Iranian Hackers using Spoofed Emails to Steal Election Data

Some Iranian state-sponsored hacking groups have been attempting to steal voter registration data from various election sites in the U.S. The FBI has shared details about various TTPs used by these hackers.

Hackers spoof Proud Boys

On October 30, the CISA and the FBI shed light on the activities of Iranian state-sponsored hackers and alerted voters in a joint advisory. Hackers were seen using fake Proud Boys-themed emails.

The advisory stated that the Iranian APT actors are attempting to exploit misconfiguration and known vulnerabilities, such as directory traversal, SQL injection, web shell uploads, and unique flaws in election websites, using the Acunetix vulnerability scanner and advanced open-source queries.

In addition, the hackers used paid VPN services such as NordVPN, CDN77, HQSERV, and M247, along with curl and FDM in the campaign.

Earlier preparation

In mid-October, Proofpoint researchers observed emails purporting to be from a far-right and neo-fascist male-only organization, known as Proud Boys, threatening the recipient (Democratic voters).

A few weeks ago, in a press conference, Director of National Intelligence (DNI) John Ratcliffe had stated that Iran and Russia have gained access to voter registration information and Iran has been using it to send out threatening emails to Democratic voters.

CISA and FBI advisories

According to an FBI flash alert, in this fake Proud Boys campaign, the hackers had obtained copies of voter registration data between September 29 and October 17.

On October 22, CISA and FBI published a joint advisory warning that Iranian APTs are attempting to obtain election data by creating fictitious media sites and spoofing legitimate media sites.

Security recommendations

The FBI and the CISA have provided several recommendations including keeping all the applications updated and patched, regularly auditing the networks for any vulnerabilities, and disabling any unused services and ports to minimize exposure to outside networks.

Cybercriminals Siphoning Funds from Cryptocurrency Services and Exchanges

Cybercriminals are adding feathers to their crime nests by siphoning funds from cryptocurrency services and exchanges. Hackers have been stealing money by targeting small to big cryptocurrency trading platforms using various tricks and tactics.

A cryptographic exploit

Recently, threat actors took advantage of an engineering mistake made by decentralized finance (DeFi) service Harvest Finance and stole roughly $24 million worth of cryptocurrency assets.

According to Harvest Finance investigation, the hackers had executed several attacks against assets inside some of the vaults, deposited into shared pools of underlying DeFi protocols (such as the Y pool on Curve.fi).

Hackers stole $13 million worth of USD Coin (USDC) and $11 million worth of Tether (USDT). But within minutes of the attack, the hackers returned $2.5 million back to the platform without any specific reason.

Other recent attacks

Attacking cryptocurrency exchanges and its users has apparently become a common practice among hackers because a successful heist often results in a multi-million grab within seconds.

A few days ago, hackers had launched an SS7 mobile attack to gain access to Telegram messenger and email data of high-profile individuals in the cryptocurrency business, all subscribers of the Partner Communications Company.

In September, an intruder managed to drain KuCoin cryptocurrency exchange for bitcoin assets, ERC-20-based tokens, along with other types of tokens for $150 million.

In the same month, the European crypto exchange Eterbase suffered a targeted attack and lost a whopping amount of $5 million.

No traces

In October, hackers were seen shifting a massive batch of funds from the Bitfinex hack in 2016 to unknown wallets in separate transactions. In total, these hackers have moved a total of around 8,600 Bitcoin (approx $88.6 million) to unknown wallets in 2020.

Closing statement

Cryptocurrency hackers are not only looting cryptocurrencies but they are also shifting funds frequently to unknown wallets to probably cash out their profits. Cryptocurrency platforms should implement automated upgradability features for new vaults for possible mitigations in the future.

link:https://bit.ly/33lmzHI Bitcoin Donation:bc1qlta25appmmfnam3s22a057shp5mg50g0hle5xw

visite:www.hackerhacking.com