GTA VI gameplay leakage, kiberataka on Revolut and other cybersecurity events
We have collected the most important news from the world of cybersecurity in a week.
- Rockstar Games confirmed the leakage of the source code and gameplay GTA VI.
- Kiberataka on Revolut revealed the personal data of tens of thousands of users.
- South Korea revealed suspicious bitcoin operations for $ 680 million.
- Lviv hackers sold data to Russians 30 million accounts of Ukrainians and EU citizens.
South Korea revealed suspicious cryptocurrency operations for $ 680 million
The financial supervision service of South Korea (FSS) once again discovered dubious foreign exchange operations in the amount of $ 680 million.
According to the agency, most money transfers are associated with cryptocurrencies. Local companies received transactions with Bitcoin-USA, and then sent funds abroad.
82 corporations, including tourist and cosmetology firms, are still involved in illegal financial transactions, the regulator claims.
New facts were established during the ongoing investigation of the alleged assistance of local banks-Shinhan Bank and Woori Bank-foreign transfers to crypto-rhizas in the amount of $ 6.5 billion, which were associated with Kimchi-Premium. Thus, the total amount of suspicious operations is currently $ 7.2 billion.
Later, the hacker also published 9,500 lines of the source code GTA 6, apparently related to the performance of scenarios for various intra-game actions.
Rockstar Games confirmed the reliability of the stolen data from the company’s internal network.
“At present, we do not expect any failures in the work of our game services or another long-term effect on the development of our current projects,” the developers added.
Rockstar Games sent DMCA notifications on Twitter, YouTube and other sites, trying to remove the footage. However, the videos and screenshots have already enclosed on the network.
Kiberataka on Revolut revealed the personal data of tens of thousands of users
Revolut Fintech Startap confirmed that he was subjected to targeted cyberataka, which allowed hackers to gain access to personal data of tens of thousands of customers. Techcrunch writes about this.
According to the representative of Revolut, “the unauthorized third party gained access to information about a small percentage (0.16%) of customers over a short period of time”. The company discovered harmful access late in the evening of September 11 and isolated the attack by morning.
The number of victims is not reported. Nevertheless, in the report submitted to the Lithuanian authorities, the company notified that the attack affected 50,150 customers, including 20,687 customers in the European economic zone and 379 citizens of Lithuania.
Revolut refused to clarify what types of data the hacker gained access, but emphasized that the theft of funds did not occur. In a message sent to injured clients to Reddit, the company added that the leak also did not concern “data card, PIN or passwords”.
According to the team’s assumption, with the help of social engineering methods, hackers probably gained partial access to payment card data, as well as to customer names, addresses, e -mail and phone numbers.
Revolut formed a special team as a precaution, which is instructed to monitor the safety of client accounts.
Lviv hackers sold data to Russians 30 million accounts of Ukrainians and EU citizens
The SBU in Lviv stopped the activities of a hacker group that stole personal information from users’ accounts from Ukraine and the European Union.
The attackers sold confidential data in a darknet. Payment was accepted through payment systems Yumoney, Qiwi and WebMoney.
According to preliminary data, the sale of 30 million accounts brought them almost 14 million hryvnias (about $ 380,000).
The SBU added that hacked accounts were used to disseminate misinformation on the socio-political situation in Ukraine and the EU.
Law enforcement officers seized hard drives, computers, mobile phones, SIM cards and flash drives.
The organizer is suspected of unauthorized distribution of information with limited access. The investigation continues.
Google Tag Manager was used to infect e-commerce sites by malicious
Hackers use Google Tag Manager (GTM) containers to introduce electronic skimmers, which then steal bank cards and personal information on electronic commerce sites. This was reported by Analysts Recorded Future.
Together, the incident affected 569 domains. 314 of them were infected with GTM -sky-artists, the remaining 255 sent stolen data to harmful domains associated with the abuse of GTM.
“Currently, the darknet posts data from more than 165,000 payment cards belonging to the victims of attacks,” the researchers write.
According to them, administrators on average require more than three months to eliminate hacking.
66% of injured sites are based in the USA. The rest are in Canada, Great Britain, Argentina, India, Italy, Australia, Brazil, Greece, Indonesia and other countries.
Experts discovered Trojan to steal passwords through corporate mail
From April to August 2022, Kaspersky Laboratory specialists recorded about 740,000 cases of mailing, containing Trojan spy AGENT TESLA. The addressees of letters were organizations around the world.
The program knows how to steal login and passwords from browsers and other applications, make screenshots, as well as collect data from webcams and keyboards. The received these hackers can sell in a darknet or use in further target attacks on the same companies.
Zlovred spreads in the form of an archive through letters allegedly from suppliers or counterparties. In this spam campaign, attackers use the names of existing companies, copy the style of the letter and signature of the sender.
Hackers give out strange sending addresses using the word “Newsletter”. As a rule, such addresses are typical for newsletters, and not for procurement correspondence. The layman’s domain name also differs from the official name of the company on the logo.
All messages come from a limited set of IP addresses, which indicates the Unified Center for the organization of the attack.
Also on FORKLOG:
- Hackers kidnapped WinterMute assets at $ 160 million.
- The hacked Twitter of the Indian bitcoin foreigns was used for fake advertising XRP.
- Analysts revealed an attack by re-reproduction with Ethereum Pow Bill tokens.
What to read on the weekend?
This week FORKLOG analyzed in detail the Tornado Cash mixer case and the reasons for its blocking.
Read the FORKLOG Bitcoin News in our Telegram-cryptocurrency news, courses and analytics.