At a glance.
- Nemesis and ShinyHunters target misconfigured websites.
- Radiant Capital attributes $50 million cryptocurrency theft to DPRK hackers.
- Romanian energy company hit by ransomware.
Nemesis and ShinyHunters target misconfigured websites.
Security researchers Noam Rotem and Ran Locar discovered a widespread hacking operation tied to the Nemesis and ShinyHunters threat actors, targeting vulnerabilities in improperly configured public websites. The hackers accidentally exposed their stolen data, tools, and possible identities in a misconfigured AWS S3 bucket.
vpnMentor published a report on the operation, stating, "This incident resulted in the exposure of sensitive keys and secrets, granting unauthorized access to customer data. A sophisticated and extensive infrastructure, orchestrated by threat actors from a French-speaking country, conducted comprehensive scans of the internet, searching for exploitable vulnerable endpoints. These vulnerable endpoints gave the attackers access to infrastructure credentials, proprietary source code, application databases, and even credentials to additional external services in some cases."