Nearly $620 Million Stolen in Major Cryptocurrency Heist
Read also: the US charges four Russian hackers, Lapsus$ leaks 70GB of Globant data, and more.
Thursday, March 31, 2022
Hackers stole almost $620 million from the Ronin network
Ronin, an Ethereum-linked blockchain network for NFT-based video game Axie Infinity, has disclosed a security breach, in which hackers made off with 173,600 Ethereum (ETH) and 25.5 million USDC tokens, worth nearly $620 million.
Although the incident occurred on March 23, the company noticed the theft only a week later, on March 29, after a user reported that they were unable to withdraw 5,000 ETH from the bridge.
The breach impacted Ronin Network validator nodes for Sky Mavis, the publisher of the Axie Infinity game, and the Axie DAO (decentralized autonomous organization).
As the company explained, the attacker compromised Sky Mavis’s four Ronin Validators and a third-party validator run by Axie DAO, and used hacked private keys to forge two fake withdrawals.
Sky Mavis said it halted operations on the Ronin bridge and the Katana decentralized exchange and that it was working with law enforcement, forensic cryptographers, and investors to make sure all funds are recovered or reimbursed.
US charged four Russian government operatives over hacking campaigns against global energy sector
The US authorities unsealed two indictments charging four Russian nationals with years-long hacking campaigns that targeted hundreds of energy companies worldwide from 2012 to 2018.
The indictment from June 2021 accuses an employee of a Russian Ministry of Defense research institute for his role in cyberattacks targeting global energy facilities, including an incident involving the Triton/Trisis malware that caused two emergency shutdowns at a Middle East-based refinery facility between May and September 2017.
The second indictment, from August 2021, charges three employees at Russia's FSB intelligence agency believed to be part of Center 16 operational unit (aka Dragonfly, Energetic Bear, Berzerk Bear, and Crouching Yeti) with a number of cyberattacks targeting companies in the energy sector, including oil and gas firms, nuclear power plants, and utility and power transmission companies, between 2012 and 2017.
Lapsus$ activity continues with new Globant data breach
IT and software consultancy firm Globant has admitted it has suffered a cyberattack after the Lapsus$ data extortion group leaked a 70GB of data on their Telegram channel allegedly stolen from the company. The group claims that the published data includes “some customers source code,” as well as a list of admin credentials that could be used to access various development platforms used by Globant, such as GitHub, Jira, Crucible and Confluence.
Following the leak, Globant published a press release confirming that the company suffered a security breach, where a third party gained unauthorized access to a “certain source code and project-related documentation for a very limited number of clients.” The company said it found no evidence that other areas of its infrastructure or infrastructure of its customers were impacted in the incident.
Law enforcement agencies arrest 65 suspects behind $51M BEC fraud
An international law enforcement operation led by the FBI and global partners resulted in the arrest of 65 people allegedly involved in Business Email Compromise (BEC) schemes that said to have scammed more than $51 million from over 500 US businesses.
Dubbed “Operation Eagle Sweep,” the operation started in September 2021 and lasted three months. As part of the operation, the arrests were carried out in the US, Nigeria, South Africa, Canada, and Cambodia. In parallel with Operation Eagle Sweep, police in Australia, Japan, and Nigeria conducted local operations targeting BEC scammers.
Viasat: The February cyberattack impacted thousands of customers in Ukraine and Europe
Satellite communications giant Viasat, whose Ukrainian KA-SAT satellite broadband service was disrupted on February 24, the day when Russia invaded Ukraine, shared new details on the incident.
In an update on the situation released Wednesday the company said that the cyberattack affected several thousand clients in Ukraine and tens of thousands of other fixed broadband customers across Europe.
Subsequent investigation into the incident revealed that threat actors behind the intrusion gained remote access to the trusted management segment of the KA-SAT network by exploiting a misconfiguration in a VPN device. The attackers then used this access to execute destructive commands that overwrote key data in flash memory on a large number of residential modems, thus crippling their access to the network.
Viasat said it found no evidence that standard modem software or firmware distribution or update processes involved in normal network operations were used or compromised in the attack.
What’s next:
- Follow ImmuniWeb on Twitter and LinkedIn
- Subscribe to newsletter to get the next post automatically
- Explore 18 use cases how ImmuniWeb can help
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Application Security Weekly is a weekly review of the most important news and events in cybersecurity, privacy and compliance. We cover innovative cyber defense technologies, new hacking techniques, data breaches and evolving cyber law. 
