company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO/CTO

DevOps Engineer

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

Rowhammer

Blacksmith

DDR5

loading..
loading..
loading..

Rowhammer Fuzzer dubbed Blacksmith bypasses DRAM defenses

A new fuzzing technique Blacksmith exploits Rowhammer vulnerability in DRAM devices while bypassing existing TRR mitigation methods...

16-Nov-2021
3 min read

Related Articles

loading..

Blockchain

North Korean hackers steal $308M in Bitcoin from DMM Bitcoin using bold cyber ta...

Japanese and U.S. authorities have officially attributed the theft of $308 million in cryptocurrency from the Japan-based cryptocurrency firm, DMM Bitcoin, to North Korean cybercriminals. The incident, which occurred in May 2024, was linked to the TraderTraitor threat activity, also tracked under aliases such as Jade Sleet, UNC4899, and Slow Pisces. _“The theft is affiliated with TraderTraitor threat activity, which is often characterized by targeted social engineering directed at multiple employees of the same company simultaneously,”_ stated the U.S. Federal Bureau of Investigation (FBI), the Department of Defense Cyber Crime Center, and the National Police Agency of Japan in a joint alert. DMM Bitcoin, which recently ceased its operations, suffered one of the largest crypto heists this year. The company’s closure came shortly after the May 2024 attack, raising speculation that the financial and reputational damage from the heist significantly contributed to its decision to shut down. --- ## How the Heist Pulled Off!!! The heist unfolded in three distinct phases, starting with a targeted employee compromise, followed by lateral movement within the organization, and culminating in the large-scale theft of funds. ### Phase 1: Initial Compromise In March 2024, an employee at Ginco, a Japan-based cryptocurrency wallet software company, became the first victim. Threat actors impersonated a recruiter and sent the employee a URL to a malicious Python script hosted on GitHub as part of a purported pre-employment test. The employee, who had access to Ginco’s wallet management system, unknowingly compromised their credentials by copying the malicious Python code to their personal GitHub page. ### Phase 2: Escalation and Lateral Movement By mid-May 2024, the adversaries exploited session cookie information to impersonate the compromised employee. This access allowed them to infiltrate Ginco’s unencrypted communications system, setting the stage for the next phase of the attack. ### Phase 3: Execution of the Heist In late May 2024, the threat actors manipulated a legitimate transaction request from a DMM Bitcoin employee. This led to the unauthorized transfer of 4,502.9 BTC, valued at $308 million at the time. The stolen funds were swiftly moved to TraderTraitor-controlled wallets. --- ## Fund Laundering The blockchain intelligence firm Chainalysis confirmed the involvement of North Korean hackers in the DMM Bitcoin breach. Their analysis revealed that the attackers exploited vulnerabilities in the company’s infrastructure to execute unauthorized withdrawals. The stolen funds were transferred through intermediary addresses and obfuscated using a Bitcoin CoinJoin Mixing Service, which blends transactions to make tracing funds challenging. After mixing, portions of the funds passed through bridging services and were funneled to HuiOne Guarantee, an online marketplace linked to the Cambodian conglomerate HuiOne Group, previously exposed for facilitating cybercrimes. Similar methods have been used in other incidents, like the Axie Infinity hack, where stolen funds were laundered across multiple platforms to evade detection. --- ## What are the Possible Implications The attack highlights the persistent threat posed by North Korean cyber actors, who have consistently targeted the cryptocurrency sector to fund their regime. The use of advanced social engineering techniques and malware underscores the need for organizations to bolster their cybersecurity defenses. Companies should consider implementing multi-factor authentication, conducting regular security training for employees, and monitoring network activity for anomalous behavior to mitigate such risks. Authorities worldwide must remain vigilant, as North Korean cyber actors show no signs of slowing down their targeted campaigns on the cryptocurrency and financial sectors. Organizations should prioritize proactive measures such as implementing zero-trust security frameworks, conducting regular penetration testing, and investing in advanced threat detection systems to mitigate risks effectively.

loading..   24-Dec-2024
loading..   3 min read
loading..

Healthcare

Ascension

Ascension Healthcare suffers massive data breach impacting 5.6 million patients....

**Ascension**, one of the largest private healthcare networks in the U.S., has confirmed that nearly **5.6 million patients and employees** have been affected by a **Black Basta ransomware attack**. The breach, which occurred in **May 2023**, compromised highly sensitive personal and health-related information, sparking alarm across the healthcare industry. ### **What Happened? The Black Basta Cyberattack Explained** On **May 8, 2023**, Ascension detected unauthorized activity on its systems, which triggered an immediate investigation. According to official reports, the cyberattack resulted from an employee mistakenly downloading a malicious file onto a company device, thereby enabling the ransomware attack. While Ascension was quick to respond, the attack crippled its **MyChart electronic health records system**, halting operations and forcing the healthcare system to temporarily switch to manual records. Some **non-emergent procedures, tests, and appointments** were paused, and emergency medical services had to be redirected to prevent triage delays. --- ## **Critical Data Compromised: Personal, Medical, and Financial Information Exposed** The cyberattack has exposed a wide range of sensitive information, affecting nearly **5.6 million individuals**. The compromised data includes: - **Medical information**: Record numbers, service dates, and procedure codes - **Payment details**: Credit card and bank account information - **Insurance data**: Medicaid/Medicare IDs, policy numbers, and claims - **Government IDs**: Social Security numbers, tax IDs, driver’s licenses, and passports - **Personal information**: Names, addresses, and dates of birth This data breach represents a significant threat to personal security, making affected individuals vulnerable to identity theft, financial fraud, and medical identity theft. --- ## **Ascension’s Response: Free Identity Theft Protection and More** In a bid to mitigate the damage, Ascension is offering **24 months of free identity theft protection services** to the 5.6 million affected individuals. The company has partnered with **IDX**, a leading identity theft protection service, which will provide **CyberScan monitoring** and a **$1 million insurance reimbursement policy**. ### **Law Enforcement Involvement: CISA, FBI, and Cybersecurity Experts Engaged** Ascension promptly notified key **law enforcement** agencies, including the **FBI** and **CISA**, about the breach. The company’s internal investigation, supported by top cybersecurity experts, revealed the depth of the compromise, confirming the involvement of **Black Basta**, a notorious ransomware group that has accelerated attacks against the healthcare sector. --- ## **Black Basta Cybercrime Gang: Who They Really Are?** Black Basta, which first emerged in **April 2022**, has rapidly become one of the most dangerous and profitable ransomware operations. Known for targeting high-profile organizations worldwide, this cybercrime group has successfully breached several major companies, including: - **Rheinmetall** (German defense contractor) - **Capita** (UK-based outsourcing giant) - **ABB** (U.S. government contractor) - **Toronto Public Library** According to joint research from **Elliptic** and **Corvus Insurance**, Black Basta has raked in over **$100 million** from more than 90 victims until November 2023, and it continues to pose a significant threat to the healthcare sector. ## **A Staggering Healthcare Crisis** This breach highlights the escalating **cybersecurity risks** faced by healthcare systems, which store massive amounts of personal and sensitive data. Experts warn that the **Black Basta ransomware group** could target more healthcare institutions, amplifying the need for enhanced cybersecurity measures across the sector. As ransomware gangs like **Black Basta** continue to evolve and target healthcare networks, institutions must prioritize **cyber resilience** and data protection protocols to safeguard patient and employee data from future attacks. ### **What’s Next for Ascension?** While Ascension has already started notifying affected individuals and offering identity protection, the road to recovery will be long. The healthcare system has vowed to bolster its cybersecurity defenses to prevent future breaches and protect its vast network of patients and employees.

loading..   20-Dec-2024
loading..   3 min read