This week was punctuated by cyber-attacks in various countries in the Middle East, the Netherlands, and Finland. We take a look at these developments that have got cybersecurity researchers talking.

Cybersecurity News Roundup

The International Criminal Court (ICC) revealed it was hit by a cyberattack on Tuesday. The attack happened after its systems had been breached.

The Dutch authorities and ICC are investigating the incident. No information has been disclosed regarding the nature and extent of the cyber attacks faced by the international tribunal.

ICC spokesperson released the following statement regarding the attack:

The International Court of Justice is an international tribunal that deals with the gravest crimes that impact the larger international community. It investigates and prosecutes offenses like genocide and war crimes.

A dark web marketplace serving as a front for illegal narcotics trade since 2022 has been taken down in Finland.

Finnish authorities revealed that the PILOPUOTI marketplace, which operated as a “hidden service in the encrypted TOR network,” is no more. Details about any arrests have not been released so far.

According to Finnish customs, drugs from the site were smuggled to Finland from other places. Law enforcement authorities have partnered with Germany and Lithuania to launch a criminal investigation into its origins.

Romanian cybersec firm Bitdefender also aided in the seizure of PILOPUOTI.

In a shocking development, the HTTPSnoop backdoor has reportedly targeted several telecom operators across the Middle East. This backdoor is part of the new intrusion set ShroudedSnooper, allowing threat actors to snoop into conversations on infected devices.

According to researchers from cybersecurity firm Cisco Talos:

"HTTPSnoop is a simple, yet effective, backdoor that consists of novel techniques to interface with Windows HTTP kernel drivers and devices to listen to incoming requests for specific HTTP(S) URLs and execute that content on the infected endpoint."

Reports state that the ShroudedSnooper exploit infects internet-facing servers, deploying the HTTSnoop payload to gain access to target environments. The malware strain then impersonates Palo Alto Network’s Cortex XDR application to evade detection.