Cybercrime

Microsoft warned users about a cross-platform botnet that targets private Minecraft servers with distributed denial-of-service (DDoS) attacks. The botnet, dubbed MCCrash, has a unique technique of spreading that allows it to infect Linux systems even though it originates in malicious software downloaded on Windows operating systems.

An analysis of the DDoS botnet identified functionalities designed to target private Minecraft Java servers using crafted packets, most likely as a service sold on darknet sites or forums.

A breakdown of the systems affected by the botnet over a period of three months showed that most of the devices were located in Russia, but they have also been recorded in countries such as Kazakhstan, Uzbekistan, Ukraine, Belarus, the Czech Republic, Italy, and India.

The US Federal Bureau of Investigation’s (FBI’s) security platform InfraGard, a platform created to provide cyberthreat information-sharing collaborations with the private sector, has been hacked. The InfraGard programme holds details of high-profile personalities in the private sector, most of whom manage critical national security and welfare infrastructure such as, but not limited to, power and drinking water plants, financial services, transportation, manufacturing, healthcare, nuclear energy, and communication firms. A database containing contact details of over 87,000 members of InfraGard appears to have been posted on BreachedForums, a cybercrime and hacking forum. 

ChatGPT, recently created by OpenAI, has alarmed cybersecurity experts. Essentially, this chatbot is an optimising language model which assists users in generating human-like text. Cybersecurity experts have warned that there is a high chance that cybercriminals could use this model to teach them how to craft cyberattacks. Suleyman Ozarslan, the co-founder of cyber resilience organisation Picus Security, tested the chatbot by describing its tactics and techniques of ransomware without using the word ransomware as such. ChatGTP generated a text which provided the ‘pieces’ for ransomware. Namely, Ozarslan stated that the chatbot wrote effective virtualisation/sandbox evasion code that hackers could use, eventually enhancing cybercrime.

Cybersecurity researchers found that North Korean hackers pretend to work for a think tank to obtain opinions and reports from foreign experts to better understand Western policy on North Korea. According to Reuters, some of the issues raised in the emails concerned China’s reaction to North Korea’s nuclear tests, while researchers dubbed Thallium to be among these hacking groups, which have been targeting government employees, think tanks, academics, and human rights organisations. Microsoft Threat Intelligence Center (MSTIC) told Reuters that the impersonation tactic appears to be quicker than hacking someone’s account, but makes it harder for defenders to stop the emails as it is up to the recipient to identify them most of the time.

CISCO identified an increased infection of Truebot malware, with a high possibility of its association with the Evil Corp threat actor. CISCO also found that attackers shifted their malicious delivery methods among various techniques. In October 2022, many infections used Raspberry Robin, a recent malware spread through USB drives, as a delivery vector. One of these attacks had a fully featured custom data exfiltration tool named Teleport, which was used to steal information. So far, two Truebot botnets have been identified. The first is distributed online, focusing on Mexico, Pakistan, and Brazil. In contrast, the second mainly focuses on the USA and is almost exclusively composed of Windows servers.