French police arrested Julius “Zeekill” Kivimäki, one of the most notorious hackers, wanted by Finland’s authorities
Read also: A global phishing syndicate used over 500 apps to steal data from phones, MITRE unveils a free tool to help organizations strengthen cyber resilience, and more.
Thursday, February 9, 2023
Finland’s most wanted hacker arrested in France
French police apprehended Julius “Zeekill” Kivimäki, one of the most notorious hackers and a former member of Lizard Squad, wanted by Finland’s authorities for his involvement in a hack of the psychotherapy center Vastaamo that exposed private information of thousands of patients.
Finnish police had issued a European arrest warrant for Kivimäki who has been charged with eight offenses related to the Vastaamo breach, including hacking, racketeering and extortion, and leaking private data.
The Vastaamo breach made headlines in October 2020 after a hacker under the alias “Ransom Man” demanded a 40 bitcoin (~450,000 euros at the time) ransom in exchange for not leaking patients’ private information. After Vastaamo refused to pay Ransom Man began contacting patients, demanding they pay about 200 euros within 24 hours or get their data exposed.
Ultimately, more than 20,000 records were exposed, and, according to the police, financial data stolen in the hack was also later used to perpetrate fraud.
European police takes down encrypted messaging app used by criminals
Exclu, an encrypted messaging platform used by organized crime groups, has been dismantled as a result of a joint effort carried out by law enforcement agencies from the Netherlands, Poland, and Belgium.
As part of the operation, 45 suspects were arrested, including administrators and owners of the service, as well as its users. The police also dismantled two drug laboratories, and seized 200 phones, illegal drugs, and over 5 million euros in cash.
According to Eurojust’s press release, the law enforcement agencies gained access to the platform and covertly spied on communications of its users for five months before conducting coordinated raids.
Massive ESXiArgs ransomware wave encrypts thousands of VMware ESXi servers worldwide
A massive wave of ransomware attacks that surged over the past few days has been encrypting thousands of vulnerable VMware ESXi servers across the globe, mainly in France, Germany, and the United States, cybersecurity authorities warn.
Based on some reports it appears that threat actors are exploiting an old ESXi OpenSLP heap-overflow vulnerability (CVE-2021-21974) fixed by VMware back in 2021 to deploy a ransomware strain called “ESXiArgs.” To date more than 3,000 ESXi are said to have been targeted in these attacks.
For its part, VMware said it found no indication that a previously unknown vulnerability (so called zero-day) is being exploited in these attacks. The company recommended customers to upgrade to the latest supported versions of vSphere to address currently known security issues and to disable the OpenSLP service in ESXi. The US Cybersecurity and Infrastructure Security Agency (CISA) released a tool to recover encrypted servers.
At this point, it is not clear who is behind the ESXiArgs ransomware, but Italian authorities said that the campaign appears to be the work of cybercriminals and not nation state hackers.
A global phishing syndicate used over 500 apps to spy and steal data from phones
Hong Kong police together with Interpol disrupted an international cyber crime gang that leveraged SMS phishing and 563 fake apps disguised as banks, media players, dating and camera apps to steal financial and personal data from victims’ mobile devices. The stolen data was then sent to more than 200 servers hosted in Hong Kong and other countries and used to steal funds from victims’ bank accounts.
According to media reports, the campaign’s operators resided in mainland China, the Philippines and Cambodia and mainly targeted people in Japan and South Korea.
MITRE unveils a free tool to help organizations strengthen cyber resilience
MITRE has released the Cyber Resiliency Engineering Framework (CREF) Navigator, a free visualization tool designed to help organizations build secure and trustworthy systems. The CREF Navigator is a relational database that contains MITRE ATT&CK techniques and mitigations and allows engineers to understand the risks of attacks against systems they’re designing.
In related news, the US National Institute of Standards and Technology (NIST) announced that it selected a group of cryptographic algorithms called “Ascon” as NIST’s lightweight cryptography standard for IoT data protection.
What’s next:
- Follow ImmuniWeb on Twitter and LinkedIn
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Application Security Weekly is a weekly review of the most important news and events in cybersecurity, privacy and compliance. We cover innovative cyber defense technologies, new hacking techniques, data breaches and evolving cyber law. 
