At a glance.
- FBI attributes $1.5 billion Bybit hack to DPRK hackers.
- Cellebrite suspends services in Serbia following allegations of misuse.
- US DNI orders legal review of UK's request for iCloud backdoor.
- Cleveland Municipal Court remains closed following cyber incident.
FBI attributes $1.5 billion Bybit hack to DPRK hackers.
The US Federal Bureau of Investigation (FBI) has confirmed that North Korean hackers were behind last week's theft of $1.5 billion worth of Ethereum from the Bybit cryptocurrency exchange. The FBI attributes the hack to an activity cluster tracked as "TraderTraitor," which is tied to Pyongyang's Lazarus Group.
The Bureau provided a list of fifty-one Ethereum addresses holding assets from the theft, stating, "FBI encourages private sector entities including RPC node operators, exchanges, bridges, blockchain analytics firms, DeFi services, and other virtual asset service providers to block transactions with or derived from addresses TraderTraitor actors are using to launder the stolen assets."
Bybit CEO Ben Zhou has shared the results of two investigations into the hack, BleepingComputer reports. Investigators from Sygnia concluded that "the root cause of the attack is malicious code originating from Safe{Wallet}'s infrastructure." Researchers at Verichains added, "The attack specifically targeted Bybit by injecting malicious JavaScript into app.safe.global, which was accessed by Bybit's signers. The payload was designed to activate only when certain conditions were met. This selective execution ensured that the backdoor remained undetected by regular users while compromising high-value targets....Based on the investigation results from the machines of Bybit's Signers and the cached malicious JavaScript payload found on the Wayback Archive, we strongly conclude that AWS S3 or CloudFront account/API Key of Safe.Global was likely leaked or compromised."
The hack currently stands as the largest heist of any kind in history, surpassing Saddam Hussein's theft of $1 billion from the Central Bank of Iraq in 2003.
Cellebrite suspends services in Serbia following allegations of misuse.
Israeli cell phone data extraction firm Cellebrite has dropped the Serbian government as a customer following a report that the Serbian police had used the company's tools to hack the phones of a journalist and an activist, TechCrunch reports. Amnesty International published a report in December 2024 asserting that Serbian authorities used Cellebrite's hacking software in combination with an Android-focused spyware tool to "covertly infect individuals’ devices during periods of detention or police interviews."
Cellebrite said in a statement, "We take seriously all allegations of a customer’s potential misuse of our technology in ways that would run counter to both explicit and implied conditions outlined in our end-user agreement. After a review of the allegations brought forth by the December 2024 Amnesty International report, Cellebrite took precise steps to investigate each claim in accordance with our ethics and integrity policies. We found it appropriate to stop the use of our products by the relevant customers at this time."
US DNI orders legal review of UK's request for iCloud backdoor.
US Director of National Intelligence Tulsi Gabbard has ordered a legal review of the UK government's secret demand for Apple to provide a backdoor to access users' iCloud data, the Record reports. Apple recently said it would stop offering its Advanced Data Protection (ADP) feature in the UK rather than comply with the demand.
Gabbard said in a response to a letter from Senator Ron Wyden (Democrat of Oregon) and Representative Andy Biggs (Republican of Arizona), "I share your grave concern about the serious implications of the United Kingdom, or any foreign country, requiring Apple or any company to create a 'backdoor' that would allow access to Americans' personal encrypted data. This would be a clear and egregious violation of Americans’ privacy and civil liberties, and open up a serious vulnerability for cyber exploitation by adversarial actors."
Gabbard added, "My lawyers are working to provide a legal opinion on the implications of the reported UK demands against Apple on the bilateral Cloud Act agreement. Upon initial review of the U.S. and U.K. bilateral CLOUD Act Agreement, the United Kingdom may not issue demands for data of U.S. citizens, nationals, or lawful permanent residents, nor is it authorized to demand the data of persons located inside the United States. The same is true for the United States – it may not use the CLOUD Act agreement to demand data of any person located in the United Kingdom."
Cleveland Municipal Court remains closed following cyber incident.
The Cleveland Municipal Court is closed for the fourth day in a row following a "cyber incident" earlier this week. The court hasn't disclosed the nature of the incident, but News 5 Cleveland cites an expert as saying ransomware is the most likely cause.
The court said in a Facebook post, "As a precautionary measure, the Court has shut down the affected systems while we focus on securing and restoring services safely. These systems will remain offline until we have a better understanding of the situation. All internal systems and software platforms will be shut down until further notice."
The Ohio National Guard and Ohio Cyber Reserve are assisting in the response.
