InfoSec Round-Up July 16th

Play Video

Crypto Seizures, REvil Blackout & Academics Targeted

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

UK Crypto Seizures

The UK’s Metropolitan Police have seized a record £180 million worth of cryptocurrency, funds linked to an international money laundering operation based in London.

With investigators noting that they will “stop at nothing” to identify those involved, as well as describing the success as a “significant landmark”, it is the largest seizure of its kind in the UK, exceeding a June confiscation of £114 million.

Made as part of an ongoing investigation into international money laundering by the Met’s Economic Crime Command, a 39-year-old woman, who was arrested on the 24th of June, has been questioned in relation to the funds

Deputy Assistant Commissioner Graham McNulty said: “Proceeds of crime are laundered in many different ways.” Adding, “While cash still remains king in the criminal world, as digital platforms develop we're increasingly seeing organised criminals using cryptocurrency to launder their dirty money.”

Ransomware Website Disappears

The website belonging to Russia-based ransomware syndicate REvil, this Tuesday and without explanation, has gone offline.

The gang who are behind many significant attacks, such as the recent JBS hack and that against UK utilities company Elexon, claim to have made over $100 million from their criminal activities in 2020 alone.

Though it is unclear how or why the website has vanished, some recent victims have been left unable to negotiate or make payments to the gang, leaving encrypted data perhaps indefinitely inaccessible.

The disappearance of the website comes at a time of mounting pressure between the US and Russia with regards to the issue of cybercrime, with US President Biden only days ago telling President Putin that the US expect Russian to act on the problem.

When asked as to whether it makes sense for the US to attack servers used by gangs, the US President simply responded, “Yes.”

Iran Targets Academics

An Iranian cyber-espionage campaign has been uncovered in which British-based academics were targeted in a highly sophisticated phishing attack.

With those behind the attack believed to be linked to the Iranian Revolutionary Guards, the campaign targeted fewer than ten organisations, as well as compromising the website of the University of London’s School of Oriental and African Studies.

Discovered by cyber-security company Proofpoint, attackers posed as academics, inviting genuine scholars to an online conference called ‘The US Security Challenges in the Middle East’, prompting them to enter their credentials into the compromised website.

Thought to have been for the purposes of gathering intelligence regarding foreign policy, last month, Lindy Cameron, chief executive of the National Cyber Security Centre (NCSC) warned that Iran was using such tactics to “sabotage and steal” from a range of British organisations.

Sherrod DeGrippo, senior director of threat research at Proofpoint, said of the attack, “Iran has always been very focused on [targeting] academics, scientists, professors and diplomats,” Adding, “This just shows that they are continuing that focus, most likely because it’s been paying off.”

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.

Security Awareness for your Organisation

Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.

Featured

InfoSec Round-Up July 2nd

InfoSec Round-Up July 2nd - Hut Six

Member of public finds Ministry of Defence (MoD) documents. Salvation Army loses data in cyber attack. Denmark's Central Bank affected by SolarWinds hack.

InfoSec Round-Up June 25th

InfoSec Round-Up June 25th - Hut Six

Prolific phishing scammer arrested for 25k SMS messages. Scotland's EPA announces 4 thousand files were stolen. Security icon John McAfee found dead.

InfoSec Round-Up June 11th

InfoSec Round-Up June 11th - Hut Six

New York Time, the Guardian, Reddit and more unavailable. JBS pays $11 million ransom to attackers. FBI created fake end-to-end encrypted chat app.

InfoSec Round-Up June 4th

InfoSec Round-Up June 4th - Hut Six

Meat Supplier JBS grinds to a halt. The ICO fines Conservatives £10K. Swedish Public Health Agency hacked.

InfoSec Round-Up May 28th

InfoSec Round-Up May 28th - Hut Six

UK's ICO fines Amex £90K for marketing emails. Japanese government responds to supply chain attack. Darkside criminal gang strike again.

InfoSec Round-Up May 21st

InfoSec Round-Up May 21st - Hut Six

Fuel supplier pays a huge $4.4 million ransomware to criminals. Russia "unconvincingly" denies involvement with SolarWinds hack. FTC reports $80 million has been lost to scams.

InfoSec Round-Up May 14th

InfoSec Round-Up May 14th - Hut Six

Devastating attack hits Colonial Pipeline fuel supplier. Company criticised for 'unethical' phishing campaign. NSCS warns international cyber criminals.

InfoSec Round-Up May 7th

InfoSec Round-Up May 7th - Hut Six

“Aggressive and Urgent” action against ransomware needed. Romance fraudster steals $113K from victim. Household router flaws leave 6 million vulnerable.

InfoSec Round-Up: April 30th

InfoSec Round-Up: April 30th - Hut Six

Washington DC’s Metro Police Department has lost 250GB of unencrypted data which could be leaked to criminal gangs. Reverb.com exposes personal data of millions of customers. Massive Merseyrail ransomware attack.

InfoSec Round-up: April 23rd

InfoSec Round-up: April 23rd - Hut Six

TikTok Data Lawsuit, Apple Attack & Spy Warning - Infosec Round-Up April 23rd