A pro-Ukrainian hacker group, known as Cyber Anarchy Squad, has claimed responsibility for hacking the Russian information security firm Avanpost and leaking a significant amount of its data. They also reported destroying more than 60 terabytes of data and leaking 390 gigabytes of ‘valuable information.’
Avanpost, which has been operating in Russia for 15 years and specialises in developing authorisation and authentication systems for local businesses, confirmed the incident. The company acknowledged that its infrastructure was hit by a ‘serious cyberattack’ but did not provide details on the extent of the damage or the specific data that was leaked.
Avanpost advised its customers, including Russian airports, a large water supply company, and telecom service providers, to update their identification data and change passwords ‘as a precaution.’ The company also urged people not to trust ‘rumors’ and to rely only on official information.
The exact method of the hackers’ entry into Avanpost’s system, the tools they used, and the specifics of the leaked data remain unclear.
Cyber Anarchy Squad shared some of the allegedly leaked data on Telegram and the file hosting service Mega. They also posted screenshots of what they claim to be a group chat of Avanpost employees discussing the hack. However, the authenticity of this data could not be independently verified.
The UK’s Electoral Commission has faced criticism for failing to safeguard the personal data of 40 million voters following an extensive breach that occurred in August 2021 but was only discovered in October 2022. The Information Commissioner’s Office (ICO) reported that the violation was due to the Electoral Commission’s outdated security systems, including unpatched servers and inadequate password management.
The Conservative government previously attributed the breach to Chinese hackers, leading to diplomatic tensions and sanctions from the US and its allies, including the UK and New Zealand. Despite these allegations, no confirmed evidence exists that the stolen data has been misused.
In response to the incident, the Electoral Commission has overhauled its security measures, including updating its infrastructure and implementing stricter password controls and multi-factor authentication. The Commission has assured that cybersecurity experts have validated these new measures.
China has consistently denied any wrongdoing, and the UK’s Labour Party has vowed to take a stronger stance on cyber threats and interference in British democracy. Labour plans to audit UK-China relations and introduce new cybersecurity legislation to enhance national resilience against future attacks.
The US cybersecurity company has successfully restored 97% of its Windows sensors following a global outage caused by a faulty software update. The issue, which began nearly a week ago, affected 8.5 million devices running Microsoft’s Windows operating system, leading to significant disruptions in services, including flights, healthcare, and banking.
The outage was triggered by a fault in CrowdStrike’s Falcon platform sensor, a security agent designed to protect devices from threats. The fault caused computers to crash and display the notorious blue screen of death. In response, CrowdStrike deployed a fix and mobilized all resources to support customers, enhancing recovery efforts with automatic recovery techniques.
The recovery comes amidst scrutiny over the cybersecurity firm’s quality control measures. Despite the challenges, CrowdStrike’s swift response has helped mitigate further impact and restore critical services globally.
Hackers from North Korea, identified as Anadriel or APT45, have conducted a global cyber espionage campaign to steal classified military secrets, supporting Pyongyang’s banned nuclear weapons programme. The joint advisory came from the United States, Britain, and South Korea. The hackers are believed to be part of North Korea’s Reconnaissance General Bureau, which has been under US sanctions since 2015.
These cyber units have targeted a wide range of defence and engineering firms, including those manufacturing tanks, submarines, naval vessels, fighter aircraft, and missile and radar systems. Notable breaches occurred at NASA and US Air Force bases, with significant data extraction. In one 2022 incident, hackers infiltrated NASA’s computer system for three months, extracting over 17 gigabytes of data.
Hackers also employed ransomware to fund their operations, targeting US hospitals and healthcare companies. The US Justice Department has charged one suspect, Rim Jong Hyok, with conspiracy and money laundering. In a 2021 incident, a Kansas hospital paid a ransom in bitcoin, which was traced to a Chinese bank. Authorities are offering a $10 million reward for information leading to Rim’s arrest.
Officials from the FBI and Justice Department have seized some online accounts, recovering $600,000 in virtual currency to be returned to ransomware victims. The operation reveals the extent of DPRK state-sponsored actors’ efforts to advance their military and nuclear programmes. Last year, North Korean hackers breached systems at a Russian rocket design bureau, employing similar phishing techniques and computer exploits.
Meta Platforms announced on Wednesday that it had removed approximately 63,000 Instagram accounts in Nigeria involved in financial sexual extortion scams, primarily targeting adult men in the United States. These Nigerian fraudsters, often called ‘Yahoo boys,’ are infamous for various scams, including posing as individuals in financial distress or as Nigerian princes.
In addition to the Instagram accounts, Meta also took down 7,200 Facebook accounts, pages, and groups that provided tips on how to scam people. Among the removed accounts, around 2,500 were part of a coordinated network linked to about 20 individuals. These scammers used fake accounts to conceal their identities and engage in sextortion, threatening victims with the release of compromising photos unless they paid a ransom.
Meta’s investigation revealed that most of the scammers’ attempts were unsuccessful. While adult men were the primary targets, there were also attempts against minors, which Meta reported to the National Centre for Missing and Exploited Children in the US. The company employed new technical measures to identify and combat sextortion activities.
Online scams have increased in Nigeria, where economic hardships have led many to engage in fraudulent activities from various settings, including university dormitories and affluent neighbourhoods. Meta noted that some of the removed accounts were not only participating in scams but also sharing guides, scripts, and photos to assist others in creating fake accounts for similar fraudulent purposes.
Malaysia is urging social media platforms to strengthen their efforts in combating cybercrimes, including scams, cyberbullying, and child pornography. The government has seen a significant rise in harmful online content and has called on companies like Meta and TikTok to enhance their monitoring and enforcement practices.
In the first quarter of 2024 alone, Malaysia reported 51,638 cases of harmful content referred to social media platforms, surpassing the 42,904 cases from the entire previous year. Communications Minister Fahmi Fadzil noted that some platforms are more cooperative than others, with Meta showing the highest compliance rates—85% for Facebook, 88% for Instagram, and 79% for WhatsApp. TikTok followed with a 76% compliance rate, while Telegram and X had lower rates.
The government has directed social media firms to address these issues more effectively, but it is up to the platforms to remove content that violates their community guidelines. Malaysia’s communications regulator continues highlighting problematic content to these firms, aiming to curb harmful online activity.
Spanish police have arrested three pro-Russian hackers suspected of carrying out cyberattacks against Spain and other NATO countries. These attacks, allegedly for terrorist purposes, targeted public institutions and critical infrastructures in nations supporting Ukraine in the ongoing conflict with Russia. The suspects, whose identities have not been disclosed, were detained in Manacor, Huelva, and Seville.
The arrests are linked to the hacktivist group NoName057(16), active since the Russian invasion of Ukraine. The Civil Guard reported that the group’s manifesto acknowledges their intent to retaliate against Western actions perceived as anti-Russian. Police released footage showing a Soviet-era flag in one suspect’s home.
Investigations continue, with the suspects accused of orchestrating distributed denial of service (DDoS) attacks on web pages of government sectors and essential services. A reference can be made to Russian hackers accused of similar attacks on targets in Lithuania and Norway in 2022.
A report from the Internet Watch Foundation (IWF) has exposed a disturbing misuse of AI to generate deepfake child sexual abuse images based on real victims. While the tools used to create these images remain legal in the UK, the images themselves are illegal. The case of a victim, referred to as Olivia, exemplifies the issue. Abused between the ages of three and eight, Olivia was rescued in 2023, but dark web users are now employing AI tools to create new abusive images of her, with one model available for free download.
The IWF report also reveals an anonymous dark web page with links to AI models for 128 child abuse victims. Offenders are compiling collections of images of named victims, such as Olivia, and using them to fine-tune AI models to create new material. Additionally, the report mentions models that can generate abusive images of celebrity children. Analysts found that 90% of these AI-generated images are realistic enough to fall under the same laws as real child sexual abuse material, highlighting the severity of the problem.
According to a blog post from Microsoft on Saturday, a global tech outage caused by a software update from cybersecurity firm CrowdStrike affected nearly 8.5 million Microsoft devices. That number represents less than one percent of all Windows machines, but the impact was significant, grounding flights, interrupting broadcasts, and disrupting access to essential services such as healthcare and banking.
Despite the relatively small percentage of devices affected, the outage had broad economic and societal effects due to critical enterprises’ widespread use of CrowdStrike’s services. Microsoft noted that CrowdStrike has helped develop a solution to accelerate the fix for Microsoft’s Azure infrastructure. The company is also collaborating with Amazon Web Services and Google Cloud Platform to share information about the outage’s effects across the industry.
The air travel industry was particularly hard hit, with thousands of flights cancelled and passengers experiencing extensive delays. Delta Air Lines, one of the hardest-hit airlines, reported over 600 flight cancellations by Saturday morning, with more expected throughout the day as the industry worked to recover from the IT outage.
Australia’s cyber intelligence agency warned on Saturday about the release of ‘malicious websites and unofficial code’ online, claiming to aid recovery from Friday’s global digital outage. The outage, caused by a botched software update from CrowdStrike, impacted various sectors, including media, retailers, banks, and airlines.
The Australian Signals Directorate (ASD) urged consumers to obtain technical information and updates exclusively from official CrowdStrike sources to avoid falling victim to scams. Cyber Security Minister Clare O’Neil also cautioned Australians to be vigilant against potential scams and phishing attempts.
The outage affected the Commonwealth Bank of Australia, causing temporary disruptions in PayID payments, which were later resolved. National airline Qantas and Sydney airport experienced delays but maintained operations. Prime Minister Anthony Albanese confirmed that critical infrastructure, government services, and emergency phone systems were unaffected.
CrowdStrike, a major cybersecurity provider with nearly 30.000 global subscribers, previously reached a market cap of about $83 billion. Despite the widespread disruption, the swift response helped mitigate further issues and ensured a quick recovery.
