clients criminals start exploiting this backdoor access to send follow-up malware, carry out the environment scanning, and exploit other vulnerable hosts in the network.

The cyberattack starts with sending phishing emails to victims containing advice regarding the trial subscription expiration. These emails also contain information forcing clients to call a number to cancel the trial to prevent being charged a monthly fee. Microsoft is actively fighting against this criminal group since the threat actors are targeting the users of Office 365. When victims contact the call centre, it starts instructing them on how to download the specified file to cancel their subscription. The Excel file downloaded by victims contains a malicious macro that downloads the payload. 

Read more

226.3 million ransomware attacks detected by SonicWall this year

The global detection network of SonicWall detected more than 226 million ransomware attacks between January and May 2021 that constitutes a 116% increase compared to the same period in 2020. The company explains the rapid increase in the number of committed ransomware attacks by the profitability of this type of cyberattacks for malicious actors. SonicWall observed this increase in almost every region of the world including the United Kingdom and the USA. Ransomware attacks force companies into constant defence stance. There is no consensus in the industry regarding how to combat ransomware as a whole. 

Ransomware attacks draw the attention of both law enforcement agencies and famous political figures. However, even they cannot propose the structured plan on how to against against this type of cyberattacks. According to SonicWall CEO, private and public sectors should try to unite their efforts to prepare adequate response to this growing threat. Ransomware attacks have already become a national security issue in most countries including the USA. 

Read more

DoS attacks and data thefts are enabled by bugs in Nvidia’s Jetson Chipset 

Millions of internet of things (IoT) devices running NVIDIA’s Jetson chips contain flaws that enable a number of hacks including data siphoning and denial-of-service (DoS). Nine patches were released by Nvidia to address 9 vulnerabilities with the high-severity level and 8 less severe bugs. A wide swath of NVIDIA’s chipsets that are typically used for machine learning applications, autonomous devices like robots and drones, and embedded computing systems are fixed by the released patches. The patches were delivered in NVIDIA’s June security bulletin.

The most severe bug detected tracked as CVE‑2021‑34372 makes the Jetson framework open to buffer-overflow attacks initiated by adversaries. An adversary just needs to have little to low access rights to launch an attack. The exploitation of thi vulnerabilty could allow attackers to sabotage and manipulate the targeted systems. The severity rating of other vulnerabilities patched by NVIDIA range between 7 and 7.9. The exploitation of 6 bugs could result in DoS attack.

Read more

Brothers from South Africa vanished along with virtual assets worth $3.6 billion

The huge amount of cryptoassets in Bitcoin have vanished from the cryptocurrency investment platform owned by South African pair of brothers. Investors hired a Cape Town law firm that contacted the elite unite of the national police force called Hawks. The loss of more than 69,000 coins may constitute the biggest loss of cryptoassets in history. The incident may force regulatory bodies to impose stricter order in the industry. In April 2021, the elder brother who is the Chief Operating Officer of Africrypt Ameer Cajee informed investors that the platform experienced a hack but asked clients not to report the incident to lawyers and other bodies. 

However, a few sceptical investors contacted the law firm Hanekom Attorneys. When investigating the case, the law firm found that virtual assets were transferred from Africrypt South African accounts and client wallets and then the coins passed through a number of tumblers and mixers so that the funds became untraceable. The company Africrypt was founded in 2019 and since then has offered huge returns to investors. As of now, its website is down and all phone calls to brothers go directly to voicemail.

Read more

Subscribe to our research

Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.