10 Feb 2023 | Asia Cyber Summary

In the spotlight this week:

• Cyber Security Firm Cracks Hong Kong Firm OneKey Crypto Wallets
• South Korean and US Intelligence Agencies Issue Joint Security Advisory Against North Korean Cyber Threat
• Man Sentenced For Targeting Optus Breach Victims
• Hackers Breach Reddit To Steal Source Code And Internal Data
• New ESXiArgs Ransomware Version Prevents VMware ESXi Recovery

‍

Cyber Security Firm Cracks Hong Kong Firm OneKey Crypto Wallets

A team of white hat hackers broke into a device manufactured by OneKey, a Hong Kong-based firm that produces open source wallets. OneKey confirm the existence of the exploit and has since provided an update to patch the vulnerability. OneKey paid the company USD 10,000 in the form of a "bug bounty"—a term that describes a reward system, offered by many tech and crypto companies, to encourage white hackers to report and share vulnerabilities in a responsible manner.

‍South Korean and US Intelligence Agencies Issue Joint Security Advisory Against North Korean Cyber Threat

Intelligence agencies of South Korea and the United States on Friday issued a joint security advisory against illicit North Korean cyber activities aimed at stealing cryptocurrencies through ransomware attacks. They warned that North Korea and its affiliated hacking groups are known to engage in shutdowns of networks of key institutions through malware attacks using fake domains through virtual private networks. The hacking groups then destroy and encrypt systems with malicious codes in order to extort cryptocurrencies as part of conditions to return the systems back to normal. The advisory was the first of its kind issued by intelligence branches of the South Korean and U.S. governments. 

‍Man Sentenced For Targeting Optus Breach Victims

Australian authorities sentenced an attacker to 18 months for attempting to blackmail 92 victims whose data was stolen in the Optus breach. The attacker, who was 19 years of age at the time of the arrest, demanded AUD 2,000 in payment and threatened to leak victims’ personal data if the amount was not paid. The SMS-based scam earned the culprit an 18-month Community Correction Order, 100 hours of community service, and a conviction recorded for attempting to blackmail.

‍New ESXiArgs Ransomware Version Prevents VMware ESXi Recovery

New ESXiArgs ransomware attacks are now encrypting more extensive amounts of data, making it much harder, if not impossible, to recover encrypted VMware ESXi virtual machines. Last Friday, a massive and widespread automated ransomware attack encrypted over 3,000 Internet-exposed VMware ESXi servers using a new ESXiArgs ransomware. The second wave of ESXiArgs ransomware includes a modified encryption routine that encrypts far more data in large files. It also prevents the previous recovery tools from successfully recovering machines, as the flat files will have too much encrypted data to be usable.

‍Hackers Breach Reddit To Steal Source Code And Internal Data

In a thread posted to the official r/reddit community on Thursday, a company representative explained that a phishing attack had taken place on the evening of Feb. 5. The threat actor tricked a Reddit employee into clicking on a cloned website of Reddit’s intranet gateway to steal credentials and two-factor authentication tokens. These were then used to access Reddit's internal documents, code, internal dashboards, and business systems.