Cybersecurity
Incident Report
JUNE 2024
JUNE 2024
TeamViewer, a leading provider of remote access tools, has confirmed that its corporate network is currently under a cyberattack. The company has identified the attackers as a government-backed Russian intelligence group known as APT29.
Source: Tech Crunch Date: June 28, 2024
The polyfill.io domain, which offers JavaScript code to add functionality to older browsers, has been compromised and is infecting over 100,000 websites with malware. The domain was purchased by a Chinese organization earlier this year.
Source: The Register Date: June 26, 2024
CoinStats, a crypto portfolio app with 1.5 million users, experienced a significant security breach affecting 1,590 cryptocurrency wallets. North Korean threat actors are suspected to be behind the attack.
Source: Bleeping Computer Date: June 24, 2024
Poland suspects Russian hackers were behind the recent DDoS attack on TVP's online broadcast of the Euro 2024 soccer tournament during Poland's match against the Netherlands.
Source: The Record Date: June 21, 2024
The exact motive behind the intrusions is unknown, but it is speculated that the attackers may have been gathering intelligence, eavesdropping, or attempting to disrupt critical infrastructure.
Source: The Hacker News Date: June 20, 2024
The attackers utilize new binaries, including chkstart, exeremo, and vurld, along with a persistence mechanism that modifies systemd services. Analysis suggests a link between this campaign and Spinning YARN.
Source: Datadog Date: June 17, 2024
Cybersecurity researchers have warned of an ongoing cryptojacking campaign targeting misconfigured Kubernetes clusters to mine Dero cryptocurrency. The campaign is an updated variant of a financially motivated operation first reported in March 2023.
Source: Wiz Date: June 14, 2024
DeFi platform UwU Lend has offered to negotiate with the hacker responsible for stealing $20 million worth of ETH. The company paused operations and launched an investigation after several blockchain security firms reported the theft.
Source: The Record Date: June 12, 2024
Cloudflare has detected and mitigated multiple DDoS attack waves on election-related sites and political parties in the Netherlands. The attacks peaked at 115 million and 44 million requests per hour, respectively.
Source: Bleeping Computer Date: June 11, 2024
Threat actors are impersonating GitHub's security and recruitment teams in phishing attacks. They hijack repositories using malicious OAuth apps, wiping compromised repos as part of an ongoing extortion campaign.
Source: Bleeping Computer Date: June 11, 2024
The attack utilizes Docker images from the open-source Commando project. The attackers use the cmd.cat/chattr image to gain initial access to the server and employ techniques like chroot and volume binding to access the host system.
Source: Trend Micro Date: June 6, 2024
The attackers successfully stole numerous files and emails, including strategic documents related to the South China Sea, a territory contested by the victim government and China.
Source: Dark Reading Date: June 5, 2024
In the latest campaign, observed in April by researchers at the cybersecurity firm Cyble, the hackers sent their targets phishing emails with an attachment that contained drone image files and a malicious Microsoft Excel spreadsheet.
Source: The Record Date: June 5, 2024
The Japanese cryptocurrency exchange DMM Bitcoin announced that crooks stole 4,502.9 Bitcoin (BTC), approximately $304 million (48.2 billion yen), from its wallets. The company assured that the customers’ BTC deposits will be fully guaranteed.
Source: Security Affairs Date: June 3, 2024
The recent wave of cyberattacks highlights the evolving tactics and increasing sophistication of threat actors worldwide. These incidents, ranging from targeted attacks on corporate networks and cryptocurrency platforms to nation-state cyber espionage, underscore the pervasive nature of cyber threats. TeamViewer's breach by the Russian APT29 group exemplifies the persistent threat posed by government-backed actors seeking to infiltrate critical infrastructure. Similarly, the compromise of the polyfill.io domain and its subsequent malware distribution to over 100,000 websites showcases the vulnerability of supply chains to cyber exploitation. North Korean hackers’ breach of 1,590 crypto wallets at CoinStats and the significant theft from the UwU Lend DeFi platform underscore the financial motivations driving many cybercriminal activities. These incidents not only result in substantial financial losses but also erode user trust in digital financial platforms. The disruption of Euro 2024 broadcasts by suspected Russian hackers and the targeted attacks on Asian telecom operators by Chinese cyber espionage groups illustrate the geopolitical dimensions of cyberattacks. Such incidents often aim to gather intelligence or disrupt critical national infrastructure, posing significant challenges to national security. Furthermore, the rise in cryptojacking campaigns, such as those targeting Kubernetes clusters for Dero mining and Docker APIs, indicates a shift towards more covert and financially motivated attacks. These campaigns adopt new techniques to evade detection, demonstrating the constant adaptation of cybercriminals. I n conclusion, the diversity and scale of these cyber incidents emphasize the urgent need for robust cybersecurity measures, international cooperation, and continuous vigilance to protect against a wide array of cyber threats. Organizations must prioritize security, adopt best practices, and stay informed about emerging threats to safeguard their assets and maintain operational integrity.