alt=A vibrant gradient background featuring shades of deep red and purple, contrasted by digital patterns and neon lighting elements.
Cyber security
2025-04-19 Post a Comment

Anonymous Hackers Expose Putin’s Secret Data—Publish Trump File

ByZak Doffman,

The Anonymous PR machine is in full flight once again, claiming a new cyberattack on Russia “in defense of Ukraine.” The hacking collective has released a cache of some 10 terabytes, it says, which includes “data on all businesses operating in Russia, all Kremlin assets in the West, pro-Russian officials, Donald Trump, and more

These Anonymous hacks don’t have the same impact as in the past, potentially because there have now been so many. And Cybernews reports that “from what files have been examined so far, the overall consensus seems to be that the leaked info is simply not that exciting, and apparently not that secret.” But it will generate headlines — which is the point — and there will be plenty of analysis on the data cache, including the Trump file and the even more intriguing “Domino’s Pizza” file.

Unsurprisingly, the Anonymous claims have been largely debunked, albeit some of what’s included in the cache — which is nowhere near 10 terabytes in size — might be useful to Ukraine’s armed forces. Per The Kyiv Post, “in March 2024, Ukraine’s Defense Intelligence (HUR) claimed a successful hack into Russia’s Ministry of Defense’s database. It said it obtained data that helped the agency establish the identity and structure of the Russian Armed Forces.”

MORE FOR YOU

At the time, Ukraine’s intelligence agency posted on Telegram that “the analysis of the obtained data also helped to identify the generals, other high-ranking managers of the structural units of the Ministry of Defense, as well as deputies, assistants, specialists — all those who used software for electronic document management called ‘bureaucrats’.” It’s possible that this leaked data contains more of the same.

While this highlights that even a collection of open source intel can be useful if collated and provided to those who can use it, it doesn’t add any credence to Anonymous’ claims. In reality, there will be little surprise that Russian officials are allegedly corrupt or that they have deep ties to the West. As one analyst notes, “mostly the information in the archive is specific to individual companies in Russia with folders for them and random PDFs for each company. This archive may be useful to the UKR armed forces since there are hundreds of PDF on defense companies in Russia.

Read More

Posting on BlueSky, DDOSecrets’ Emma Best issued a scathing riposte to Anonymous. “Claims impossible data without explanation. Releases less than 2% of what they say they have. Data looks like a scrape of existing releases. High quality folders like ‘China government site’ and ‘Dominoes pizza’…. Do I even need to say it?”

We await any further analysis of the data to see what might be included, and we have certainly seen nuggets of intel buried in such archives before. Part of the problem is that it’s unclear what information is being searched for. Russia’s role as a rogue state is well established now, especially as viewed from Europe, as its Ukraine campaign continues.

Again unsurprisingly, blue chip international names appear in the data, as well as NGOs operating in the region. But as one Redditor notes, several of those who have sifted through the data “are reporting that this is increasingly looking like it’s bunk. Don’t download the files. I would avoid anonymous’ PR website as it’s directing to the mediafire link that was being distro’d widely earlier in the day just in case it’s malware.”

And maybe we will. As another Redditor put it, “at the end of the day, let’s not pretend what they’re doing here isn’t a high tech version of a looting: they pound on some weakness, get in, grab as much as they can… And when they get out, they either got garbage bags of Pringles and lotion or Rolexes.”

Thus far, this seems more Pringles than Rolexes, albeit with some awkward questions for the Russian officials and Western firms named in the data cache.

read more
alt=Weekly intelligence report titled "CPRI," summarizing key insights and data for strategic decision-making.
Cyber security
2024-12-30 Post a Comment

30th December – Threat Intelligence Report

TOP ATTACKS AND BREACHES

  • The Clop ransomware gang exploited a zero-day vulnerability (CVE-2024-50623) in Cleo’s Secure File Transfer products and is extorting 66 companies following alleged data theft. The attackers have given the victims 48 hours to initiate ransom negotiations before publicly disclosing their identities. This incident mirrors Clop’s previous exploitation of zero-day flaws in platforms like Accellion FTA, GoAnywhere MFT, and MOVEit Transfer.

Check Point Harmony Endpoint, Threat Emulation and IPS provide protection against this threat (Ransomware.Win.Clop; Ransomware.Wins.Clop; Ransomware.Wins.Clop.ta.* ; Cleo Arbitrary File Upload (CVE-2024-50623))

  • Pittsburgh Regional Transit (PRT) experienced a ransomware attack last week, resulting in service disruptions to its rail system and customer service operations. While transit services have resumed normal operations, certain rider services, such as processing ConnectCards, remain affected. The investigation, involving law enforcement and cybersecurity experts, is ongoing, with no confirmation yet regarding data theft or the group responsible for the attack.
  • Cyberhaven has been a victim of a cyber-attack that resulted in distribution of a malicious update for its Chrome browser extension. The compromised extension was able to exfiltrate users’ sensitive information, including authenticated sessions and cookies.
  • Cariad, Volkswagen’s automotive software subsidiary, exposed data from 800,000 electric cars, including sensitive geo-location information, due to misconfigured IT applications. The exposed data included details of vehicles from VW, Seat, Audi, and Skoda, with precise locations for 460,000 cars and pseudonymized user data. The Chaos Computer Club identified the vulnerability, enabling access to terabytes of unprotected customer information stored in Amazon cloud storage.
  • Japan Airlines has resumed to normal activity following a cyberattack that caused delays in domestic and international flights. The attack involved a sudden surge in network traffic, indicative of a distributed denial-of-service (DDoS) attack, affecting data communication with external systems. No customer information was leaked, and flight safety remained uncompromised.
  • ZAGG Inc., a consumer electronics accessories maker, has disclosed a data breach resulting in the exposure of customers’ payment card information. The breach occurred between October and November 2024, due to malicious code injected into the FreshClick app, a third-party application provided by their e-commerce platform, BigCommerce.
  • The European Space Agency’s (ESA) official merchandise store was hacked, causing it to display a fake payment page designed to steal customer payment card details.

VULNERABILITIES AND PATCHES

  • A critical SQL injection vulnerability (CVE-2024-45387), rated 9.9 on the CVSS scale, has been identified in Apache Traffic Control versions 8.0.0 and 8.0.1. The flaw allows privileged users with specific roles to execute arbitrary SQL commands in the database via crafted PUT requests. The issue has been patched in version 8.0.2.

Check Point IPS provides protection against this threat (Apache Traffic Control SQL Injection (CVE-2024-45387))

  • A critical vulnerability (CVE-2024-52046) with a maximum CVSS score of 10.0, has been discovered in Apache MINA, a Java network application framework. The flaw arises from the ObjectSerializationDecoder’s use of Java’s native deserialization protocol without adequate security measures, enabling attackers to execute remote code by sending malicious serialized data.
  • Palo Alto Networks has disclosed an actively exploited Denial of Service (DoS) vulnerability (CVE-2024-3393) affecting PAN-OS software. The flaw allows unauthenticated attackers to send malicious packets that force affected firewalls into reboot or maintenance mode, disrupting firewall protection. The issue impacts devices with DNS Security logging enabled and has been patched in versions PAN-OS 10.1.14-h8, 10.2.10-h12, 11.1.5, and 11.2.3.
  • A high-severity OS command injection vulnerability (CVE-2024-12856) has been identified in Four-Faith router models F3x24 and F3x36. Exploitation via default credentials may enable unauthenticated OS command execution. Over 15,000 internet-facing devices are at risk, with evidence suggesting active exploitation since at least early November 2024.

Check Point IPS provides protection against this threat (Four-Faith F3x Series Command Injection (CVE-2024-12856))

THREAT INTELLIGENCE REPORTS

  • Researchers have observed “OtterCookie”, a new malware used in the North Korean-associated Contagious Interview campaign. This financially motivated campaign targets a broad range of victims and is active in Japan. OtterCookie communicates via Socket.IO, executes shell commands to exfiltrate sensitive data, including cryptocurrency keys, and uses clipboard data collection to enhance its capabilities.
  • Researchers have identified heightened activity by the Paper Werewolf (aka GOFFEE) cluster, conducting at least seven campaigns targeting Russian organizations since 2022. Using phishing PowerShell and PowerRAT, and emails with malicious macros, the group conducts espionage and destructive ops, including disabling IT infrastructure and changing account credentials. The arsenal includes custom implants, reverse shells, and malicious IIS modules for credential harvesting.
  • Researchers have analyzed the increased activity from botnets like the Mirai variant “FICORA” and the Kaiten variant “CAPSAICIN,” which exploit long-standing vulnerabilities in D-Link devices to execute malicious commands via the HNAP interface.
read more
Trustpilot
The rating of livingsafeonline.com at Trustprofile Reviews is 9.1/10 based on 13 reviews.
Verified by MonsterInsights