China Targets India, Security Firm Mistake, Zeus Hacks Olympics
Digital advancement has made our lives easy. But at the same time, criminals with malicious intentions are also using it to mint money in an easy and quick manner. Cyberattackers are slowly expanding their territories across the globe. The only way to keep your money and devices safe from these threat actors is to educate yourself about cyberattacks, and take adequate measures and precautionary strategies.
Every week, we bring you the latest cyber happenings from around the world so that you can stay updated and be well-prepared for any kind of cyber mishap.
The major event in the cyberworld involves a mind-boggling incident where a cybersecurity firm accidentally hired a North Korean hacker. On the other hand, Indian postal service users are being targeted by China-backed threat actors. Lastly, ‘Zeus’ hackers have targeted Israeli athletes in ongoing Paris Olympics.
Keep reading to get detailed information about these cyber incidents.
China-backed Smishing Triad is targeting Indian postal service users
If you are an iPhone user and also a loyal customer of Indian postal services, then you need to be cautious. Smishing Triad, a China-backed phishing group, has been attacking Indian postal service users. The threat actors are sending out fake text messages to iPhone users claiming that their parcel/package is awaiting to be collected at the Indian Post warehouse. These fake messages contain malicious URLs, clicking on which will simply empty your bank account just like that.
Basically, the threat actors have been sending iMessages by leveraging third-party apps such as Gmail, HotMail, and Yahoo. Apple ID accounts that have been configured using these third-party email IDs are used to send out the iMessages. Each iMessage consists of short URLs; one click, and you will be redirected to fraudulent websites.
This is not the first time that the postal services have been targeted by threat actors. Earlier, the US Postal Service (USPS) faced the brunt of cyberattacks. Tehran, a phishing actor, singlehandedly disrupted the operations of the US postal services. In a similar kind of smishing incident, US citizens were receiving text messages claiming that they had road toll dues. The ultimate goal of these text messages was to somehow convince them to share their bank account details.
Mobile phishing attacks are on the rise because of the truckloads of features that smartphones come equipped with. QR codes, SMS, email, and third-party communication apps– all make the work easier for threat actors. Also, the lack of apt security control systems on mobile phones makes them an easy target. By implementing robust email authentication protocols such as SPF, DKIM and DMARC, individuals and organizations can protect their sensitive information from malicious actors.
Security firm ropes in a North Korean hacker by mistake!
In a bizarre turn of events, a security firm- KnowBe4, accidentally hired a North Korean hacker. They confused him as a software engineer and roped him in for their internal AI team. Although KnowBe4 has a set of elaborate, stringent screening processes, but the hacker managed to fool them with an AI-enhanced photo and a stolen identity.
KnowBe4’s screening process includes a pre-hiring background check. Also, once the background check is done, candidates need to go through 4 different rounds of video conference interviews. Despite the intricate background checks, the hacker came out clean,
Once the hacker got hired by KnowBe4, he received his Mac workstation from the company. The hacker started uploading malware as soon as he got his hands on the Mac workstation.
KnowBe4 got doubtful on 15th July when they detected suspicious activities on his system. As authorities reached out to him in person to make further queries, he said he was trying to troubleshoot a speed issue.
However, the hacker was actually trying to manipulate the session history files with malicious intentions. He was trying to transfer harmful files and execute unauthorized software by leveraging Raspberry Pi.
SOC or the Security Operations Center summoned him for further inquiry. The hacker initially claimed that he was not available at that moment and later on became unresponsive. Then SOC simply quarantined the workstation of the hacker.
KnowBe4 has shared all the details it had with the FBI, and an investigation is ongoing.
“Zeus” hacker group targets Israeli athletes in Paris Olympics
The Paris Olympics event has become a hot pick for threat actors around the globe. Now cyberattackers have managed to publish sensitive data of Israeli athletes on the Telegram app. From login credentials to blood test results, everything is out there in the public domain. The hacker group named “Zeus” has taken responsibility for the data leaks.
OFAC, or France’s Anti Cybercrime Office, took down the data from the Telegram app after the incident was reported. The Israeli Foreign Minister is clearly unhappy with the data breach and stated the mishap as an attempt to disrupt the “joyous event.”