Cybersecurity Alert! ???? Lazarus Group Strikes Again! ????

Oct 30 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that wants to make all the cybercriminals compete in a weekly ballroom dancing competition called Strictly Scum Dancing ????

Today’s hottest cybersecurity news stories:

  • ⚰️ Lazarus rises! N. Korean hackers hit Russian software vendor ????‍????

  • ???? Wiretapping hack on XMPP-based instant messaging service ????‍♂️

  • ???? MOVEit or lose it! Hackers do the dirty on CCleaner software ????

Without Putin words in their mouth, we don’t suppose the U.S. will be Russian to their aid ????????????

In a recent cyber attack, the notorious North Korea-aligned Lazarus Group targeted an unnamed software vendor by exploiting known security flaws in high-profile software. ????

According to Kaspersky, the attack unleashed malware families like SIGNBT and LPEClient, a hacking tool used for victim profiling and payload delivery. ????️‍♂️

Security researcher Seongsu Park highlighted the adversary's high-level sophistication and the use of advanced evasion techniques. The SIGNBT malware in this attack used a diverse infection chain and sophisticated methods. ????️????

As longtime readers will know, this is far from their first rodeo. ???? The exploited software company had suffered previous Lazarus attacks, possibly aimed at stealing source code or contaminating the software supply chain. ????

The Lazarus Group continued exploiting vulnerabilities in the victim company's software and others. As of mid-July 2023, multiple victims were identified. ????️

The attackers used legitimate security software to encrypt web communications, though the software's name and weaponization method remain undisclosed. ????

SIGNBT, the primary malware, communicates with a remote server through unique strings and a Windows backdoor. This malware wields extensive control over infected systems. ????????

Kaspersky uncovered multiple Lazarus campaigns in 2023, all utilising LPEClient malware. One campaign introduced the Gopuram implant, targeting cryptocurrency companies through a trojanized 3CX software. ????????

The Lazarus Group continues to evolve and expand its arsenal, posing a significant threat in today's cybersecurity landscape. ????????️ It’s a jungle out there. ????

Stay vigilant and keep your systems updated to defend against such cyber threats! ????????

Cybersecurity is more important than ever, and your Mac or PC are no exception. Over time, your Mac or PC can accumulate junk files, malware, and other threats that can slow it down and make it vulnerable to attack.

That's where MacPaw comes in. MacPaw offers a suite of easy-to-use apps that can help you clean, optimize, and secure your Mac. With MacPaw, you can:

  • Remove junk files and malware to free up space and improve performance

  • Protect your privacy by erasing sensitive data

  • Optimize your startup settings to speed up boot times

  • Manage your extensions and apps to keep your Mac or PC running smoothly

Since 2008 MacPaw is trusted by over 30 million users worldwide, and it's the perfect solution for keeping your Mac or PC safe and secure.

WhatsHack? Telescam? Snaphack? ???????? Kidding, it’s ‘Jabber’ (the hack) ????

???? Cybersecurity Alert! Covert Traffic Intercepted! ????

Startling revelations have uncovered a covert attempt to intercept traffic from the jabber.ru instant messaging service through servers hosted in Germany by Hetzner and Linode (an Akamai subsidiary). ????

A security researcher known as ValdikSS unveiled this scheme, where the attacker deployed new TLS certificates via Let's Encrypt to hijack encrypted STARTTLS connections on port 5222 through a transparent man-in-the-middle proxy. ????️‍♂️

The wiretapping persisted for approximately six months, starting from April 18 and continuing until October 19, 2023. Suspicious activity was first noticed on October 16 when an admin received an "expired certificate" message. ????

The attacker seemingly halted their operation as soon as an investigation into the man-in-the-middle incident commenced on October 18. The identity of the attacker remains unclear, but it's suspected to be a lawful interception tied to a German police request. ????

There's a slim chance that this could be an intrusion into Hetzner and Linode's internal networks, targeting jabber.ru. ????

Users of the service are strongly advised to assume their communications over the past 90 days are compromised, inspect their accounts for unauthorised keys, and change their passwords. ????????

Stay vigilant and safeguard your online communications!

???? Catch of the Day!! ????????????

???? The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can't get fooled again.” Good ol’ George Dubya ???? Let us tell who’s not fooling around though; that’s the Crüe ???? at Motley Fool. You’d be a fool (alright, enough already! ????) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ???? Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ???? (LINK)


???? Wander: Find your happy place. Cue Happy Gilmore flashback ????️⛳????????️ Mmmm Happy Place… ???? So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ????️???? (LINK)


???? Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts ???????? (Great movie, to be fair ????). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty ????). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho ???? And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ???? (LINK)

Time to CClean house? ????

???? Breaking News: CCleaner Data Breach Unveiled! ????

CCleaner, the popular system optimization software, has fallen victim to the MOVEit hack. ???? As a result, a limited amount of personal information of CCleaner customers has been compromised.

The exposed data includes customer names, contact info, and product purchase details, but sensitive financial info, like bank or credit card data, remains secure. Even high-risk data such as login credentials is unharmed. ????????

It's worth noting that CCleaner's official website appears to be functioning smoothly at the moment. ????

Troy Hunt, founder of Have I Been Pwned, was alerted to the breach when CCleaner's security team informed him about the exposure of personal data on the dark web. CCleaner promptly responded to the vulnerability, securing their systems and launching an investigation. ????️‍♂️????

In an attempt to save face, CCleaner is offering BreachGuard, a dark web monitoring service, free for six months to affected customers. BreachGuard monitors for data breaches, tracks personal info on the dark web, and provides region-specific privacy resources. Instructions will be sent to affected customers via email. ????????

While this breach is concerning, CCleaner's swift action and BreachGuard offer provide reassurance. They're dedicated to maintaining trust and confidence with their users. Stay tuned for updates! ????️

????️ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Libby Copa: The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.

  • Techspresso: Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles