Security News – April 2023

Read our roundup of cybersecurity news from April 2023. Each month, we’ll bring you security cases and interesting insights to help you stay secure. 

Politics 

Chinese pro-government hackers are using new Linux malware for espionage. Only three out of the 62 known antivirus solutions flagged the developed malware as malicious. The attacks were targeting government and financial organizations in South Africa and Nepal.

A pro-Russian APT group (APT 29) linked to the Russian Intelligence Service (SVR) was involved in a large-scale spin campaign in NATO and EU countries. Those in affected domains were advised to take countermeasures.

The FSB accused NATO of carrying out over 5,000 attacks on Russian critical infrastructure. Strangely, this report was published just after attributing a number of attacks to the Russian forces. The report contradicts published data from Rostelecom, which revealed that the most active groups included three Chinese groups and one North Korean APT group.

The National Cyber Security Centre (NCSC) in Bristol has warned about a new type of Russian hackers. These state-sponsored groups are sympathetic to the Russian invasion, and their motivation is ideological rather than financial.

Investigations and research

The FBI has issued a warning about digital sex extortion, where attackers use phishing campaigns to obtain compromising material from users, which they then use for blackmailing. In 2021, over 13,000 cases of this type were reported.

CISA has ordered government agencies to update their iPhone, Mac, and iPad devices in order to remove all vulnerabilities disclosed by the agency. The two latest vulnerabilities allow code to be executed together with kernel privileges.

To prevent malware operations and illegal activities targeting Android users, Google blocked over 173,000 programmer accounts in 2022. In total, 1.5 million suspicious apps were involved and suspected fraudulent transactions totaling $2 billion were blocked.

The largest marketplace for stolen personal data, Genesis Market, has been shut down, resulting in numerous arrests.

Israeli spyware vendor QuaDream shut down its operations a week after Citizen Lab and Microsoft exposed its toolkit. QuaDream specialized in Apple products, and the victims did not need to take any action to be affected.

Attacks

While using ChatGPT, Samsung employees inadvertently disclosed classified information. They put in classified data, which is now owned by OpenAI, the company behind the ChatGPT service. All user input is stored for future training purposes.

Several Nexx IoT devices, such as garage doors and home alarms, have serious vulnerabilities that could potentially disable or exploit their functionality. These vulnerabilities have yet to be addressed.

After a successful attack, Western Digital was forced to shut down some of its services. The attack also affected other services provided by the company, such as cloud, proxy, web, authentication, email, and notification services.

The eFile.com service authorized by the U.S. Internal Revenue Service (IRS) was compromised when it began distributing JavaScript malware.

The FBI issued a warning against using public charging stations for cell phones due to active exploitation by attackers seeking sensitive data from devices. It is recommended to use USB cables that are designed exclusively for charging.

Attackers are taking advantage of the unmaintained WordPress plugin Eval PHP to install backdoors on compromised websites. In April, the number of malicious code installations via this plugin reached over 4,000 per day. The plugin has not been updated for over a decade.

Other

Starting in 2024, Google will require Android programmers to add a functionality that allows the deletion of a user’s account and all associated data as per the company’s new policy.

Microsoft has announced an improvement in OneNote’s protection against the insertion of files with potentially malicious extensions. This comes after several instances of malware spreading files with integrated malicious files through OneNote.

An Australian helicopter crashed due to a software update installation failure and pilot error.

Decommissioned routers often fail to undergo deletion, and researchers from Eset found that the devices contain both the original configuration and data that allow the previous owner to be identified. Attackers can easily exploit this data when planning an attack.

Various scams cost Australians $3.1 billion last year.
Attackers using botnets for DDoS attacks are shifting from IoT devices to virtual private servers in the composition of botnets. In this way, despite the significantly smaller number of servers, botnets achieve greater strength.