Attack on Metro, the arrest of the Lapsus $ https://gagarin.news/news/governance-tokens-as-an-integral-element-of-decentralization/ participant and other cybersecurity events

We have collected the most important news from the world of cybersecurity in a week.

• Metro trading giant announced the failure of IT systems after cyber attacks.
• Microsoft leak affected 65,000 organizations around the world.
• Brazil arrested the alleged member of the Lapsus $ group.
• Deadbolt extortionists forced to convey the keys of the decryption.

Metro trading giant announced the failure of IT systems after cyber attacks

The international wholesale giant Metro experiences interruptions in the IT infrastructure and problems with payment after a recent cyber attack.

The purpose of the attackers is to detailed information about the Facebook account, stored in browsers confidential information, cookies, addresses of cryptocurrency wallets, as well as the main system data.

The new phishing campaign is aimed at ordinary Facebook users. If the type of account is defined as a business account, the malware will try to receive additional information about the methods of payment spent on the amounts, the information about the owner, the PayPal addresses belonging to him and the address.

Deadbolt extortionists forced to convey the keys of the decryption

National Police of the Netherlands with the assistance of cybersecurity researchers from Responders.Nu received 150 decryption keys from the deadbolt extortion group.

Law enforcement officers made bitcoin payments to the addresses of attackers and canceled transactions after receiving decoders. Thanks to the operation of the victims of attacks, they will be able to unlock their encrypted data for free.

Deadbolt carrier programs are focused on network storages and have already encrypted more than 20,000 Qnap and Asustor devices around the world. At least a thousand of them are in the Netherlands.

Experts discovered “inconspicuous” PowerShell-Backdor

Safebreach specialists found the new PowerShell Backdor, which has already been used for attacks for at least 69 targets.

There are two additional scripts inside the backdor – Script.PS1 and TEMP.PS1. The first sends the victim identifier to its operators and receives further commands in encrypted form. The second decodes the received commands, performs them, and then encrypts and uploads the result to the control server.

At the time of the detection of scripts, Safebreach analysts, none of the antiviruses defined them as malicious.

The decoding of the operators’ commanders showed that two -thirds of them were intended for theft of data, and the rest were used to draw up lists of files, accounts and RDP customers, as well as their deletion.

According to experts, at least 69 computers have already become victims of Malvari.

Safebreach suggests that PowerShell-Backdor was created earlier unknown attackers. Data lack of data does not yet allow you to establish their personality.

The Russian Federation will allocate 1.18 billion rubles for the isolation of the Internet

The Ministry of Cyphra of the Russian Federation amended the draft federal budget regarding the financing of measures to create a sovereign Runet.

Together, 1.18 billion rubles will be allocated for the program during 2023-2024.

Funds will be directed to the development of a system for monitoring Internet traffic and managing a public communication network.

Also on FORKLOG:

• Mango Markets community approved a deal with a hacker for $ 47 million. The victims were offered a plan for payments.
• Templedao cracker sent assets to Tornado Cash.
• NFT-collection Seven Treasures fell on the background of hacking the Liveartx wallet.
• Hackers hacked the SWAP wallet from Bitkeep. Losses amounted to $ 1 million.
• The crackers deduced over $ 8 million from the Defi Protocol Defi Protocol.

What to read on the weekend?

We explain how to preserve the confidentiality of communication, in a review of protected messengers.

Read the FORKLOG Bitcoin News in our Telegram-cryptocurrency news, courses and analytics.