Kraken Zero-Day Exploit Leads to $3M Theft!

Jun 21 2024

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s cyber-sonic, give us gin and tonic 🍸🎸🎢 Happy Friday, folks! πŸŽ‰πŸŽ‰πŸŽ‰

It’s Friday, folks, which can only mean one thing… It’s time for our weekly segment!

It goes by many names. Patch of the Week, Tweak of the week. Okay, that’s it.

Congrats, the cybercriminals are no match… for your patch! 🩹🩹🩹

Check out this freshly hatched patch 🐣

Beware of VMware ⚠️⚠️⚠️

🚨 VMware Security Alert: Critical Updates Released! πŸ›‘οΈ

VMware has issued updates for critical flaws in Cloud Foundation, vCenter Server, and vSphere ESXi that could lead to privilege escalation and remote code execution. πŸš¨πŸ”§

Vulnerabilities:

  • CVE-2024-37079 & CVE-2024-37080 (CVSS 9.8): Heap-overflow flaws in DCE/RPC protocol, allowing remote code execution via crafted network packets.

  • CVE-2024-37081 (CVSS 7.8): Local privilege escalation in vCenter due to sudo misconfiguration, enabling root access for authenticated users.

These flaws affect vCenter Server versions 7.0 and 8.0, resolved in updates 7.0 U3r, 8.0 U1e, and 8.0 U2d. πŸ–₯οΈπŸ”§

No active exploitation reported, but users should apply patches immediately due to the severity. βš οΈπŸ’»

Now, today’s hottest cybersecurity news stories:

  • πŸ¦‘ Kraken cryptocurrency exchange suffers $3M theft πŸ’Έ

  • 🌐 AMD are looking into company data theft claims 🀏

  • πŸ‘¨πŸ»β€πŸ’» UNC3886 uses Fortinet, VMware 0-Days to spy πŸ‘€

Release the Kraken!!! πŸ™πŸ¦‘πŸ²

Kraken Boardgames GIF by Perro Loko Games

Gif by PerrolokogamesCompany on Giphy

πŸš¨πŸ’° Kraken Zero-Day Exploit Leads to $3M Theft! πŸ’°πŸš¨

Security Breach at Kraken πŸ›‘οΈπŸ”“ Kraken, a major crypto exchange, revealed a security incident where a researcher exploited a critical zero-day flaw, stealing $3 million in digital assets.

Exploited Vulnerability βš οΈπŸ”’

  • Flaw: Allowed artificial inflation of account balance

  • Discovered: Bug Bounty alert received

  • Resolved: Issue fixed within 47 minutes

Deposit Exploit πŸš¨πŸ’°

  • Method: Initiated deposit without completing it, receiving funds

  • Risk: No client assets affected, but allowed asset creation

  • Cause: Recent user interface change enabling premature fund use

Exploitation Timeline πŸ—“οΈπŸ”

  • Initial Alert: Kraken identified the flaw within minutes

  • Further Investigation: Three accounts exploited the flaw

  • Stolen Amount: Nearly $3 million from Kraken’s treasury

From Research to Extortion πŸ˜‘πŸ’Ό

  • Researcher Action: Exploited flaw to credit $4 in crypto

  • Misuse: Shared exploit with two others, leading to $3 million theft

  • Demand: Requested payment for PoC exploit and fund return

Kraken’s Response πŸš”βš–οΈ

  • Engagement: Coordinating with law enforcement

  • Message: Emphasised ethical rules of bug bounty programs

  • Warning: Actions taken were deemed extortion, not white hat hacking

Key Takeaways πŸ“πŸ”

  • Security Programs: Importance of following bug bounty rules

  • Ethical Hacking: Distinguish between responsible disclosure and criminal activity

  • Rapid Response: Effective incident resolution minimises damage

Stay vigilant and adhere to ethical standards in cybersecurity! πŸŒπŸ”’

AMD hack TBC πŸ‘€πŸ‘€πŸ‘€

πŸš¨πŸ”“ AMD Investigates Data Breach Claims! πŸ”“πŸš¨

Data Breach Investigation! πŸ•΅οΈβ€β™‚οΈπŸ” On June 18, AMD announced it is investigating claims of a data breach by a cybercriminal group named "Intelbroker."

Official Statement πŸ—£οΈπŸ“

  • Collaboration: Working with law enforcement and a third-party hosting partner

  • Objective: Assess the validity and significance of the stolen data

Sensitive Information Exposed πŸ”“πŸ“‚

  • Reported Stolen Data: Future product details, customer databases, financial records

  • Media Reports: Intelbroker claimed responsibility for the breach

Market Impact πŸ“‰πŸ’΅

AMD Shares: Marginal decline in extended trading

Ongoing Investigation πŸš”βš–οΈ

  • Law Enforcement: Close cooperation to determine breach scope

  • Security Measures: Strengthening defences to prevent future incidents

Stay tuned for updates on this developing story. πŸ“°πŸ”’

🎣 Catch of the Day!! 🌊🐟🦞

Instantly calculate the time you can save by automating compliance

Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, ISO 42001, HIPAA, HITRUST CSF, NIST AI, and more.

Plus, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center, all powered by Vanta AI.

Instantly calculate how much time you can save with Vanta.

[Calculate now]

I can UNC you πŸ•΅πŸ‘€πŸ’€

🚨 China-Linked Cyber Espionage Group UNC3886 Exploits Zero-Days! πŸ•΅οΈβ€β™‚οΈ

Advanced Tactics Unveiled! πŸ”“πŸ“‰ UNC3886, a China-nexus cyber espionage actor, uses multiple persistence mechanisms to maintain access to compromised environments, targeting network devices, hypervisors, and virtual machines.

Exploited Zero-Day Flaws βš οΈπŸ”§

UNC3886 exploited several zero-day flaws:

  • CVE-2022-41328 (Fortinet FortiOS)

  • CVE-2022-22948 (VMware vCenter)

  • CVE-2023-20867 (VMware Tools)

Diverse Target Profile πŸŒπŸ’Ό

UNC3886 targeted entities in North America, Southeast Asia, and Oceania, affecting:

  • Governments

  • Telecommunications

  • Technology

  • Aerospace and Defense

  • Energy and Utilities

Rootkits and Backdoors πŸšͺπŸ”§

UNC3886 used rootkits like Reptile and Medusa on guest VMs and deployed backdoors such as MOPSLED and RIFLESPINE, using GitHub and Google Drive for command-and-control (C2).

Key Malware Families πŸ¦ πŸ’»

  • LOOKOVER: Sniffer for TACACS+ packets

  • VIRTUALSHINE: VMCI sockets-based backdoor

  • VIRTUALPIE: Python backdoor

  • VIRTUALSPHERE: VMCI-based backdoor

Strengthening Defences πŸ›‘οΈπŸ› οΈ

Organisations should follow security recommendations from Fortinet and VMware to protect against these advanced threats.

Stay vigilant and keep your defences strong! πŸŒπŸ”

πŸ—žοΈ Extra, Extra! Read all about it! πŸ—žοΈ

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • πŸ›‘οΈ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday πŸ“…

  • πŸ’΅Β Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for πŸ†“

  • πŸ“ˆΒ Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future πŸ‘Ύ

Let us know what you think.

So long and thanks for reading all the phish!

footer graphic cyber security newsletter

Recent articles