30 Dec 2022 | Asia Cyber Summary

In the spotlight this week:

• Cyber ​​Attack Confirmed by BitKeep; More Than USD 9 Million in Digital Currencies Lost
• Japanese Police Successful in Decrypting Data Attacked by LockBit Ransomware
• Thousands of Citrix Servers Exposed to Patched Critical Bugs
• North Korea Hacked Almost 900 South Korean Foreign Policy Experts, Sought Ransom
• BTC.com Hackers Steal USD 3 Million Worth of Crypto
  ‍

Cyber ​​Attack Confirmed by BitKeep; More Than USD 9 Million in Digital Currencies Lost

Singapore-based company, BitKeep, a decentralized multi-chain cryptocurrency wallet, confirmed a cyber attack on its website on Wednesday that allowed threat actors to spread fake versions of its Android app with the intention of stealing users' digital currencies. With maliciously implanted code, the altered Android Package Kit (APK) led to the leak of users' private keys and enabled the hacker to move funds. Up to five fake versions of Android apps with the following package names have been identified, suggesting that these apps may have been distributed via phishing websites. Users who have downloaded version 7.2.9 of this APK file are advised to install the latest version released today (7.3.0) and transfer funds to the newly generated wallet address.

‍

Japanese Police Successful in Decrypting Data Attacked by LockBit Ransomware

Japanese police have succeeded in decrypting corporate data locked by LockBit ransomware, a virus that encrypts data and demands a payment. According to the Japanese media, teams at the National Police Agency have recovered data of at least three companies targeted by LockBit ransomware. LockBit has been dubbed the most prolific ransomware gang in 2022, with hundreds of confirmed attacks around the globe. Ransomware encrypts files on the target's systems, rendering them inaccessible, and demands payment to restore access. But now Japan seems to have found a way to neutralize the threat.

‍

Thousands of Citrix Servers Exposed to Patched Critical Bugs

Two critical vulnerabilities tracked as CVE-2022-27510 and CVE-2022-27518 still affect thousands of Citrix Application Delivery Controller (ADC) and Gateway devices. The first vulnerability is an authentication bypass flaw that the vendor patched on November 8. The second is a remote code execution (RCE) vulnerability that Citrix fixed in mid-December. Both vulnerabilities pose severe security risks. According to the National Security Agency (NSA), the vulnerabilities were exploited in the wild by the China-linked Advanced Persistent Threat (APT) group Manganese (APT5).

‍

North Korea Hacked Almost 900 South Korean Foreign Policy Experts, Sought Ransom

According to the National Police Agency, North Korea has carried out cyberattacks on at least 892 foreign policy experts from South Korea in order to steal their personal information and email addresses, as well as ransomware attacks against online stores. South Korean authorities said the attacks may have tricked some victims into signing into fake websites, exposing their login details to the attackers. 

The hackers are suspected to have North Korean origins, given the hacker’s use of North Korean diction, IP addresses, as well as the fact that targeted victims tend to be experts in diplomacy, inter-Korean unification, national security, and defense. 

‍

BTC.com Hackers Steal USD 3 Million Worth of Crypto‍

The parent company of BTC.com, BIT Mining Limited, reported a cyberattack on its subsidiary on December 3. According to the company, hackers stole USD 700,000 from BTC.com's clients and assets worth USD 2.3 million from the company. 

BTC.com provides users with a digital wallet, a trading interface, and a mining platform to generate new Bitcoins. Apart from its digital asset services, the company is currently conducting business as usual with no changes to its client fund services.