The vulnerability in Microsoft’s e-signature verification tools is abused by the Malsmoke hacking group to deploy malware and steal user data. According to the data provided by Check Point Research, more than 2,100 victims (mostly in the USA, India, and Canada) of this campaign have been detected worldwide. Generally, the malware has been detected in 111 countries. The malicious code dubbed ZLoader was used in the past to deliver banking Trojans. During the initial phases of the new campaign, malware’s operators were using the legitimate remote management software Atera to infect a system.
The current distribution scheme of the malicious package containing Atera upon installation is not known. Atera shows a fake Java installer. Hackers can remotely deploy malicious payloads since the file is installing the agent connecting the endpoint PC to the accounts of hackers.
The rate of attacks targeting supply chains is likely to increase significantly in the coming years due to replicable attacks and a low barrier to entry. Upon compromising a centralized service, platform, or software malicious actors can carry out widespread infiltration of customers and clients of the victim or may decide to cherry-pick from the most attractive targets.
These attacks enjoy popularity among malicious actors since even one successful attack can allow them to reach thousands of potential victims. One of the most recent examples of a tremendous cyberattack targeting the supply chain is the SolarWinds breach. During this attack, the malicious software update was deployed to 18,000 clients. According to the analysis performed by the European Union Agency for Cybersecurity, the planning and execution stages of these attacks are complex while the methods used are not.
Tinyman, the DeFi trading platform built on Algorand, experienced an attack on 1 January 2022. Based on the preliminary estimates, the platform lost $3M due to the hack. The attacker could extract tokens through unauthorized access to pools resulting from the exploitation of vulnerabilities in the network’s smart contracts. The first perpetrators activated their wallet addresses and deposited a seed fund for the attack. After that, they were carrying out operations with the targeted pools, swapping tokens, and minting some Pool Tokens.
Hackers exploited the bug by burning the Pool Tokens thereby receiving two of the same assets instead of two different assets. The network also detected that many other wallets were exploiting this bug. Users were immediately notified of the need to pull out their liquidity from all Tinyman related contracts.
Another reported DDoS attack caused the Solana network failure on 4 January 2022. Solana perpetrators likely used spam to carry out the malicious activity. The news on the DDoS attack was firstly reported by a noted Chinese journalist Colin Wu. This attack was the third DDoS attack experienced by Solana for the last 6 months. According to the information contained in the Grayscale security report, Solana was using the new technologies that had flaws in cryptography.
The previous reported DDoS attack took place in December 2021. However, Solana co-founder Raj Gokal claimed that the heavy congestion was caused by the IDO for the NFT game SolChicks. The flood of transactions in September 2021 resulted in Solana 17-hour outage that dropped Solana token price from $220 to $140. The latest DDoS attack has not heavily affected Solana token price.
According to the information taken from the statements made by US federal prosecutor and the data released by Chainalysis, North Korea sees in cryptocurrencies a long-term investment instrument. A part of the assets stolen are used for military purposes while the remaining assets are stored instead of being cashed out. Cryptocurrency is the only financial asset owned by North Korea, the country that is under strict political and economic sanctions.
North Korea hires hackers to perform cyberattacks targeting crypto projects and exchanges. The infamous hacker group Lazarus is among the prime suspects in these hacks. This group is carrying malware and phishing attacks to steal crypto. South Korean authorities suggest that North Korean hackers stood behind noticeable attacks against Bithumb in 2017, YouBit in 2017, and KuCoin in 2020.
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.