11TH JAN 2024
11TH JAN 2024Quite a lot of high-profile cyber attacks went down this week. SEC, Fidelity National, and M9Com were all targeted by malign actors.
We cover the details regarding the cybersecurity incidents.
Here's what happened this week:
The U.S. Securities and Exchange Commission (SEC) faced a security breach as its X account was compromised, leading to the issuance of a fabricated announcement regarding the approval of Bitcoin Exchange-Traded Funds (ETFs) on registered national security exchanges. The fraudulent announcement was disseminated through a now-deleted tweet from the compromised SEC X account.
The tweet falsely proclaimed,
The false tweet asserted that the endorsed Bitcoin ETFs would be subject to continuous surveillance and compliance measures to ensure ongoing investor protection. Accompanying the tweet was an image featuring SEC Chairperson Gary Gensler, along with a fabricated quote endorsing the alleged approval.
This misleading information swiftly circulated across various cryptocurrency and mainstream news platforms, causing a brief surge in Bitcoin prices. However, the market correction occurred promptly as it became evident that the announcement was a result of a security breach on the SEC's X account.
In response to the incident, SEC Chairperson Gary Gensler clarified via Twitter, stating:
This acknowledgment aimed to mitigate any confusion arising from the false information, underscoring the breach's unauthorized nature and the subsequent dissemination of misleading details regarding the approval of Bitcoin ETFs.
The hacktivist group 'Blackjack,' supportive of Ukraine, has taken responsibility for a cyberattack directed at the Russian internet services provider, M9com. This action is believed to be direct retaliation for the recent attack on Kyivstar, Ukraine's largest telecommunications service provider, which experienced significant disruptions in mid-December, attributed to Russian hackers.
Blackjack, in an announcement on Telegram earlier this week, declared its successful breach of M9com, a prominent internet service provider (ISP) based in Moscow. The hacktivist group claimed not only to have disrupted M9com's internet services but also to have pilfered confidential data from the company.
The group shared a Tor URL featuring three ZIP archives containing images purportedly demonstrating their access to M9com's systems, texts revealing account credentials of employees and customers, and a substantial 50GB of call data.
Included in the leaked information were screenshots illustrating FTP command executions for server file deletion, wiping data from a backup device, removal of configuration files, the RIPE database, and the billing portal. Additionally, snapshots of the vSphere client and the dashboard for the Resource Public Key Infrastructure (RPKI) were disclosed.
Several text files within the leak contained sensitive information such as:
full names
usernames
email addresses
passwords in clear text
Blackjack appears to have also defaced M9com's official website as part of their operation.
Fidelity National Financial (FNF) has officially verified that a cyberattack in November, attributed to the BlackCat ransomware group, has exposed the data of 1.3 million customers.
FNF, a prominent American title insurance and transaction services provider in the real estate and mortgage sectors, ranks among the largest companies in the United States, boasting an annual revenue exceeding $10 billion, a market capitalization of $13.3 billion, and a workforce exceeding 23,000 employees.
In mid-December, the company disclosed the cyber incident, revealing that threat actors gained access to their network through stolen credentials. Consequently, containment measures were implemented, resulting in the temporary shutdown of certain IT systems and business service disruptions.
In an amended SEC Form 8-K filing made yesterday, Fidelity National Financial confirmed that the cyberattack occurred on November 19, 2023, and was successfully contained within seven days. The filing disclosed that the attackers utilized a non-propagating malware capable of extracting data from the compromised systems.
The subsequent investigation concluded on December 13, 2023, revealing that the intruders had accessed the data of 1.3 million customers.
FNF's SEC filing stated,
The company has since notified affected customers, state attorneys general, and regulators, reaching out to approximately 1.3 million potentially impacted consumers. FNF is offering credit monitoring, web monitoring, and identity theft restoration services, and is actively addressing consumer inquiries.
While not explicitly acknowledged by Fidelity National Financial, the BlackCat (ALPHV) ransomware group had previously claimed responsibility for the attack, showcasing the company on their data leak site.
Check out our previous news reports about cybersecurity happenings around the world:
