FBI Indicts Five Alleged Members of Cybercrime Group Linked to Cryptocurrency Thefts The U.S. government has unveiled charges against five individuals suspected to be affiliated with a loosely organized cybercriminal group known as "Scattered Spider." These charges, unsealed on November 20, 2024, stem from allegations that the group was responsible…
3rd Party Risk Management, Governance & Risk Management, Incident & Breach Response DOJ Accuses Alleged Hackers of Stealing Terabytes of Data From Snowflake Victims Chris Riotta (@chrisriotta) • November 13, 2024 Connor Moucka and John Binns face charges for allegedly stealing terabytes of data from Snowflake, affecting over 165 organizations.…
On July 25, 2023, Cyber Threat Intelligence revealed that North Korean state-sponsored hackers connected to the Reconnaissance General Bureau (RGB) were linked to the JumpCloud breach due to a significant operational security (OPSEC) error that revealed their IP address. Google’s threat intelligence firm Mandiant has identified this group as UNC4899, which overlaps with known clusters like Jade Sleet and TraderTraitor—hackers notorious for targeting the blockchain and cryptocurrency sectors. Furthermore, UNC4899 shares connections with APT43, another hacking group affiliated with North Korea, previously exposed in March for conducting intelligence-gathering campaigns and stealing cryptocurrency from various companies. Their tactics include employing Operational Relay Boxes (ORBs) using L2TP IPsec tunnels along with commercial VPN services to conceal their identity.
North Korean State-Sponsored Hackers Identified in JumpCloud Breach Due to Operational Security Oversight On July 25, 2023, cybersecurity experts revealed that the recent breach of JumpCloud, a directory-as-a-service provider, has been linked to North Korean state-sponsored hackers associated with the Reconnaissance General Bureau (RGB). The inquiry into the attack found…
On July 25, 2023, Cyber Threat Intelligence revealed that North Korean state-sponsored hackers connected to the Reconnaissance General Bureau (RGB) were linked to the JumpCloud breach due to a significant operational security (OPSEC) error that revealed their IP address. Google’s threat intelligence firm Mandiant has identified this group as UNC4899, which overlaps with known clusters like Jade Sleet and TraderTraitor—hackers notorious for targeting the blockchain and cryptocurrency sectors. Furthermore, UNC4899 shares connections with APT43, another hacking group affiliated with North Korea, previously exposed in March for conducting intelligence-gathering campaigns and stealing cryptocurrency from various companies. Their tactics include employing Operational Relay Boxes (ORBs) using L2TP IPsec tunnels along with commercial VPN services to conceal their identity.
The FBI has issued a warning that North Korean cyber actors may seek to liquidate more than $40 million in stolen cryptocurrency. This announcement surfaced on Tuesday amid ongoing investigations into recent blockchain activities linked to a group identified by U.S. authorities as TraderTraitor, also known colloquially as Jade Sleet.…
The Federal Bureau of Investigation (FBI) has issued a warning regarding the ongoing risk posed to Barracuda Networks Email Security Gateway (ESG) appliances, despite recent patches deployed in response to a critical vulnerability. This advisory indicates that while Barracuda has addressed the flaw, the devices remain susceptible to exploitation by…
The recent investigation by Mandiant, a cybersecurity arm of Google, has unveiled significant insights regarding the breach incidents attributed to a hacker identified as UNC5537. Austin Larsen, a threat intelligence analyst at Mandiant, characterizes this hacker as “one of the most consequential threat actors of 2024.” The repercussions of these…
A hacker believed to be behind a significant series of breaches involving Snowflake accounts has been apprehended in Canada, following a request from U.S. law enforcement. The Canadian Justice Department confirmed the detention of Alexander Moucka, also known as Connor, under a provisional arrest warrant on October 30. Reports of…
Iran-Linked Cyber Group Targets Middle Eastern Transportation and Tech Sectors Amid Increased Activity In October 2023, a cyber group with connections to Iran intensified its operations, focusing on the transportation, logistics, and technology sectors across the Middle East, including Israel. This uptick in Iranian cyber activity aligns with the escalation…
In a troubling development for cybersecurity, Fortinet, in collaboration with Mandiant, has uncovered a widespread exploitation of FortiManager devices linked to CVE-2024-47575. This vulnerability has compromised over 50 systems across various sectors, with the threat group known as UNC5820 leveraging the flaw to facilitate data theft and unauthorized access. The…
