In the Spotlight this Week:
Singapore and UK sign MOUs on digital trade and identities as well as cyber security
Ransomware attack on Australian utility claimed by Russian-speaking criminals
LINE Pay leaks around 133,000 users' data to GitHub
Nearly USD 200 million stolen in BitMart crypto exchange hack
Google disrupts blockchain-based Glupteba Botnet; sues Russian hackers
Singapore and the United Kingdom will work more closely to facilitate digital trade between the countries, as part of a partnership that will make digital transactions by businesses easier, safer and cheaper. The agreement, which is being negotiated, will establish rules to enable trusted cross-border data flows and ensure high standards in data protection.
The MOU will enhance existing cooperation between both countries in cyber security. It will also build on existing efforts by the nations to develop a secure and resilient cyberspace for businesses and consumers. Mrs Josephine Teo, who is also Minister-in-charge of Smart Nation and Cybersecurity, said in a statement: "Singapore has been working with like-minded countries to advance a global digital architecture that is open, inclusive, interoperable and secure”.
One of the most prolific Russian-speaking ransomware gangs has claimed credit for an attack on an Australian electric utility serving millions of people. Australian media reported that Chinese government hackers were behind the breach at CS Energy, which is owned by the Queensland state in northeast Australia.
The ransomware group known as Conti, named CS Energy on its web site for shaming victims and sometimes leaking their data. Like other ransomware groups, Conti splits proceeds with affiliates who break into targets before installing its program for encrypting computer files and referring victims to Conti for negotiating payments in cryptocurrency. Western officials and researchers have said some of those groups have ties to Russian intelligence agencies, but no such accusation has been leveled against the Chinese.
Nearly USD 200 million has reportedly been stolen from the cryptocurrency exchange BitMart. BitMart, which is one of the top centralized crypto exchanges by volume, indicated that the company will use its own funding to cover losses for affected users.
BitMart CEO Sheldon Xia tweeted that the exchange "has completed initial security checks and identified affected assets," adding that the breach "was mainly caused by a stolen private key”. Once in possession of the funds, the threat actors reportedly used the decentralized exchange aggregator "1inch" to obtain ether, and then the privacy mixer Tornado Cash, which can obfuscate funds by mixing illicit tokens with "clean" crypto - making the proceeds more difficult for law enforcement authorities to trace.
Smartphone payment provider LINE Pay announced that around 133,000 users' payment details were mistakenly published on GitHub. Among the leaked details were the date, time, and amount of transactions, plus user and franchise store identification numbers.
The information – which covered over 51,000 Japanese users and almost 82,000 Taiwanese and Thai users – was accessed 11 times during the ten weeks it was available online. The information has since been removed, and LINE said users have been notified. The fintech division of the communication app company issued an apology and promised to train staff better.
Google took steps to disrupt the operations of a sophisticated "multi-component" botnet called Glupteba that infected more than one million Windows computers across the globe and stored its command-and-control server addresses on Bitcoin's blockchain as a resilience mechanism.
As part of the efforts, Google's Threat Analysis Group (TAG) said it partnered with the CyberCrime Investigation Group to terminate around 63 million Google Docs that were observed to have distributed the malware, alongside 1,183 Google Accounts, 908 Cloud Projects, and 870 Google Ads accounts that were associated with its distribution. Google TAG further said it worked with internet infrastructure providers and hosting providers, to dismantle the malware by taking down servers and placing interstitial warning pages in front of the malicious domains.
Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.