ModernLoader delivers multiple stealers, cryptominers and RATs

In the last two weeks of the war, an ad hoc team armed with group chats, QR codes, and satellite maps launched a mad dash to save imperiled Afghan allies.

Inside the Shadow Evacuation of Kabul

TOTOLINK A7000R V4.1cu.4134 was discovered to contain an access control issue via /cgi-bin/ExportSettings.sh.

Totolink, as a manufacturer of LTE routers, is continuing its research, development and innovation activities to provide consumers with a better connected to the world.  
As a 4th Industrial Revolution artificial intelligence (AI) and Internet of Things (IOT) convergence technology product, we promise to provide new value to consumers by making and supplying 5G products based on reliability in various business fields.  
thank you

All members of Totolink

CVE-2022-32993: TOTOLINK

Documents appear to show that Israeli spyware company Intellexa sold a full suite of services around a zero-day affecting both Android and iOS ecosystems.

Last month, an unknown customer appears to have shelled out around €8 million for a full-service zero-day remote control execution (RCE) exploit. 

Screenshots shared of the zero-day exploit bill of sale are dated July 14 and show that Intellexa, a spyware company, sold a product it called Nova Suite to an unknown buyer. It promised turnkey infections for Android, as well as iOS devices. The paperwork references iOS version 15.4.1 from March, but it's unclear how many devices remain vulnerable. 

Intellexa also promised the malware is delivered with just one click and uses the browser to inject the Android and iOS payload to mobile devices. The purchase price also includes data analysis, a "magazine" of 100 other infections, and even a full year's warranty. 

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Receipt for €8M iOS Zero-Day Sale Pops Up on Dark Web

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

Targeted attacks on Twilio and Cloudflare employees are tied to a massive phishing campaign that resulted in 9,931 accounts at over 130 organizations being compromised. The campaigns are tied to focused abuse of identity and access management firm Okta, which gained the threat actors the 0ktapus moniker, by researchers.

“The primary goal of the threat actors was to obtain Okta identity credentials and multi-factor authentication (MFA) codes from users of the targeted organizations,” wrote Group-IB researchers in a recent report. “These users received text messages containing links to phishing sites that mimicked the Okta authentication page of their organization.”

Impacted were 114 US-based firms, with additional victims of sprinkled across 68 additional countries.

Roberto Martinez, senior threat intelligence analyst at Group-IB, said the scope of the attacks is still an unknown. “The 0ktapus campaign has been incredibly successful, and the full scale of it may not be known for some time,” he said.

****What the 0ktapus Hackers Wanted****

The 0ktapus attackers are believed to have begun their campaign by targeting telecommunications companies in hopes of winning access to potential targets’ phone numbers.

While unsure exactly how threat actors obtained a list of phone numbers used in MFA-related attacks, one theory researchers posit is that 0ktapus attackers began their campaign targeting telecommunications companies.

“\[A\]ccording to the compromised data analyzed by Group-IB, the threat actors started their attacks by targeting mobile operators and telecommunications companies and could have collected the numbers from those initial attacks,” researchers wrote.

Next, attackers sent phishing links to targets via text messages. Those links led to webpages mimicking the Okta authentication page used by the target’s employer. Victims were then asked to submit Okta identity credentials in addition to a multi-factor authentication (MFA) codes employees used to secure their logins.

In an accompanying technical blog, researchers at Group-IB explain that the initial compromises of mostly software-as-a-service firms were a phase-one in a multi-pronged attack. 0ktapus’ ultimate goal was to access company mailing lists or customer-facing systems in hopes of facilitating supply-chain attacks.

In a possible related incident, within hours of Group-IB publishing its report late last week, the firm DoorDash revealed it was targeted in an attack with all the hallmarks of an 0ktapus-style attack.

****Blast Radius: MFA Attacks****

In a blog post DoorDash revealed; “unauthorized party used the stolen credentials of vendor employees to gain access to some of our internal tools.” The attackers, according to the post, went on to steal personal information – including names, phone numbers, email and delivery addresses – from customers and delivery people.

In the course of its campaign, the attacker compromised 5,441 MFA codes, Group-IB reported.

“Security measures such as MFA can appear secure… but it is clear that attackers can overcome them with relatively simple tools,” researchers wrote.

“This is yet another phishing attack showing how easy it is for adversaries to bypass supposedly secure multifactor authentication,” Roger Grimes, data-driven defense evangelist at KnowBe4, wrote in a statement via email. “It simply does no good to move users from easily phish-able passwords to easily phish-able MFA. It’s a lot of hard work, resources, time, and money, not to get any benefit.”

To mitigate 0ktapus-style campaigns, the researchers recommended good hygiene around URLs and passwords, and using FIDO2\-compliant security keys for MFA.

“Whatever MFA someone uses,” Grimes advised, “the user should be taught about the common types of attacks that are committed against their form of MFA, how to recognize those attacks, and how to respond. We do the same when we tell users to pick passwords but don’t when we tell them to use supposedly more secure MFA.”

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Businesses need to re-evaluate their cyber-insurance policies as firms like Lloyd's of London continue to add restrictions, including excluding losses related to state-backed cyberattackers.

Companies will need to re-evaluate their cyber-insurance premiums after major insurance companies have adopted exclusions for catastrophic cyberattacks conducted by "state-backed" actors.

This limits the risk that companies can offset with cyber insurance, security and risk experts tell Dark Reading — making taking out a policy potentially not worth it.

In the latest limits on cyber policies, insurance marketplace Lloyd's of London issued a notice on Aug. 16 to its member insurers, or syndicates, requiring that they exclude coverage for state-backed cyberattacks. The motive for the additional restrictions is to protect insurance companies and their underwriters from catastrophic loss, and help manage systemic risk that could overwhelm insurers, Lloyd's market bulletin stated.

**Is Cyber Insurance Still Worth It?**

While the insurers' position is understandable, businesses — which have already seen their premiums skyrocket over the past three years — should question whether insurance still mitigates risk effectively, says Pankaj Goyal, senior vice president of data science and cyber insurance at Safe Security, a cyber-risk analysis firm.

"Insurance works on trust, \[so answer the question,\] 'will an insurance policy keep me whole when a bad event happens?' " he says. "Today, the answer might be 'I don't know.' When customers lose trust, everyone loses, including the insurance companies."

The cyber-insurance industry has seen profits decline sharply in the past decade, as losses jumped from 35% of the revenue from premiums five years ago, to 72% in 2020. To adapt, insurance companies have dramatically raised the cost of policies — by 74% just in 2021, after rising 22% in 2020, according to FitchRatings.

    

Cyber insurance loss ratios peaked at 72% in 2020. Source: FitchRatings

Yet, insurance firms have also focused on limiting their liability. In 2021, global insurance firm AXA decided to stop paying ransoms to cybercriminals. And over the past two years, insurance companies have added act-of-war exclusions to their policies.

In its market bulletin (PDF), Lloyd's argued that the risk posed by cyberattacks continues to evolve and its members need to adapt to the threats posed by large or widely distributed attacks. While wartime risks are often excluded, Lloyd's requires that syndicates go further and ensure that certain policies have "a suitable clause excluding liability for losses arising from any state-backed cyberattack."

"If not managed properly it has the potential to expose the market to systemic risks that syndicates could struggle to manage," the insurance facilitator stated. "In particular, the ability of hostile actors to easily disseminate an attack, the ability for harmful code to spread, and the critical dependency that societies have on their IT infrastructure, including to operate physical assets, means that losses have the potential to greatly exceed what the insurance market is able to absorb."

The decisions come after pharmaceutical firm Merck won its lawsuit against its insurers after they refused to pay its $1.4 billion in business losses sustained in the NotPetya crypto-ransomware attack in 2017. The judge in the case ruled that the insurance policies' act-of-war exclusion did not apply, because the clause was meant to only exclude losses during armed conflicts.

Regardless, the policy changes are poorly thought out, some argue. 

 "Signs point to continued breaches and hacks, resulting in a longer claims process, and more litigations," says Goyal. "Unless the industry can collectively fix the way cyber insurance policies are understood, written and priced, ensuring that they are based on actual data and individual organizational risk — one size does not fit all — there is no end to the challenges and mistrust in cyber insurance."

**Too Broad an Exclusion**

The key problem is that the term "state-backed cyberattack" could be a very broad exclusion, and if abused by the insurance industry, one that will scuttle the usefulness of cyber insurance, experts say.

Attributing an attack to a nation-state is notoriously difficult, says James Turgal, vice president of cyber-risk and strategy for Optiv, a cybersecurity consultancy.

"Even if a computer involved in the attacks was traced back to an IP address located in an Iranian or North Korean military base, that doesn't necessarily mean that it was an attack done with the knowledge of or at the direction of the government's authorities," he says. "It could have been compromised by hackers in other countries \[as a false-flag attempt\]."

Currently, almost two-thirds of companies — 64% — suspect that they have been either directly targeted or impacted by a nation-state attack, says Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. Many of the major sources of cyberattacks against North American, European, and Asian companies come from cybercriminal groups linked in some way with China, Iran, North Korea, or Russia. Whether that link will equate to being "state-backed" is an open question.

"These companies are clearly going to be worried about whether insurers will deem most attacks to be nation-state sponsored," he says. "As a result, we expect most businesses that are serious about security to double down on their efforts to protect themselves from hackers in the first place."

Insurers will have to develop clear guidelines regarding what evidence and data will be used to determine the attribution of an attack, and what behavior patterns or data points they will consider in determining whether an attack is state-backed, he says.

**Time to Beef Up Cyberdefenses**

Indeed, the exclusion will likely result in fewer companies relying on cyber insurance as a way to mitigate catastrophic risk. Instead, companies need to make sure that their cybersecurity controls and measures can mitigate the cost of any catastrophic attack, says David Lindner, chief information security officer at Contrast Security, an application security firm.

Creating data redundancies, such as backups, expanding visibility of network events, using a trusted forensics firm, and training all employees in cybersecurity can all help harden a business against cyberattacks and reduce damages.

"Organizations cannot just rely on their cyber insurance policy and must proactively protect themselves from these catastrophic cyberattacks," Lindner says.

Companies also should not expect insurance firms to reverse course. Their approach is just a continuation of the industry's reactive approach to cyber insurance, says Safe Security's Goyal. Insurance firms have increased premiums, put sub-limits on ransomware, and now, have adopted arguably broad exclusions, which may just result in delayed payouts and an increase in lawsuits when insurers refuse to pay out on a large policy.

Cyber-Insurance Firms Limit Payouts, Risk Obsolescence

Anti-Putin media network February Morning has become a central player in the underground fight against the Kremlin.

On the evening of August 20, Russian TV pundit and conspiracy theorist Darya Dugina was killed on the outskirts of Moscow when a powerful explosion ripped apart her Toyota Land Cruiser. Dugina was a vocal supporter of Russia's invasion of Ukraine and the daughter of fascist philosopher and writer Alexander Dugin, nicknamed “Putin’s brain” thanks to his perceived ties to Russian president Vladimir Putin. According to Russian authorities, a remote-controlled “explosive device,” presumably installed in her car, went off at around 9 pm local time.

News of Dugina’s assassination spread like wildfire through social media, most notably on the instant messaging service Telegram, where it was shared approvingly by a vast network of Russian and Ukrainian channels. But in the hours that followed, it became clear that one channel, operated by the media outlet Utro Fevralya, or February Morning, is more than just a place to share the news. It aims to play a key role in the story.

Created by exiled former Russian MP and dissident Ilya Ponomarev, February Morning was the first to report on a group claiming responsibility for Dugina’s death. Ponomarev himself took to YouTube, where February Morning airs its shows, claiming that the perpetrators were a little-known Russian resistance group called the National Republican Army. According to Ponomarev, an all-out war against “Putinism” had just begun.

While the National Republican Army’s involvement remains unconfirmed, Ponomarev’s announcement crystallized February Morning’s role as the center of gravity of a growing guerilla movement to spark revolution in Russia. The movement’s ecosystem includes activists and saboteurs of all types, from anarchists to fascists, connected through a network of Telegram channels and a singular goal: overthrowing Vladimir Putin.

Making History

On a sun-drenched balcony overlooking a busy street in downtown Kyiv, 48-year-old Evgeni Lesnoy smokes a final cigarette before going back on the air. The seasoned journalist is one of the faces of February Morning, which he joined shortly after its creation following Russia’s invasion of Ukraine in the early hours of February 24. “Because of my friends and relatives who stayed in Russia, I had been closely following the events there prior to February 24,” Lesnoy says in Russian. After his outspoken condemnation of the war in Donbas and the annexation of Crimea cost him his friends and, ultimately, his job, the journalist left Russia for Ukraine in 2015 and has been living with his husband in Kyiv ever since.

“When I was told that this project existed, I figured that this is where I needed to be,” he says, gesturing towards the TV studio in the next room. “Because I understand the context of what is happening inside Russia: I was born there, and I understand how people there think.”

Ponomarev, February Morning’s founder, is the only member of the Russian Duma to have voted against the 2014 annexation of Crimea. After the vote, he became persona non grata in Putin’s Russia, so he and his family fled to Ukraine’s capital city and started a new life. “For quite a long time, I had wanted to create a media aimed at a Russian audience, and that would broadcast from Kyiv,” he tells WIRED over Signal. “I tried to raise money for what I thought would be a Russian-language Al-Jazeera for maybe a year._”_ The venture was unsuccessful. But when Russian tanks crossed into Ukraine, the former MP and father of two joined the Territorial Defense in Kyiv, and the project took on new urgency. “After the first couple of days, many of my friends started telling me that now might be the time to revisit the idea of a media targeting Russians.”

The living room of the 18th-century apartment in which February Morning has taken residence is home to its television studio with a semicircular stage lit with a bluish light. Two screens broadcast in the background. When presenting the day’s show, Lesnoy sits before a small table draped with a white and blue tricolor flag—the symbol of the Russian opposition to the invasion—and that of Ukraine.

Broadcast on YouTube, the professionally produced daily programs try to counter the official Russian narrative surrounding the war, reporting on the atrocities committed by the “occupiers” against the Ukrainian population. “Putin’s supporters and apologists have big media organizations and prime-time news shows,'' says Lesnoy. “We want to give a voice to those who oppose the war.”

Which is what Ponomarev did on August 21, when he claimed on air that the National Republican Army assassinated Dugina—an act he described as “legitimate.” He also read the group’s purported manifesto, which called on all Russians to join the ranks of the National Republican Army and vow to destroy all those who have “usurped their power.”

February Morning’s insights into the domestic resistance movement in Russia stem from its 27 regional outlets, each with its own Telegram channel where activists and journalists mingle to gather and share news of anti-Putin actions. A binational team of around 70 journalists, technicians, and activists operates covertly in the far-flung regions of Russia and in Kyiv. In addition to its studio in Ukraine’s capital, the network brazenly broadcasts from Moscow. “I don't know how long the studio there will be able to operate, but even if the FSB shows up at the door and shuts us down, there will be another one,” says Ponomarev.

Whereas most media outlets only report the story, February Morning intends to be part of it. “We are referring to ourselves as the Russian ‘NEXTA,’ the Belarusian resource that played a key role in the protests two years ago following the reelection of Alexander Lukashenko,” says Ponomarev, referring to Belarus’ autocratic leader. “We want to be the resource that will play a critical role in the future revolutionary changes in the country.”

To this end, Ponomarev and his team have set up a Telegram channel known as Rospartizan, which has become an aggregator for information pertaining to the resistance to Putin and the war in Ukraine as well as a key recruitment tool. Every day, Rospartizan relays the latest developments across Russia, from the torching of a military recruitment office to the unfurling of an antiwar banner in front of the Russian Ministry of Defense building in Moscow.

According to Ponomarev, representatives of the National Republican Army first made contact with him through Rospartizan, a testament to the channel’s growing notoriety. “We are providing, in my opinion, the most comprehensive news stream on what is going on in Russian regions, in terms of acts of sabotage and the actual resistance,” says Ponomarev. The National Republican Army’s manifesto concludes, “stay in contact with us through the Rospartizan Telegram channel.”

With more than 26,000 followers, Rospartizan embraces anyone who’s anti-Putin, no matter their political ideology—a feature, not a bug, according to Ponomarev, a former Communist Party member and self-described “social globalist.”

“I am right now not only reaching out, but very actively interacting with not only my friends on the left side of the political spectrum,” he says, “but also with people on the far-right, who we are usually fighting with.”

The Enemy of My Enemy

Roman Popkov, the former head of the Moscow branch of the National-Bolshevik party, falls into that far-right camp. Popkov used to be a member of the influential Russian National Unity, a now-defunct neo-Nazi group responsible for a string of racist crimes, before joining the political party founded by controversial Russian writer, poet, and dissident Eduard Limonov, who sought to unite far-left and far-right radicals on the same platform.

In 2006, after years of harassment by Russian security forces, Popkov was arrested and spent more than two years in pretrial detention in the infamous Butyrka prison. The European Court of Human Rights ruled that his detention was illegal, and his arrest is widely considered to have been motivated by his political activism.

Popkov, now residing in Ukraine, works as a journalist for a number of independent media outlets, and is the head of a recently launched media project called Poslezavtra, or “The Day After Tomorrow.” An “old friend” of Ponomarev, Popkov has featured extensively on February Morning’s shows and took part in the broadcast that followed Dugina’s assassination.

“We are covering direct actions targeting the military and the apparatus of political repression of Putin's regime,'' Popkov says over the phone. “First of all, we are trying to inspire people, to get them to act, and second, we inform and report on what is being done.”

Like Ponomarev, Popkov stresses that activists’ ideologies are not as important as a willingness to defy Putin’s regime and to oppose the war in Ukraine.

“Our collective unites people opposed to Putin's regime, with different political views and ideologies,” says Popkov. “At the moment, it's not that important if one is an anarchist, a nationalist, or a liberal as, since Russia is not a democracy, we have no representation in parliament, and can't vote for our candidates.”

According to Popkov, acts of sabotage in Russia are mostly the work of small-scale far-right and far-left groups, the most famous of those being the Anarcho-Communist Combat Organization, or BO-AK. The organization rose to prominence after it sabotaged the railway leading to a Russian military arsenal in the small town of Kirzach, 100 km east of Moscow. The group shared photos of the sabotage on their own Telegram channel, which quickly spread to other anti-Putin channels, including Rospartizan, and was soon featured on February Morning’s broadcast.

Yet even the staunch anarchists of the BO-AK acknowledge the need to reach out to the other side of the political spectrum. “Most of our contacts are from our ideological camp, but not all,” an anonymous representative of the group tells WIRED. “We believe that alliances with different forces are necessary in our struggle.”

The anarchists of the BO-AK consider direct actions and acts of sabotage as the best way to kickstart the social revolution, a view shared by many members of Rospartizan. In addition to two sabotage operations targeting military railways, the BO-AK claims to have set fire to a cell phone tower in the Belgorod region “in order to damage Putin’s army communications in Ukraine.”

“Only those who can back it with their actions can call themselves the opposition,” an anonymous contributor to Rospartizan says over Telegram, “be them a Molotov cocktail thrown at a military recruitment office, a wire strung across train tracks, or a gas canister taken to the car of a regime collaborator.”

Dangerous Cocktails

Inspired by the Belarusian resistance to Lukashenko and the protestors’ innovative use of Telegram, Popkov, Ponomarev, and activists like the anarchists of BO-AK have turned to social media to organize, recruit, and incite people to act against the war and Putin’s increasingly authoritarian regime.

“Telegram is a less censored, more intelligent, and politicized social network. A large part of our immediate target audience is present here—people who are potentially interested in radical politics,_”_ says the BO-AK. “This is where lies the usefulness of social networks for campaigning and education—they are an excellent channel for broadcasting and communicating.”

Antiwar activists in Ukraine and in Russia have taken full advantage of the relative anonymity Telegram provides. A website known as Ostanovi Vagony, or “Stop the Wagon,” and its associated Telegram channel aim to educate Russian would-be partisans on the safest, most effective ways to sabotage the railway system. Meanwhile, a Telegram channel created in late May called Gromko (“loud” in Russian) creates sleek infographics explaining how to make a Molotov cocktail—described as the best way to disable the car of a Putin sympathizer—or how to deface the regime’s propaganda posters.

This material is regularly shared by Ponomarev's Rospartizan, which has become a central conduit for guerrilla efforts to rally new recruits, spread information and news, and, purportedly, to facilitate the assassination of a high-profile regime collaborator. In an interview with Russian independent media Meduza, Ponomarev claimed to have known in advance that “something was going to happen” ahead of Dugina’s assassination. He further claimed that he helped the National Republican Army exfiltrate Natalya Volk, the woman whom Russian security services named as the main suspect in her death: “Sometimes people need to be saved from FSB persecution, they need to be pulled out of Russia—we pull them out.”

Telegram did not respond to WIRED's request for comment.

While unconfirmed, the number of acts of sabotage targeting military and state infrastructure in Russia appears to grow weekly. According to Russian independent media Insider, there have been more than 20 attacks on military registration and enlistment offices in Russia (which were reported by the media and Telegram channels), most of which were arson. “There were no similar incidents last year,” notes Insider journalist Alisa Zemlyanskaya, writing under a pseudonym. Meanwhile, an estimated 63 freight trains derailed in Russia between March and June, a significant increase compared to the same period last year.

Russian authorities, eager to downplay the significance of the apparent sabotage efforts, have blamed those incidents on the poor condition of the railway system. The scale of guerrilla attacks on Russian entities remains, therefore, difficult to assess.

“When it comes to railway sabotage especially, it's difficult, or even impossible, to tell if it’s sabotage, or if it’s an accident due to a technical problem, or to the incompetence of the authorities,” says Popkov.

According to the BO-AK—whose members signed the sabotaged section of rail in Kirzach with the name of their group and the link to its Telegram channel—“that’s because many guerrilla groups do not leave any message or position themselves in the media in any way.”

“In any case, every week there are several reports of railway sabotage, the destruction of power lines, and other acts of resistance,” says the group. “This suggests that the guerrilla movement is not a mass movement, but a fairly large-scale one.”

Russian security services are quick to blame infiltrated Ukrainian saboteurs for these attacks. Regardless of who’s behind them, acts of sabotage continue unabated: On August 17, yet another freight train derailed near Mogilev, in Belarus, while last Wednesday, a man threw two Molotov cocktails at the regional administration building in Oryol, in western Russia.

Fire-bombing a car or derailing a Russian train can, of course, carry significant penalties. But even less extreme activities are dangerous, especially in light of a slew of new repressive Russian laws. In July, lawmakers updated Russia’s Criminal Code to crack down on working with “foreign states and organizations,” public activities “directed against the security of the state,” and the production and public display of “Nazi paraphernalia or symbols.” Because Putin has repeatedly claimed, baselessly, that Ukraine was run by a clique of drug addicts and Nazis and cited “denazification” as one of the primary motivators of his invasion, this last amendment could potentially land an antiwar protestor waving a Ukrainian flag in prison.

According to Russian independent media OVD-Info, authorities in Russia detained some 16,500 people between February and July for having taken part in protests or actions against the war.

Activists and dissidents both in Russia and abroad expose themselves to retaliation from Putin’s regime—a fact that they are acutely aware of. “I'm a reasonable person, I don’t think I'm invulnerable or immortal,” Ponomarev says. “So I do understand that there are issues with security and everything. But I have done a lot of effort to protect myself and the place where I live, as well as the way I move across the city.” Those concerns have been heightened following Dugina’s assassination and Ponomarev’s subsequent declarations. On August 21, a member of the Russian government proposed a contest for the best video or photo of the dissident politician “crawling on broken legs and apologizing while spitting his teeth.”

“I’m not going to pretend that I am not scared at all,” says February Morning’s Lesnoy after his last interview of the day had ended. “But I live in Ukraine, where Putin is waging war. Everybody here is at risk.”

When asked about their motivation for joining the resistance and potentially exposing themselves to repression, an anonymous contributor to Rospartizan summed it up simply: “Let us use the platitude, ‘who else if not us?’”

The Telegram-Powered News Outlet Waging Guerrilla War on Russia

By Waqas
MBDA is the world's 2nd largest manufacturer of missiles and currently, hackers are selling 70 GB worth of its alleged data for 1 BTC on a Russian forum.
This is a post from HackRead.com Read the original post: NATO Probes Hackers Selling Data from Top Missile Firm MBDA

A cybercrime gang is selling classified data apparently stolen from European firm MBDA Missile Systems. For your information, **MBDA** is a European company that produces missiles and other weapons. It was formed in 2001 from a merger of French, Italian, and British companies. MBDA is the world’s second-largest missile maker after **Boeing**.

The company has three main product lines: air-to-air missiles, air-to-surface missiles, and surface-to-air missiles. Its products are used by the militaries of more than 40 countries.

MBDA’s headquarters are in Paris, France. The company has manufacturing plants in France, Italy, Britain, and Spain. It employs over 13,000 people.

**Missile Data on Sale for Bitcoin**

Unidentified hackers claim that they have classified military data obtained from MBDA after a successful data breach. As seen by Hackread.com, initially, cybercriminals operating on Russian and English hacker forums were selling approx. 80 GB of stolen data for 15 BTC (around $294,000).

However, on August 19th, 2022, the group dropped the price to 1 BTC ($19,000) for 70 GB worth of data.

Data sold on Russian and English language cybercrime forums (Screengrab: Hackread.com)

On the other hand, as **reported** by BBC, MBDA has admitted that some of its data were hacked after compromising an external hard drive.

**NATO to Probe the Breach**

NATO has launched a probe into selling top-secret weapon and missile data files online. MBDA is cooperating with investigating authorities in Italy, as that’s where the data breach occurred. The probe focuses on one of the company’s suppliers. It is worth noting that NATO is among **MBDA’s clients**.

“We are assessing claims relating to data allegedly stolen from MBDA,” a NATO representative told media outlets on Friday, adding that there wasn’t any confirmation that any NATO network was compromised. The organization stated that it had implemented all necessary measures for the safety of its networks.

**MBDA’s Stance**

The company insists that this data breach occurred several weeks back and that the stolen data is not classified or sensitive. MBDA refuted the hacker group’s claims that they are selling classified military data.

“No hacking of our secure networks has occurred. MBDA can confirm that there is no protectively marked data from MBDA involved,” the company explained on Friday.

MBDA further explained that it refused to yield to the hackers’ ransom demands, which is why they are spreading misinformation on the internet to force the company to pay the ransom. However, the company won’t give in and vowed to take all legal actions against the blackmailers.

**Breached Data Details**

The data, according to samples leaked by hackers, includes weapons blueprints of the France-headquartered MBDA Missile Systems used in the Ukraine war by NATO allies.

Reportedly, the MBDA documents on sale online specify details of the year 2020 “communication intelligence operation” carried out by a US air regiment over Estonia in the Baltics. However, Hackread.com could not verify it.

The leaked sample also shows that the alleged MBDA data includes the mission commander’s coordinates, full name, and contact numbers. Furthermore, Hackread.com also checked some of the files labeled “NATO Confidential,” “NATO Restricted,” “Unclassified Controlled Information,” and “NATO Secret.”

Sample data shared by the hackers

For your information, there are four security classification categories at NATO- NATO Restricted, NATO Confidential, NATO Secret, and Cosmic Top Secret. The fourth category, Cosmic Top Secret, is the highest among all and is assigned to highly-sensitive, confidential files owned by the military alliance.

The data was still up for sale at the time of writing.

1.  **Hacker selling classified MQ-9 Reaper Drone data on dark web**
2.  **Major US DoD weapon systems highly vulnerable to cyber attacks**
3.  **MAZE hackers hit US Nuclear contractor; steal sensitive documents**
4.  **Hackers interrupt Eurovision webcast in Israel with missile attack alert**
5.  **Chinese hackers stole 614 gigabytes of US Navy’s anti-ship missile data**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

NATO Probes Hackers Selling Data from Top Missile Firm MBDA

Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name.

**Shop by Category**

Intelligent Mesh™ allows you to expand your network easily with additional routers or nodes.

Seamless coverage throughout your home.

Always offering the highest speeds makes our fast WiFi, even faster.

The latest WiFi standard gives you 5x the speed.

"This router has made an enormous difference in speed and range with our device connectivity. We have no more dead spots and can even access the signal in the front and back yards. It’s speedier too! This is a highly recommended upgrade."

Amanda M

Canton, OH

"This is the 3rd Linksys router I have had and would not install anything else."

Brian V.

Iowa

"I've been a networking guy for years and Linksys is who kind of pioneered home networking in a sense. They did it again with another well designed product."

Matt Dean

Watkinsville, GA

"We love the Linksys brand and trust that it will be a reliable product."

Maluna Kai

Orange, CA

**Shop Customer Favorites**

Best Seller

Best Seller

Best Seller

Best Seller

**Why buy directly from Linksys?**

 

****Fast Free Shipping****

 

****Hassle-free returns****

 

****Simple, secure checkout****

CVE-2022-38555: Linksys | Networking & WiFi Technology

Plus: An Iranian hacking tool steals inboxes, LastPass gets hacked, and a deepfake scammer targets the crypto world.

This week, former Twitter chief security officer Peiter “Mudge” Zatko filed an explosive whistleblower complaint against the company. The allegations, which Twitter contests, claim the social media firm has multiple security flaws that it hasn’t taken seriously. Zatko alleges Twitter put an Indian government agent on its payroll and failed to patch servers and company laptops. Among the claims, however, one stands out: the suggestion that Twitter engineers could access live software and had virtually untracked access to its system.

In a privacy win for students across the US, an Ohio judge has ruled that it is unconstitutional to scan students’ homes while they are taking remote tests. We also detailed the privacy flaw that is threatening US democracy—a lack of federal privacy protections means mass surveillance systems could be used against citizens in new ways.

Elsewhere, as Russia’s full-scale invasion of Ukraine passes six months, military forces are increasingly turning to open source data to back their efforts. Police in India are using facial recognition with very low accuracy rates—the technology is being widely used in Delhi but could be throwing up plenty of false positives. And we dived deeply (perhaps too deeply) into how four high school students hacked 500 of their schools’ cameras, across six locations, and rickrolled thousands of students and teachers. It’s one elaborate graduation prank.

And there’s more. Each week, we highlight the news we didn’t cover in-depth ourselves. Click on the headlines below to read the full stories. And stay safe out there.

Since Russia-backed trolls flooded Facebook and Twitter with disinformation around the 2016 US elections, the social media firms have improved their ability to bust disinformation networks. The companies frequently take down propaganda accounts linked to authoritarian states, such as Iran, Russia, and China. But it’s rare that Western disinformation efforts are discovered and exposed. This week, the Stanford Internet Observatory and social media analysis firm Graphika detailed a five-year operation that was pushing pro-Western narratives. (The research follows Twitter, Facebook, and Instagram as they remove a series of accounts from their platforms for “coordinated inauthentic behavior.”)

The propaganda accounts used memes, fake news websites, online petitions, and various hashtags in an attempt to push pro-Western views and were linked to both overt and covert influence operations. The accounts, some of which appear to use AI-generated profile pictures, targeted internet users in Russia, China, and Iran, among other countries. The researchers say the accounts “heavily criticized” Russia following its full-scale invasion of Ukraine in February and also “promoted anti-extremism messaging.” Twitter said the activity it saw is likely to have originated in the US and the UK, while Meta said it was the US.

Many of the techniques used by the online influence operation appear to mimic those the Russia-backed accounts used in the buildup to the 2016 elections. It’s likely, however, that the Western influence operations weren’t that successful. “The vast majority of posts and tweets we reviewed received no more than a handful of likes or retweets, and only 19 percent of the covert assets we identified had more than 1,000 followers,” the researchers say.

In recent years, Charming Kitten, a hacking group linked to Iran, has been known for its “aggressive, targeted phishing campaigns.” These phishing efforts aim to gather the usernames and passwords of people’s online accounts. This week, Google’s Threat Analysis Group (TAG) detailed a new hacking tool Charming Kitten is using that’s capable of downloading people’s entire email inboxes. Dubbed Hyperscrape, the tool can steal people’s details from Gmail, Yahoo, and Microsoft Outlook. “The attacker runs Hyperscrape on their own machine to download victims’ inboxes using previously acquired credentials,” TAG says in a blog post. The tool can also open new emails, download their contents, and then mark them as unread, so as not to raise suspicions. So far, Google says it has seen the tool used against fewer than two dozen accounts belonging to people based in Iran.

Password management company LastPass says it has been hacked. “Two weeks ago, we detected some unusual activity within portions of the LastPass development environment,” the company wrote in a statement this week. LastPass says an “unauthorized party” was able to gain access to its development environment through a compromised developer account. While the hacker (or hackers) were within LastPass’s systems, they took some of its source code and “proprietary LastPass technical information,” the company says in its statement. It has not detailed which elements of its source code were taken, making it difficult to assess the seriousness of the breach. However, the company does say that customer passwords and data have not been accessed—there’s nothing LastPass users need to do in response to the hack. Despite this, the indictment is still likely to be a headache for the LastPass technical teams. (It’s not the first time LastPass has been targeted by hackers either.)

The chief communications officer of crypto exchange Binance claims scammers created a deepfake version of him and tricked people into attending business meetings on Zoom calls with his fake. In a blog post on the company’s website, Binance’s Patrick Hillmann said that several people had messaged him for his time. “It turns out that a sophisticated hacking team used previous news interviews and TV appearances over the years to create a ‘deepfake’ of me,” Hillmann wrote, adding that the alleged deepfake was “refined enough to fool several highly intelligent crypto community members.” Neither Hillmann nor Binance has posted any images showing the claimed deepfake. Since deepfakes first emerged in 2017, there have been relatively few incidents of faked video or audio scams impersonating people. (The vast majority of deepfakes have been used to create nonconsensual pornographic images). However, recent reports say deepfake scams are on the rise, and in March of last year the FBI warned that it anticipated a rise in malicious deepfakes within the next 12 to 18 months.

Tag

#intel