X verified accounts hack and SpectralBlur macOS malware
Hackers hijack high-profile verified accounts on X for crypto scams, new SpectralBlur macOS malware allows for remote takeover and 23andMe’s victim-blaming stance. Catch all this and more in this week’s edition of Cybersecurity Weekly.
Should you pay the ransom?
1. Hackers hijack official business and govt accounts on X for crypto scams
Cybersecurity researchers recently discovered an alarming trend where hackers target business and govt X accounts to run cryptocurrency scams. Google subsidiary Mandiant is a recent example, with hackers taking over its account to distribute a fake airdrop that emptied cryptocurrency wallets. Accounts with gold and grey checkmarks are the prime targets for cybercriminals due to their perceived reputation and trustworthiness.
2. New SpectralBlur macOS malware allows for remote takeover by hackers
SecurityWeek reports that hackers are targeting high-end MacBooks with a new macOS backdoor labeled SpectralBlur. Identified by Proofpoint's Greg Lesnewich, this malware allows remote execution of commands like file management and system hibernation. Alarmingly, it has been undetected since its upload last year and bears similarities to North Korean hacking group Lazarus’ backdoor. This led researchers to conclude that North Korea is ramping up its attacks against high-value targets, with macOS devices serving as a gateway to sensitive corporate and government data.
3. 23andMe blames victims for recent data breach
TechCrunch reports that 23andMe is blaming its users for a massive data breach impacting 6.9 million users. The breach began with hackers accessing 14,000 accounts through reused passwords. Despite this, 23andMe insists on user negligence. Facing over 30 lawsuits, the company has updated its terms to deter collective legal actions and implemented mandatory multi-factor authentication for enhanced security.
4. Hacker sells Zeppelin ransomware source for $500 on hacking forum
A cybercriminal known as RET announced on a forum the sale of Zeppelin ransomware source code and a cracked builder for $500. While not the author, RET claims to have cracked a builder version of this malware. The sale could lead to new ransomware-as-a-service operations or the development of new Zeppelin family variants. Despite previously found flaws in Zeppelin's encryption, this development raises concerns about new cyber threats.
5. Hackers spoof Orange Spain RIPE account to misconfigure BGP routing
A hacker disrupted Orange Spain's internet service on January 3 by hijacking its BGP traffic through RIPE, the agency that manages IP address allocation. Orange Spain reported on X that the breach affected browsing but not personal data. In response, RIPE has urged users to update passwords and enable two-factor authentication to prevent future incidents.
See Infosec IQ in action