In the Spotlight this Week:
- Sextortion Ring Disbanded in Asia
- Japan Government Websites Hit By Cyber-Attacks, Killnet Suspected
- China Accuses Washington of Cyber-spying on University
- Albania Severs Diplomatic Ties with Iran Over Cyber Attack
- New Hacker Group Worok Targets Companies, Governments Mostly in Asia
A cyber criminal ring which has extorted at least USD 47,000 from victims by threatening to expose their nudes to friends and relatives. These victims are mainly based in Hong Kong and Singapore. The cyber criminals would first contact their victims through online dating platforms before initiating a ‘naked chat’ via a hyperlink that contained a malicious mobile application. Once downloaded, these apps would steal victims’ contact lists, which the attacker then uses to blackmail the victims for money. At least 34 sextortion cases were discovered and traced to the cyber criminal ring, and 12 members of the syndicate were arrested by the Interpol and police forces in Singapore and Hong Kong.
Japanese companies and 20 websites across four government ministries were targeted as part of a series of cyber attacks conducted by Killnet, a Russian-affiliated hacking group. These caused multiple websites to refuse login services to its users. This attack follows Japan’s support of Ukraine in the ongoing Russia-Ukraine conflict, as well as the decades-long dispute over the Kuril islands which both Russia and Japan claim to have sovereignty over.
These alleged attacks against the Japanese state websites come after a large-scale attack by Killnet on websites in Italy, Lithuania, Estonia, Poland, and Norway.
On Monday, China has accused Washington for infiltrating computers at Northwestern Polytechnical University that U.S. Officials claim to do military research. The computers were reportedly breached in June, according to China’s National Computer Virus Emergency Response Center and were traced to the National Security Agency in the U.S. China, and the U.S, alongside Russia, have long been considered as leaders in cyber warfare research. These accusations add to the long list of complaints both parties have of rampant online spying on each other.
Following a massive cyber attack, Albania has severed diplomatic ties with Iran and ordered Iranian embassy staff to leave, accusing Iran of orchestrating the major cyber attack. The attack aimed to paralyze public services, delete and steal government data and disrupt the daily order of its citizens. Multiple countries have condemned the act as it ‘disregards the norms of responsible peacetime state behavior in cyber space’. Cyber researchers noted that the cyber attack was conducted days prior to a conference in Albanian town of Manez that was affiliated with the exiled Iranian opposition group Mujahideen-e-Khalq (MEK). The event was postponed following terrorist threats.
Last month, cyber researchers discovered that a cyber espionage group, known as Worok, is responsible for infiltrating high profile companies and local governments in Asia, the Middle East, and Africa. Worok has been active since 2020, and develops its own tools while leveraging existing ones to compromise its targets. The group’s custom toolset includes CLRLoad, PNGLoad, a steganography loader, as well as PowHeartBeat. These toolkits are used to reconstruct malicious payloads hidden in PNG images which are then sent to a victim who opens these images and compromises their system. The malicious payload can perform a variety of tasks including uploading, downloading files, and even returning file metadata such as location, size, creation time, access time, and content, and delete, rename, and move files.