SandWorm
Ransomware
Russia
Sandworm, an infamous Russian military threat group, has been connected to a new...
Sandworm, an infamous Russian military threat group, has been connected to a new wave of ransomware attacks against businesses across Ukraine. It was discovered on Monday by Slovakian software firm ESET dubbed as RansomBoggs. Researchers said that the ransomware program developed on .NET is novel, its dissemination is comparable to earlier attacks linked to Sandworm.According to the report, _"a PowerShell script used to disseminate the.NET ransomware from the domain controller is almost identical to one spotted last April during the Industroyer2 attacks on the energy industry."_In March, devastating malware known as CaddyWiper was delivered in attacks against Ukrainian organizations using the same PowerShell script, POWERGAP, that was used to distribute RansomBoggs payloads on the networks of its victims.After being transmitted over a victim's network, RansomBoggs uses a random key (created randomly, RSA encrypted, and written to aes.bin) to encrypt files and appends a.chsch extension to all encrypted files.The RSA public key may either be hardcoded in the virus or sent as an input, depending on the attack version.In addition to encrypting files, the ransomware also leaves ransom letters in the name of James P. Sullivan (the protagonist of the Monsters, Inc. film), with other allusions to the film hidden inside the malware's code.A message from RansomBoggs demanding paymentIn other words, RansomBoggs has left a ransom letter (ESET)Additionally, Microsoft earlier this month connected the Sandworm cyber-espionage gang (tracked by Redmond as IRIDIUM) to the Prestige ransomware attacks against transportation and logistics businesses in Ukraine and Poland since October.According to MSTIC, "The Prestige campaign may indicate a calculated change in IRIDIUM's destructive assault calculus," which means that there is a greater danger for those who provide or transport help to Ukraine.More generally, it might pose a threat to Eastern European groups that the Russian government sees as giving war support.Before the Cyclops Blink botnet was disrupted in February, a joint security alert released by U.S. and U.K. cybersecurity organizations had already linked it to a Russian military threat cell.Unit 74455 of the Russian GRU's Main Center for Special Technologies is said to be home to Sandworm, an elite gang of Russian hackers who have been active for at least two decades (GTsST).Previous research has connected them to attacks that resulted in the KillDisk wiper attacks against Ukrainian banks and the Ukrainian blackouts of 2015 and 2016It's suspected that the NotPetya ransomware, which began causing billions in damages in June 2017, was also created by Sandworm.In October 2020, the United States Department of Justice filed charges against six operatives of the organization for coordinating hacking activities related to the NotPetya ransomware outbreak, the PyeongChang 2018 Olympic Winter Games, and the 2017 French elections.
26-Nov-2022
3
min read
Data Leak
WhatsApp Database Leak Puts Nearly 500 Million Active Users At Risk: Mobile Numb...
A threat actor reportedly claimed to be offering a 2022 version of an updated database consisting of 487 million WhatsApp users' phone numbers appearing in a malicious advertisement flashing over underground hacking forums.The collection allegedly includes details across 84 nations, including more than 32 million American WhatsApp users.While Egyptians (45 million), Italians (35 million), Saudis (29 million), French (20 million), and Turks (15 million) all have a significant representation distributed globally. In addition, approximately 11 million Britishers and over 10 million Russian phone numbers are included in this dataset which is now up for sale.According to [Cybernews](https://cybernews.com/news/whatsapp-data-leak/), who first brought this to limelight stated that the threat actor behind this has been selling the US dataset only for $7,000, whereas the German dataset is for $2,000 and the UK dataset for $2,500.***Screenshot of WhatsApp's leaking advertisement***Security researchers have managed to obtain a subset of WhatsApp's database, which includes a combined sample of 1914 from British and American users, upon verifying it was even confirmed that all these numbers belong to active WhatsApp users. it was obvious to see that the seller refused to elaborate much on how they got this.Meanwhile, they have also informed WhatsApp about this incident however, we are yet to see any substantial update on that lately.[Meta](https://www.secureblink.com/cyber-security-news/russian-news-spoofing-campaign-spreading-rumors-taken-down-by-meta), which has been under heavy questions for allowing data scraping and collection by third parties, had over 533 million user details leaked into an anonymous forum. To all intents and purposes, the actor was giving out the dataset for free.A dataset composed of information allegedly stolen from 500 million [LinkedIn accounts](https://www.secureblink.com/cyber-security-news/linkedin-suffered-yet-another-massive-data-breach-exposing-700m-users-data-on-dark-web) was offered for sale on a well-known hacker site only days after a large [Facebook data breach](https://www.secureblink.com/cyber-security-news/millions-generated-luring-facebook-users-by-a-massive-phishing-attack) made the news.Cybernews security research team leader Mantas Sasnauskas stated, _" In this era, we all leave an extensive digital footprint, and IT giants like Meta should take all procedures and methods to preserve that data."_We need to consider whether including the phrase _"scraping or platform abuse is not authorized"_ in the T&Cs will really suffice. Threat actors are least bothered to care about such sensitive details, thus, it becomes highly imperative to imply certain preventive measures to minimize the underlying risks.
25-Nov-2022
3
min read
RansomExx2
RUST
RansomExx ransomware operators recently introduced a new variant RansomExx2 base...
RansomExx ransomware has become the latest group to adopt a variant in the [Rust programming](https://www.rust-lang.org/) language, according to IBM Security X-Force Threat researchers.Charlotte Hammond, a malware reverse engineer for IBM Security X-Force, said that development was important because antivirus detection accuracy tends to be comparatively lower for Rust-compiled malware, making it easier to slip past defenses._âWhile switching languages may sound like a minor thing, itâs not a trivial exercise. Theyâre not just updating their existing code base; theyâre recreating it from scratch in a completely new language with a completely different syntax and set of libraries. Itâs likely to be a language that their developers are less familiar with too, which will also add to the time and effort required,â_ further added by Hammond. _âIn cases like this one, the group already has an existing and well-established piece of ransomware, yet they have decided that the benefits of the switch are worth the effort.â_IBM security researchers have mentioned that the sample analyzed for preparing this report was not flagged as malicious in the VirusTotal platform for at least two weeks following its initial submission. Although the new sample is still only detected by 14 out of the 60+ AV providers represented in the platform, the researchers found.The developers behind RansomExx also created the [PyXie malware](https://exchange.xforce.ibmcloud.com/threat-group/guid:c8db890b58426ae95f574172f5bc155f), Vatet loader, and Defray ransomware strains, IBM explained.The new variant, which goes by the moniker RansomExx2, is built to run on the Linux operating system, but IBM noted that the group typically creates versions for Windows as well.Emsisoft ransomware expert Brett Callow said many other ransomware groups are using Rust, and IBM added that many other ransomware groups had created their own Rust variants, including high-profile gangs like [BlackCat](https://www.secureblink.com/cyber-security-news/moncler-group-becomes-the-first-victim-of-alphv-(blackcat)-raas-following-the-data-leak), [Hive](https://www.secureblink.com/cyber-security-news/hive-ransomware-infiltrated-rompetrol-network-crippling-its-operations-for-dollar2million-ransom), and Zeon._âThe Rust programming language has been steadily increasing in popularity among malware developers over the course of the past year, thanks to its cross-platform support and low AV detection rates,â_ the researchers said._âLike the Go programming language, which has experienced a similar surge in usage by threat actors over the past few years, Rustâs compilation process also results in more complex binaries that can be more time-consuming to analyze for reverse engineers.â_Hammond added that the lower antivirus detection rates are the main reason most groups are gradually inclining towards languages like Rust, explaining that every additional target that they can successfully execute the ransomware on without it being detected and quarantined by AV represents another possible source of income.The lower AV detection rates for Rust binaries can likely be explained by the language being much less commonly used, so AV vendors will have fewer signatures for it and less available samples to train their detection applications with, Hammond explained_âIf the Rust language continues to be adopted by malware developers, then this will eventually change as AV vendors will start increasing their abilities to detect it, so its advantages compared to other languages will lessen. At that point, we may see malware developers shift and experiment with different languages instead,â_._âItâs for this reason as well that itâs important to highlight these language changes when they arise. Raising awareness of the fact that more groups are adopting a new language will hopefully encourage security teams to research the matter and ensure they have the capabilities to detect and defend against it.â_While trends did not last for unknown reasons, it is worth mentioning that many have switched to Rust as the programming language of choice for ransomware groups.
25-Nov-2022
4
min read
FAQs
Did GTA 6 source code got leaked? âș
Back in September, videos and screenshots from the yet-to-be-revealed Grand Theft Auto 6 leaked online. It was suspected that source code from GTA5 was stolen at the same time. Rockstar then acknowledged the leak, stating it suffered a "network intrusion".
Is GTA 6 being worked on? Yes, Grand Theft Auto 6 was officially announced by Rockstar Games in February 2022 and is in active development.
Who leaked GTA six? âșOn September 18, 2022, at 4:26 a.m., a user on GTAForums referring to themselves as teapotuberhacker posted nearly 100 videos totaling 50 minutes of footage from Rockstar Games' highly anticipated Grand Theft Auto 6.
Rockstar Games later made a statement via Twitter. It said that Rockstar had suffered a ânetwork intrusionâ which had allowed an unauthorized third party to "illegally access and download confidential information form [its] systemsâ, including the leaked GTA 6 footage.
How did GTA vi get leaked? âșThe footage was put on the GTAForums site by a user called teapotuberhacker. The hacker claimed to have gained access to the data by breaching Rockstar's internal feed on the Slack messaging app, and invited executives to negotiate to avoid further leaks.
Whether exposed or stolen, leaked source code may not only give your competitors an edge in developing new products, but also allow hackers to exploit its vulnerabilities.
What did Rockstar say about GTA 6 leak? âșRockstar Games has publicly commented on this weekend's huge leak of Grand Theft Auto 6 footage. In a statement published on its social channels, the company said it was âextremely disappointedâ to have details on the game shared in this way, and claimed that the leak would not delay the project.
...
Rockstar Games Release Timeline.
| Title | Release Date |
|---|---|
| GTA: The Trilogy â The Definitive Edition | November 11, 2021 |
Grand Theft Auto 6 will have a female playable character, according to a report published by Bloomberg (opens in new tab).
Devin Weston is one of the two main antagonists (alongside Steve Haines) of the 2013 video game Grand Theft Auto V. He is an influential billionaire and a self-serving business tycoon who ran numerous enterprises in the fictional city of Los Santos, many of which include illicit activities.
Who is CJ's bestfriend? âș
Cesar is Kendl's boyfriend and leader of the hispanic street gang, Varrios Los Aztecas. At first, CJ does have some difficulties with him, but later he becomes CJ's best friend.
Herwin Bronthson (1969-determinant) is a central character and one of the seven playable characters who later became the main antagonist in Grand Theft Auto VI. He is the United States Secretary Of Defense and the benefactor of the National Office Of Security Enforcement.
Can Rockstar ban you for no reason? âșGTA Online bans are triggered by a number of factors, including modding in GTA Online, exploiting or abusing game mechanics, manipulating protected game data and code, or otherwise interfering with other players' gameplay experience. All GTA Online suspension and banning decisions are final and may not be appealed.
It is important to note that it is not possible for a hacker to get your IP address through the game client. The most likely way for someone to gain this information is via contacts you make outside the game.
Who hacked Rockstar? âșKevin Poireault Reporter, Infosecurity Magazine. Threat actor Lapsus$ is now seemingly responsible for hacking gaming giant Rockstar Games after targeting mega-brands like Microsoft, Cisco, Samsung, Nvidia, Okta and probably Uber.
Last weekend, someone hacked Rockstar Games and leaked over 90 videos of the still-in-development Grand Theft Auto 6. Now, the City of London Police in the United Kingdom reportedly arrested the 17-year-old individual responsible for the hack.
When did the GTA 6 leak happen? âșThe gaming community awoke the morning of September 18 to an unprecedented leak concerning the upcoming Grand Theft Auto 6. The now-confirmed leak contains more than 90 videos of the still-in-development title.
The tsunami mod in GTA 5 submerges the whole city of Los Santos. There are huge waves that hit against the buildings and players can swim around the whole city while all the vehicles float around in the water. Before the setup, players need to download Open IV, scripthookV.
Is leaking source code illegal? âșIt depends on the importance of the source code. If that source code can be used to undermine the company's competitive standing and can be traced back to their sources, it would be Corporate theft of intellectual property and possibly patent infringement.
| Title | Original release | Source code found or leaked |
|---|---|---|
| Counter-Strike: Global Offensive | 2012 | 2020 |
| Cybermorph | 1993 | 2014 |
| Cyberpunk 2077 | 2020 | 2021 |
| Dark Chambers | 1988 | 2008 |
Can source code be hacked? âș
Your source code is vulnerable, here's what hackers are looking for - BluBracket: Code Security & Secret Detection.
On Monday, an 18-year-old hacker by the name of "teapotuberhacker" allegedly breached Rockstar Games' Slack messages, stealing over 90 videos of an upcoming game that had yet to be announced. That project? Grand Theft Auto VIâonly one of the most anticipated titles of the last 10 years.
How many GB is GTA 5? âșGTA 5 Pc game. Download Link Only. Game is around 37 GB and you have to download it own.
Grand Theft Auto 5 has an explosive finale for protagonists Michael, Franklin, and Trevor, and it features the most satisfying ending in the series. Grand Theft Auto 5 is not only the biggest game in the series, but it also has the best ending to any GTA game by far.
Will GTA 6 have realistic graphics? âșAccording to leaker Tez2 (via Dexerto), GTA VI is aiming for photorealism which isn't wholly unsurprising. The Grand Theft Auto franchise has always opted for a fairly realistic look, as far as technology has allowed anyway.
11/11 Franklin Clinton
Franklin is the youngest of the main protagonists in Grand Theft Auto 5 and arguably the most sympathetic. Born sometime in 1988, he went through a rough childhood with an absent father and drug-addicted mother.
At the time of writing, there are no official ways to change your character gender in GTA Online. The moment you leave the game's character creation menu â where you must choose male or female â your choice of gender will be locked in.
Grand Theft Auto is a game which parodies and simulates gang and criminal activity into a sandbox style video game. CJ, a black man, is the main playable character of his game, allowing players to take control of the black body to steal cars, assault people, and defy the police.
Who voiced Tenpenny? âșOfficer Tenpenny (GTA: San Andreas) Voiced by the legendary Samuel L. Jackson, Officer Frank Tenpenny was Grand Theft Auto's greatest villain. In .
Tenpenny wanted CJ to do his dirty work
Tenpenny and CJ seem to already know each other on a first name basis. This implies that the two met before the events of GTA San Andreas. By the time CJ returns, Tenpenny already has plans for him. He sees the Grove Street member as nothing more than an unwilling pawn.
How many girlfriends can CJ have in GTA San Andreas? âș
Girlfriends in GTA San Andreas girlfriends explained
In Grand Theft Auto: San Andreas, there are six possible girlfriends for CJ to date, with two of them becoming girlfriends through the storyline.
To get a girlfriend in Grand Theft Auto: San Andreas, you'll first need to complete the C.R.A.S.H mission Burning Desire. In the level, CJ will rescue a woman named Denise from a house fire. Shortly after, she'll become CJ's girlfriend and act as something of a tutorial for the game's dating mechanics.
Is the main character in GTA 6 a girl? âșThere will be a female protagonist
The game will feature a playable female protagonist for the first time, according to people familiar with the matter. The woman is Latina and will be one of a pair of leading characters in a story influenced by the bank robbers Bonnie and Clyde.
The game's protagonist, Niko Bellic, with the main antagonist, Dimitri Rascalov.
Who is the leader of the Ballas GTA 5? âș| Expand v âą d âą e Grove Street Families (3D Universe) | |
|---|---|
| Leader | Sean "Sweet" Johnson |
| Members | Carl Johnson (underboss) | Big Smoke â (lieutenant, formerly) | Ryder â (lieutenant; formerly) | OG Loc | B Dup (formerly) | Big Bear | Emmet | Big Devil â | Little Devil â | Tony â | Dope |
Getting banned in GTA Online: What to expect
The first ban (if the player only deserves a suspension) will last for 30 days. However, it's worth noting that they will lose all progress on that account. Their levels, properties, and inventory will be completely wiped out, except for some money released by Shark Cards.
Most of the time, players get a 30-day ban. But the most wretched part about this temporary suspension is that Rockstar Games will reset all of the progress, items, and properties that players have with the character they got suspended with, except for shark cards they bought.
Players must be aware that a ban can either be temporary or permanent, depending on its severity. They only get one chance before their account is permanently banned for good. Appeals are highly unlikely to work, so players should accept that their account is as good as gone once the second strike happens.
How do hackers find your location? âșThat is because internet service providers and routers have firewalls. However, hackers who obtain your IP address can get ahold of some very valuable information about you, including your city, state, and ZIP code. With this location data, hackers can find out other personal information about you.
- Use a proxy. Proxy or a proxy server has its own IP address and acts as an intermediary between you and the internet. ...
- Use a VPN. VPN stands for Virtual Private Network, and this is the most common way to hide your IP address. ...
- Use TOR. ...
- Use mobile network. ...
- Connect to public Wi-Fi.
How do hackers grab your IP? âș
Phishing attacks: Responding to phishing attacks or clicking on bogus links can make your IP address vulnerable to hackers. Online ads: A link doesn't have to be phony for it to collect your IP address. Even legitimate ads may record this information if you click on them.
In a statement posted to Twitter, Rockstar said: âWe recently suffered a network intrusion in which an unauthorised third party illegally accessed and downloaded confidential information from our systems, including early development footage for the next Grand Theft Auto.
What was GTA V coded in? âșGTA V or any other game doesn't use any programming language directly as such for the development. They use Game engines ( may be using programming languages like C / C++ and Java) such as CryEngine, Unreal engine, Unity, custome game engines to make the games.
GTA 6 will use the RAGE 9 engine, which supports up to 16K textures. The graphics will be revolutionary, especially in terms of environmental effects.
Is GTA 6 ever getting released? âșGTA 6 Release Date: When is GTA 6 Coming Out? Rockstar Games, the developer of the Grand Theft Auto franchise, first confirmed that the ânext entry in the Grand Theft Auto series is well underwayâ in February 2022 via an official Newswire post.
Rockstar Games has publicly commented on this weekend's huge leak of Grand Theft Auto 6 footage. In a statement published on its social channels, the company said it was âextremely disappointedâ to have details on the game shared in this way, and claimed that the leak would not delay the project.
Is GTA a crime? âșGrand theft auto, or stealing an automobile or other vehicle, is a felony in most states. A person who commits grand theft auto can face years in prison and stiff fines. The laws in each state are different, and while many states' laws contain similar elements of the crime, penalties vary considerably.
C++ is known to be one of the most difficult programming languages to learn over other popular languages like Python and Java. C++ is hard to learn because of its multi-paradigm nature and more advanced syntax.
Does Rockstar Games use C++? âșMicrosoft: Lots of windows apps that you regularly use are written in C++, It features tools for developing and debugging C++ code, especially code written for the DirectX, Windows API, and . NET. Rockstar Games: Almost all major game companies use C++ due to its right speed on bare metal.
In what language is GTA written? GTA V or any other game doesn't use any programming language directly as such for the development. They use Game engines ( made using programming languages like C / C++ and Java) such as CryEngine, Unreal engine, Unity, custome game engines to make the games.
Does NASA use Unreal engine? âș
NASA, in collaboration with Buendea, developed XOSS using Epic Games' Unreal Engine 5.
The hardware requirements for developing games and apps through Unreal Engine 5 is a good CPU with at least 6 cores and a clock higher than 3 GHz, to ensure smooth software operations and speedy compilation. Also, you need a good and compatible GPU and RAM size of at least 16 GBs.
Can I play GTA 6 without graphics card? âșThe minimum RAM requirement for GTA 6 is 8 GB, but 16 GB will be recommended. Provided that you have at least an NVIDIA GeForce GTX 1660 graphics card you can play the game, but an NVIDIA GeForce RTX 2070 or better will be recommended.
So the $2 billion could be the entire budget for GTA 6, which would easily make it the most expensive video game ever. Seems a bit high, since the highest reported budgets are Star Citizen with around half a billion dollars and Cyberpunk 2077 with $317 million.
What country will GTA 6 be in? âșThe upcoming GTA 6 will return the series to Vice City and feature a number of Caribbean islands. According to Bloomberg reporter Jason Schreier, GTA 6 will be set in a fictional version of Miami, namely Vice Cityâthe setting of earlier games in the series.
In August 2022, Rockstar's parent company Take-Two Interactive reaffirmed that GTA 6 development is "well underway" as part of the company's financial results report.