You don’t want this toolkit in your house.

Jun 20 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that brings the party to cybercrime like it’s December 2020 at the Conservative Campaign Headquarters! 🎉🎉🎉 🙈 #partygate

Today’s hottest cyber security stories:

  • Apple macOS users BEWARE! Tinker Tailor Soldier ‘JokerSpy’ toolkit

  • U.S. govt offers $10m reward for MOVEit attackers

  • Adrian Kwiatkowski fined £101,503 for stealing unreleased music

Where’s your data? Toolkit took it

A sophisticated toolkit aimed at compromising Apple macOS systems has been discovered by cybersecurity researchers.

According to a preliminary report published on Friday by Bitdefender researchers Andrei Lapusneanu and Bogdan Botezatu, these malicious artefacts remain largely undetected, with scarce available information.

The analysis conducted by the Romanian firm is based on four samples uploaded to VirusTotal by an unidentified victim, with the earliest sample originating from April 18, 2023.

Among the identified samples, two are classified as generic Python-based backdoors named JokerSpy.

These backdoors are designed to target Windows, Linux, and macOS systems.

One of the components, labelled shared.dat, performs an operating system check upon execution, assigning values of 0 for Windows, 1 for macOS, and 2 for Linux. It then establishes communication with a remote server to retrieve additional instructions for execution.

These instructions encompass activities such as collecting system information, executing commands, downloading and running files on the compromised machine, and eventually terminating itself.

Scary stuff!

Uncle Sam wants YOU to MOVEit

The US Department of State has announced a reward of $10 million through its Rewards for Justice initiative for any information that establishes a connection between members of a Clop ransomware affiliate group, responsible for a recent data extortion campaign, and a foreign government.

This announcement was made under the #StopRansomware hashtag, as part of the department's ongoing efforts to enhance national security by seeking information on various threats such as terrorists, cyber actors, North Korean activities, and election interference.

The department's post invites individuals to provide tips if they possess information that links the Clop ransomware gang or any other malicious cyber actors targeting critical infrastructure in the United States to a foreign government. Submitters of valuable tips could potentially qualify for the offered reward.

Clop the madness!

This development follows the successful execution of a Clop campaign that specifically targeted users of the widely used MOVEit managed file transfer service.

By exploiting a zero-day vulnerability within the software, the group claims to have gained access to data belonging to numerous organisations.

The campaign has impacted various prominent entities, including renowned brands like British Airways, Boots, the BBC, and multiple US government agencies.

The Clop affiliate is engaged in an extortion scheme, demanding payment from victims under the threat of leaking their stolen data if the ransom is not paid.

only Ed Sheeran fan’s might get this 😂

What’s next? We’ll have to Kwiat and Ski…

The dark web hacker previously pleaded guilty to multiple charges, including copyright offences, computer misuse, possession of criminal property, and converting criminal property.

In a significant development for intellectual property crime, a court has granted a confiscation order against a hacker who was previously jailed for stealing unreleased music owned by Ed Sheeran and Lil Uzi Vert and selling it on the dark web in exchange for cryptocurrency.

Adrian Kwiatkowski, a 23-year-old resident of Ipswich, was given three months to pay £101,503 by the Ipswich Crown Court on May 26, 2023. The order was secured by the Police Intellectual Property Crime Unit (PIPCU) at the City of London Police.

The confiscated amount consists of £51,975 held in a bank account owned by Kwiatkowski and 2.64 BTC (Bitcoin), which is worth £49,528.

The assets were seized by PIPCU officers when they arrested Kwiatkowski in 2019. Failure to comply with the payment within the stipulated three months will result in an additional 18 months of imprisonment for Kwiatkowski.

Kwiatkowski had previously pleaded guilty to multiple charges, including copyright offences, computer misuse, possession of criminal property, and converting criminal property.

He spent 18 months in prison after being sentenced at Ipswich Crown Court in October 2022.

His actions had caused significant financial harm to several musicians and their production companies, while also depriving them of the ability to release their own work.

That’s all for today, folks! Stay safe out there!

So long and thanks for reading all the phish!

Recent articles