At a glance.
- Aflac hit by suspected Scattered Spider attack.
- Pro-Israel hackers burned $90 million stolen from Iranian crypto exchange.
- Billions of previously stolen credentials were exposed in unsecured databases.
Aflac hit by suspected Scattered Spider attack.
US-based insurance provider Aflac has disclosed that a cybercriminal group breached its network via social engineering and may have stolen sensitive customer information, the Record reports. The company is still determining the number of affected individuals, but says the "potentially impacted files contain claims information, health information, social security numbers, and/or other personal information, related to customers, beneficiaries, employees, agents, and other individuals in our U.S. business."
A source close to the incident told the Record that the attack bears the hallmarks of the cybercriminal group Scattered Spider. Researchers at Google warned this week that Scattered Spider has pivoted its targeting to the US insurance industry. Aflac hasn't attributed the attack to a particular actor, but stated, "This attack, like many insurance companies are currently experiencing, was caused by a sophisticated cybercrime group. This was part of a cybercrime campaign against the insurance industry."
Pro-Israel hackers burned $90 million stolen from Iranian crypto exchange.
The pro-Israel hacking group Predatory Sparrow has claimed credit for stealing more than $90 million in cryptocurrency from Nobitex, Iran's largest crypto exchange, according to researchers at Elliptic. The hackers sent the money to vanity addresses with anti-Iranian messages as their public keys, meaning the funds are essentially impossible for anyone to access. Elliptic explains, "The hack does not appear to be financially motivated. The vanity addresses used by the hackers are generated through 'brute force' methods - involving the creation of large numbers of cryptographic key pairs until one contains the desired text. But creating vanity addresses with text strings as long as those used in this hack is computationally infeasible."
Nobitex's website is still down, and Predatory Sparrow yesterday published what it claims is the company's full source code, PBS reports. Predatory Sparrow presents itself as a hacktivist group, but is widely believed to have ties to the Israeli government.
The Iranian government has shut down most of the country's Internet to thwart alleged Israeli cyberattacks, the Wall Street Journal reports. Tehran's communications ministry said the shutdown was due to "the aggressor’s abuse of the country’s communication network for military purposes."
Billions of previously stolen credentials were exposed in unsecured databases.
Researchers at Cybernews discovered thirty exposed datasets containing sixteen billion login credentials for a variety of online services. Most of the datasets were stored in unsecured Elasticsearch instances, which have since been taken offline. It's unclear who owns the data, but the researchers note that most of the credentials are "a mix of details from stealer malware, credential stuffing sets, and repackaged leaks."
BleepingComputer notes that the credentials are not from a new breach, despite some misleading reports to the contrary. Rather, the stolen credentials were likely already circulating in various criminal souks until they were "collected by a cybersecurity firm, researchers, or threat actors and repackaged into a database that was exposed on the Internet." Still, the discovery serves as a reminder of just how many stolen credentials are out there.
