Twitter’s latest security incident, ransomware gangs, and state-sponsored hackers have taken over the news this past week. Catch up on all the latest with this week’s Friday Five!

1. TWITTER CONFIRMS ZERO-DAY USED TO EXPOSE DATA OF 5.4 MILLION ACCOUNTS BY LAWRENCE ABRAMS

A threat actor exploited a now-patched zero-day vulnerability, allowing them to create profiles of 5.4 million Twitter users this past December 2021. It’s said the vulnerability allowed anyone to submit an email address or phone number to verify whether or not it was associated with an account, after which the threat actor used the ID to gain a wealth of information, “including a verified phone number or email address, and scraped public information, such as follower counts, screen name, login name, location, profile picture URL, and other information.”

Read more

2. FBI, CISA WARN OVER RANSOMWARE GANG THAT CAN MAKE MILLION DOLLAR DEMANDS BY LIAM TUNG

The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a warning regarding the ransomware gang known as Zeppelin, formerly known as VegaLocker Ransomware. The FBI has found that the gang spends up to two weeks mapping a network looking for cloud storage and network backups before ultimately deploying the malware and is said to have made ransom demands in excess of $1 million. Victims are encouraged to report ransomware incidents to a local FBI Field Office, CISA at us-cert.cisa.gov/report, or the U.S. Secret Service (USSS) at a USSS Field Office.

Read more

3. RESEARCHERS UNCOVER SOPHISTICATED GLOBAL CHINESE HACKING OPERATION BY AJ VICENS

Researchers have claimed that a Chinese hacking group simultaneously used six different backdoors against more than a dozen industrial plants, research institutes, government agencies, and ministries in Belarus, Russia, Ukraine, and Afghanistan. According to the researchers, after gaining entry to the victim organizations through advanced spearphishing, “the attackers used primarily known backdoor malware, as well as standard techniques for lateral movement and antivirus solution evasion. At the same time, they were able to penetrate dozens of enterprises and even take control of the entire IT infrastructure, and IT security solutions of some of the organizations attacked.”

Read more

4. THE US OFFERS A $10 MILLION BOUNTY FOR INTEL ON THE CONTI RANSOMWARE GANG BY MATT BURGESS

For the first time, the U.S. government has identified members of the Conti ransomware gang and is announcing new bounties of up to $10 million for anyone who provides useful information about said members. Specifically, the US State Department agency is asking for information on the hackers going by the names Professor, Reshaev, Tramp, Dandis, and Target. Rewards for Justice has also published an alleged photo of the person believed to be the threat actor known as Target. Read the full story from WIRED to find out more about Conti, why they've become such a big target for the U.S. government, and how this could dissuade people from participating in ransomware operations in the future.

Read more

5. MAUI RANSOMWARE OPERATION LINKED TO NORTH KOREAN 'ANDARIEL' HACKERS BY BILL TOULAS

The Maui ransomware operation, which has most recently been accused of targeting American healthcare organizations, has been linked to the North Korean state-sponsored hacking group 'Andariel,' which became known this past year for targeting South Korean companies in media, construction, manufacturing, and network services. Read the full story from BleepingComputer to find out how Kaspersky was able to make the link between Maui and Andariel and why they attribute it with medium confidence.

Read more