Cybercrime Archives | Page 81 of 117 | Digital Watch Observatory

Breaking Bad star’s X account hijacked for fake meme coin promotion

Dean Norris, famed for his role as Hank Schrader in Breaking Bad, had his X account hacked to promote a fraudulent memecoin. The coin, DEAN, which briefly reached a market cap of over $8 million, was part of a pump-and-dump scheme. Norris confirmed the hack on 26 January, stating that the coin was a ‘complete, fake scam’ and slamming Reddit users who blamed him for the incident.

The hackers used Norris’s likeness in a doctored video and images to deceive people into thinking he was endorsing the token. Although the promotional posts were eventually removed, screenshots of the fraudulent content circulated online. Blockchain data showed a massive spike in the coin’s value, which quickly collapsed after the scam was exposed.

It is not the first time Norris has been targeted by crypto fraudsters. In November, his account was also hijacked in a similar scheme, with connections to other high-profile account takeovers. Norris, who rarely uses X and does not have a Telegram account, revealed he was unaware of the hack until friends alerted him.

Polish game developer hit by cyberattack demanding ransom

Big Cheese Studio, a game development studio based in Poland, confirmed it suffered a cyberattack early Friday, according to the Polish Press Agency (PAP). The attack occurred around 4:00 GMT, and the company’s website remained offline several hours later. Management stated that security measures were in place, with an official statement expected later in the day.

Reports indicate hackers accessed the studio’s game code systems and employee personal data. The attackers are allegedly demanding 100,000 zlotys (£19,000) in cryptocurrency to prevent the release of stolen information. Users on social media platform X brought attention to the ransom threat, sparking concerns over data privacy and security.

Big Cheese Studio, listed on the Warsaw Stock Exchange, is working to address the breach. The incident underscores growing risks faced by companies in the gaming industry from cyber threats.

Denmark warns of cyber threats to its water infrastructure

Denmark’s national Centre for Cybersecurity (Center for Cybersikkerhed, CCS) has identified a ‘very high’ risk of cyberattacks targeting the country’s water infrastructure following its first official assessment of threats to the sector.

According to CCS acting head Mark Fiedel, the water sector plays a vital role within Denmark’s critical infrastructure, highlighting the potential impacts of disruptions to drinking water supplies.

As an example of the risks faced by the sector, Fiedel noted an incident in December 2024 when hackers accessed a small water plant in Denmark, resulting in a temporary disruption of water services for approximately 50 households.

CCS classifies cyber threats into various categories, including cybercrime, which poses the significant risk to critical infrastructure. Ransomware attacks are among the identified threats, and in 2021, a water plant in Kalundborg reported a ransomware attack that briefly locked technicians out of IT systems.

Japan introduces active cyber defence bill to strengthen national security

Among the 59 bills to be introduced to the Japanese government’s review this year within next 150 days, the Active Cyber Defense Legislation stands out due to its importance for Japan’s national security.

This bill, presented to the Liberal Democratic Party (LDP) on January 16 and swiftly approved, is part of an effort to bolster Japan’s cybersecurity capabilities. We also earlier reported that Japan’s Liberal Democratic Party proposed an ‘active cyber defence’ system, allowing the government to collect telecom metadata to detect and prevent cyberattacks as part of broader national security reforms to strengthen the country’s cybersecurity capabilities.

The proposed legislation includes three main components: improving collaboration between the public and private sectors, allowing the government to access telecommunications data in cases of suspected cyberattacks, and enabling the neutralisation of attackers’ servers. Critical infrastructure sectors such as energy, transportation, and telecommunications would be required to report cyber incidents, with the government offering guidance on damage control and prevention.

The bill also grants the government the ability to monitor specific communications between Japan and foreign nations, but limits this to non-content data to address privacy concerns. In the event of a major cyberattack, the Self-Defense Forces (SDF) may be deployed to defend critical systems.

Although the bill has received widespread support, it faces legal challenges, particularly with regard to Japan’s constitutional protection of communication secrecy and its pacifist defense policies. Despite these concerns, public opinion remains favorable, with a recent poll showing 65% support for the legislation.

The government is moving forward with the proposal, aiming to enhance the protection of Japan’s critical infrastructure from increasing cyber risks. While the Japanese Communist Party opposes the bill, it has gained backing from major opposition parties, highlighting its broad political support.

New hacking group mimics Russia-linked group to target Russian entities, Chinese cybersecurity experts say

A hacking group, named as GamaCopy, has been imitating the tactics of the Russia-linked threat actor Gamaredon to target Russian-speaking victims, according to research by Chinese cybersecurity firm Knownsec.

GamaCopy’s latest campaign employed phishing documents disguised as reports on Russian armed forces’ locations in Ukraine, along with the open-source software UltraVNC for remote access.

However, while GamaCopy mirrors many techniques used by Gamaredon, researchers identified notable differences. For example, GamaCopy primarily uses Russian-language victims, whereas Gamaredon typically targets Ukrainian speakers. Additionally, GamaCopy’s use of UltraVNC represents a unique element in its attack chain.

Since June 2023, GamaCopy has targeted Russia’s defense and critical infrastructure sectors. However, the group is believed to have been active even earlier, i.e. since August 2021. Knownsec’s analysis suggests that GamaCopy’s operations are part of a deliberate false-flag campaign and links the group to another state-sponsored actor known as Core Werewolf, which has similarly targeted Russian defense systems since 2021.

This discovery follows recent reports of other hacker groups, conducting cyber-espionage campaigns against Russian entities, highlighting the increasing complexity and state-backed nature of these threats.

Trump administration ends Cyber Safety Review Board and pauses investigation into Salt Typhoon

The Trump administration has terminated all members of the Cyber Safety Review Board (CSRB), along with the Cybersecurity and Infrastructure Agency’s Cybersecurity Advisory Committee and other Department of Homeland Security (DHS) advisory panels. This move has halted the investigation into hacking group Salt Typhoon’s cyberattack on US telecommunications firms, raising significant concerns among cybersecurity advocates, according to CyberScoop.

While Acting DHS Secretary Benjamin Huffman suggested that outgoing members could reapply for their positions, the decision has faced criticism from lawmakers and experts. Representative Bennie Thompson (D-Miss.), of the House Homeland Security Committee, warned that this decision could delay the Salt Typhoon probe, which he emphasised must be ‘completed expeditiously.’

Cybersecurity expert Kevin Beaumont argued that dismantling the CSRB could shield Microsoft from accountability over security lapses tied to a separate Chinese hacking incident. Meanwhile, Jake Williams of IANS Research highlighted the broader implications of this decision, stating that removing such panels could undermine US national security.

However, House Homeland Security Chair Mark Green (R-Tenn.) defended the move, stating it offers the Trump administration an opportunity to appoint new members or reevaluate the mission of the CSRB for more effective oversight.

Iran and Russia sign comprehensive cooperation agreement to strengthen military, security, and cyber ties

An agreement signed between Iran and Russia last week outlines commitments to enhance military, security, cyber and technological cooperation between the two nations. The comprehensive strategic partnership agreement, signed in Moscow by Russian President Vladimir Putin and Iranian President Masoud Pezeshkian, seeks to deepen bilateral relations and includes specific provisions for cooperation in cybersecurity and internet regulation.

The agreement aims to counter the use of information and communication technologies for criminal activities and includes plans to exchange expertise on managing national internet infrastructure. The text also adds that two countries will ‘promote the establishment of a United Nations-led system for ensuring international information security and the creation of a legally binding regime for the prevention and peaceful resolution of conflicts, based on the principles of sovereign equality and non-interference in the internal affairs of states’.

The agreement emphasises strengthening sovereignty and state-centric approach to international information security and internet governance. Other key commitments on cybersecurity also include:

Expanding joint efforts to combat the criminal misuse of ICTs, exchanging expertise, and promoting sovereignty in the international information domain.
Advocating for the internationalization of internet governance, equal rights for states in managing internet segments, and rejecting limitations on national sovereignty in regulating and securing the internet.
Enhancing sovereignty through regulating global ICT companies, sharing expertise on internet management, developing ICT infrastructure, and advancing digital development.

GameOn founder faces fraud charges

The founder and former CEO of GameOn, an AI startup in San Francisco, has been indicted for orchestrating a six-year-long fraud scheme that allegedly defrauded investors and the company out of over $60 million. Alexander Beckman, 41, faces 23 criminal charges, while his wife, Valerie Lau Beckman, 38, who worked as a lawyer for the company, is charged with 16 counts, including obstruction. Both have pleaded not guilty. The US Securities and Exchange Commission has also filed civil charges against the couple.

Beckman is accused of deceiving investors by inflating the company’s financial status, including fabricating fake customer relationships, overstating revenue, and creating fraudulent bank statements and audit reports. He allegedly went as far as impersonating individuals to share false information. Meanwhile, Lau Beckman allegedly assisted her husband by providing authentic audit reports to help fabricate false documents and delete critical files after an investigation began.

The Beckmans are also accused of misusing investor funds for personal expenses, including purchasing a luxury home, vehicles, and covering costs for their wedding. The fraudulent activities reportedly continued up until Beckman’s resignation as CEO in July 2024. GameOn, which has since been rebranded as On Platform, eventually admitted to the financial discrepancies and laid off most of its employees.

The case underscores the need for integrity in the tech industry, particularly within startups, as federal prosecutors emphasise that fraud cannot fuel innovation.

Crypto influencers promote fake US treasury XRP wallet

Several high-profile crypto influencers are facing backlash after amplifying the story of a purported US Treasury XRP wallet, which has now been exposed as a scam. On 22 January, influencers shared the wallet’s details, claiming it was linked to major institutions like JPMorgan and Bank of America. The story gained momentum on social media platforms but was soon debunked through on-chain analysis, which revealed the wallet was based in the Philippines, not the US Treasury.

The fraudulent wallet, identified by the address ‘rfHhX6hA54LBqA3j7r7EnCs6qyaRK2Lyfq’, was even KYC-verified, which added to its legitimacy. Critics within the crypto community have called out influencers for spreading misinformation, citing examples of previous false claims, including one about Ripple being a Central Bank Digital Currency.

This incident highlights the increasing number of crypto-related scams, which have been rising in tandem with the popularity of social media platforms like X. Recent data shows a dramatic spike in impersonation accounts and phishing schemes, with scammers hijacking major company handles and exploiting technical vulnerabilities in blockchain systems.

The rise in crypto scams serves as a stark reminder for users to be cautious and stay vigilant online.

New scam targets jobseekers with malware

Jobseekers are being targeted by a sophisticated scam that disguises malware as interview invitations. Masquerading as legitimate offers, these fraudulent emails claim to originate from reputable companies like CrowdStrike, a cybersecurity firm. However, the links they contain redirect victims to malicious websites, leading to the download of cryptomining software.

The malware, once installed, hijacks a computer’s CPU and GPU to mine cryptocurrency. This process severely degrades system performance, causing unresponsiveness, overheating, and increased energy consumption. The software also runs covertly, making it challenging to detect until significant harm is done.

CrowdStrike has acknowledged the scam, urging jobseekers to verify recruitment emails and avoid downloading files from unknown sources. Experts advise using robust antivirus software and remaining vigilant against unsolicited links or downloads during the job application process.

As cybercriminals continually innovate, individuals must exercise caution online. Even scams aimed at exploiting system resources can pave the way for far more invasive attacks, including financial theft and personal data breaches.