Start using any ImmuniWeb product instantly after a quick customization and secure online payment. Alternatively, request your free demo.

Total Tests:

Law Enforcement Agencies Disrupt Hydra Market, Cyclops Blink botnet

Thursday, April 7, 2022 By Read Time: 3 min.

Read also: Hackers abused MailChimp internal tool to conduct phishing attacks, Block disclosed an insider data breach, and more.


Germany takes action against the world’s largest dark web marketplace Hydra

German police in cooperation with US law enforcement have seized servers of Hydra Market, a Russia-based dark web platform that offered illicit goods, such as drugs, stolen credit card information, forged documents, and other illegal items.

In addition to servers, the police has also seized crypto wallets holding 543 bitcoins worth more than $24 million. The marketplace has been operating since 2015, and had around 17 million user accounts and 19,000 sellers.

Following the platform’s shutdown the US Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against Hydra and a Russian crypto exchange Garantex. It said it identified over 100 virtual currency addresses associated with Hydra’s operations that have been used to conduct illicit transactions.

The FBI disrupts Russia-linked Cyclops Blink botnet that targeted WatchGuard, Asus devices

The FBI disabled a global botnet known as “Cyclops Blink” consisting of thousands of infected devices worldwide allegedly controlled by Sandworm, a unit of Russia’s main intelligence agency.

First spotted in June 2019, the Cyclops Blink malware is believed to be a successor to another Sandworm botnet called VPNFilter disrupted in 2018, and specifically targets WatchGuard and Asus devices.

The operation, which was carried in March 2022, copied and removed the Cyclops Blink malware from vulnerable network devices that the Sandworm APT used for command and control of the underlying botnet, the US Department of Justice said in a press release. The disruption of command and control mechanism allowed the FBI to cut off Sandworm from the network of infected bots.

MailChimp internal tool used in phishing attacks targeting crypto holders

The email marketing company MailChimp has suffered a data breach after some of the company’s employees have been tricked by a social engineering attack seeking to steal log-in credentials.

The hackers have managed to gain access to internal customer support and account management systems at MailChimp and accessed 319 MailChimp accounts using the stolen credentials. The attackers then exported “audience data,” most probably mailing lists, from 102 customer accounts.

The hack came to light over the weekend after numerous owners of Trezor hardware cryptocurrency wallets complained on social media about suspicious data breach notification alerts informing users of a security incident at Trezor.

Trezor later published a message on Twitter, in which it stated that MailChimp was compromised by hackers.

MailChimp confirmed the incident and said that the company took steps to address the situation. As of right now it’s unclear how many other cryptocurrency platforms were impacted by the breach, but it’s safe to assume that Trezor is not the only company affected. Decentraland, a 3D virtual world browser-based platform, has also reported that their newsletter subscribers’ email addresses were leaked in a MailChimp data breach.

Block says former Cash App employee stole customer data

Block (formerly known as Square) disclosed a data breach involving a former Cash App employee who downloaded reports containing some US customer information, including full name and brokerage account number, and, in some cases, brokerage portfolio value, brokerage portfolio holdings and/or stock trading activity for one trading day.

The data breach occurred on December 10, 2021 but the company said that it only recently discovered the theft. Block said it notified around 8.2 million current and former customers, as well as relevant authorities of the incident.

The company said that the stolen reports did not include usernames/ passwords, Social Security numbers, date of birth, payment card information, addresses, bank account information, security code, access code, or password used to access Cash App accounts.

Cyberattack disrupts operations of the UK retailer The Works

The Works, the UK-based value retailer selling arts, crafts, books, stationery and toys, closed some of its stores due to cash register issues after it was hit by a cyberattack.

In a short security incident notice the company said it detected an unauthorized access to its computer systems, which caused limited disruption to trading and business operations and forced the company to temporarily suspend replenishment deliveries. As a precautionary measure, The Works disabled all internal and external access to its systems, including mail.

The company said the payment data was not affected in the incident. It noted, however, that the full extent of a possible data breach is not clear, as of yet.


What’s next:


Application Security Weekly is a weekly review of the most important news and events in cybersecurity, privacy and compliance. We cover innovative cyber defense technologies, new hacking techniques, data breaches and evolving cyber law.
Book a Call Ask a Question
Talk to ImmuniWeb Experts
Have a technical question?

Our security experts will answer within
one business day. No obligations.

Have a sales question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
Your data will stay private and confidential