"The Anonymous declaration of cyberwar was a top news story despite no evidence," writes cybersecurity specialist Jeremiah Fowler (an American who worked in Kyiv for the last 10 years — until fleeing in February to Poland). To investigate, Fowler performed a random sampling of 100 exposed Russian databases — and discovered that 92 of them had indeed been compromised. "Anti-Russian hackers used a similar script to the infamous 'MeowBot' that changed the name of folders and deleted the contents of the files. " (For example, renaming the folders to "putin_stop_this_war".)

And that was just the beginning, reports CNBC: Anonymous has claimed to have hacked over 2,500 Russian and Belarusian sites, said Fowler. In some instances, stolen data was leaked online, he said, in amounts so large it will take years to review. "The biggest development would be the overall massive number of records taken, encrypted or dumped online," said Fowler. Shmuel Gihon, a security researcher at the threat intelligence company Cyberint, agreed that amount of leaked data is "massive."

"We currently don't even know what to do with all this information, because it's something that we haven't expected to have in such a short period of time," he said....

The more immediate outcome of the hacks, Fowler and Gihon agreed, is that Russia's cybersecurity defenses have been revealed as being far weaker than previously thought.
Fowler's report argues that Anonymous has "rewritten the rules of how a crowdsourced modern cyberwar is conducted" — with the group also offering penetration testing to Ukraine, "finding vulnerabilities before Russia could exploit them." But in addition, Fowler writes, Anonymous's efforts have also "transformed into a larger operation that spread far beyond the Russian government, companies, or organizations, and included an information campaign aimed at Russian citizens."

Some examples: Hacking Printers — Russian censorship has blocked many inside the country from knowing the true scale of the war and Russian losses. Anonymous hacked printers across Russia and printed uncensored facts or anti-propaganda and pro-ukrainian messages. The group claims to have printed over 100,000 documents. This also includes barcode printers at grocery stores where prices were changed and product names were changed to anti-war or pro-Ukrainian slogans....

RoboDial, SMS, and Email Spam — Almost everyone on earth has received some form of spam in the form of a phone call, text, or email message. These usually try to sell a service or scam victims out of money. Now this same technology has been used to bypass Russian censorship and inform citizens of news and messages they are forbidden to learn on state sponsored propaganda channels. Anonymous affiliated Squad303 claimed to have sent over 100 million messages to Russian devices.

"Jacob Wayne John Keen, now 24, was 15 years old and living in his mother's rental when he allegedly created a sophisticated spyware tool known as a remote access trojan that allowed users to remotely take control of their victims' computers," reports the Guardian.

Once installed it could be used to steal victims' personal information, spy on them via webcams and microphones and track what they typed into emails or documents. Keen allegedly sold the tool for $35 on a hacking forum, making between $300,000 and $400,000 by selling it to more than 14,500 people in 128 countries....

Keen was slapped with six charges earlier in July, and is due to appear at Brisbane's magistrates court next month. His mother, 42, has also been charged with allegedly dealing in the proceeds of crime.

A global investigation involving more than a dozen law enforcement agencies across Europe led to 85 search warrants being executed around the world, with 434 devices seized and 13 people arrested for using the malware for "alleged criminality".
Among the tool's 14,500 users were a "statistically high" proportion of domestic violence perpetrators (and at least one child sex offender), according to the Australian federal police, who believe there were ultimately "tens of thousands" of victims globally.

Slashdot reader Bruce66423 suggests an appropriate punishment would be sentencing Keen to work for spy agencies.

The source code for an information-stealing malware coded in Rust has been released for free on hacking forums, with security analysts already reporting that the malware is actively used in attacks. BleepingComputer reports: The malware, which the author claims to have developed in just six hours, is quite stealthy, with VirusTotal returning a detection rate of around 22%. As the info-stealer is written in Rust, a cross-platform language, it allows threat actors to target multiple operating systems. However, in its current form, the new info-stealer only targets Windows operating systems.

Analysts at cybersecurity firm Cyble, who sampled the new info-stealer and named it "Luca Stealer," report that the malware comes with standard capabilities for this type of malware. When executed, the malware attempts to steal data from thirty Chromium-based web browsers, where it will steal stored credit cards, login credentials, and cookies. The stealer also targets a range of "cold" cryptocurrency and "hot" wallet browser addons, Steam accounts, Discord tokens, Ubisoft Play, and more. Where Luca Stealer stands out against other info-stealers is the focus on password manager browser addons, stealing the locally stored data for 17 applications of this kind. In addition to targeting applications, Luca also captures screenshots and saves them as a .png file, and performs a "whoami" to profile the host system and send the details to its operators.

Last year, Roblox launched a version of its game in China called LuoBuLeSi. Like other Western gaming companies that have entered the lucrative but heavily regulated Chinese market, it had to partner with a Chinese company, Tencent, who would operate the game in the country, and Roblox had to host user data on local servers, as required by law. But newly released internal documents reveal that Roblox assumed and prepared for the possibility that any Chinese partner it worked with could try to hack Roblox. From a report: On top of that, Roblox expected Tencent to copy the game and create its own version of it. "Expect that hacking has already started," one slide in a presentation from 2017, called "China MVP Ideas from Aug Trip; CONFIDENTAL," read. The slide dates from before Roblox ultimately announced a partnership with Tencent. "Expect it to ramp up after a deal is signed, possibly even by partner."

The documents also show the steps Roblox had to take in order for its game to comply with Chinese censorship laws: any maps created in the game had to "respect the integrity of the country and not misrepresent the Chinese territory," including by recognizing Beijing's claim of self-ruled Taiwan as part of its territory, according to a presentation given to Roblox by Tencent. Users and developers also "must not tamper with historical facts' and "must not appear any images or names of national leaders." There is no evidence that Tencent did target Roblox. The documents were originally obtained and then published online this month by a separate, criminal hacker who attempted to extort Roblox. Motherboard is publishing details from the documents despite them being obtained by a criminal hacker because of the overriding public interest in understanding the highly controversial steps major companies might take in order to break into markets in authoritarian countries. Roblox also expected a group of hundreds of people to be working on reverse engineering any code that the company placed on Chinese servers.

"Uber has officially accepted responsibility for hiding a 2016 data breach that exposed the data of 57 million passengers and drivers..." reports Engadget.

Reuters explains this acknowledgement "was part of a settlement with U.S. prosecutors to avoid criminal charges." In entering a non-prosecution agreement, Uber admitted that its personnel failed to report the November 2016 hacking to the U.S. Federal Trade Commission [for nearly one year], even though the agency had been investigating the ride-sharing company's data security... U.S. Attorney Stephanie Hinds in San Francisco said the decision not to criminally charge Uber reflected new management's prompt investigation and disclosures, and Uber's 2018 agreement with the FTC to maintain a comprehensive privacy program for 20 years.

The San Francisco-based company is also cooperating with the prosecution of a former security chief, Joseph Sullivan, over his alleged role in concealing the hacking.
Here's what the Department of Justice is now alleging against that security chief (as summarized by Reuters last month: "he arranged to pay money to two hackers in exchange for their silence, while trying to conceal the hacking from passengers, drivers and the U.S. Federal Trade Commission."

That's led to three separate wire fraud charges against the former security chief, as well as two charges for obstruction of justice. The defendant was originally indicted in September 2020, and is believed to be the first corporate information security officer criminally charged with concealing a hacking. Prosecutors said Sullivan arranged to pay the hackers $100,000 in bitcoin, and have them sign nondisclosure agreements that falsely stated they had not stolen data.

Uber had a bounty program designed to reward security researchers who report flaws, not to cover up data thefts.... In September 2018, the San Francisco-based company paid $148 million to settle claims by all 50 U.S. states and Washington, D.C. that it was too slow to reveal the hacking.

9to5Mac reports: A Twitter data breach has allowed an attacker to get access to the contact details of 5.4M accounts. Twitter has confirmed the security vulnerability which allowed the data to be extracted. The data — which ties Twitter handles to phone numbers and email addresses — has been offered for sale on a hacking forum, for $30,000... There is as yet no way to check whether your account is included in the Twitter data breach.
More details from the Restore Privacy security news site: A verified Twitter vulnerability from January has been exploited by a threat actor to gain account data allegedly from 5.4 million users. While Twitter has since patched the vulnerability, the database allegedly acquired from this exploit is now being sold on a popular hacking forum, posted earlier today.... The seller on the hacking forum goes by the username "devil" and claims that the dataset includes "Celebrities, to Companies, randoms, OGs, etc."

An anonymous reader quotes a report from TechCrunch: The Russia-linked hacking group behind the infamous SolarWinds espionage campaign is now using Google Drive to stealthily deliver malware to its latest victims. That's according to researchers at Palo Alto Networks' Unit 42 threat intelligence team, who said on Tuesday that the Russian Foreign Intelligence Service (SVR) hacking unit -- tracked as "Cloaked Ursa" by Unit 42 but more commonly known as APT29 or Cozy Bear -- has incorporated Google's cloud storage service into its hacking campaigns to hide their malware and their activities.

APT29 has used this new tactic in recent campaigns targeting diplomatic missions and foreign embassies in Portugal and Brazil between early May and June 2022, according to Unit 42. "This is a new tactic for this actor and one that proves challenging to detect due to the ubiquitous nature of these services and the fact that they are trusted by millions of customers worldwide," the researchers said. "When the use of trusted services is combined with encryption, as we see here, it becomes extremely difficult for organizations to detect malicious activity in connection with the campaign." Unit 42 disclosed the activity to both Dropbox and Google, which took action. In May, the group was found to be using Dropbox in a campaign targeting diplomats and various government agencies. A Dropbox spokesperson told TechCrunch it disabled the accounts immediately.

The Biden administration is pushing to fill hundreds of thousands of cybersecurity jobs in the United States as part of a bid to close a talent shortage US officials describe as both a national security challenge and an economic opportunity. From a report: On Tuesday, the administration announced a multi-agency plan to create hundreds of registered apprenticeship programs with the private sector to flesh out the nation's cybersecurity workforce -- and defend against a rising tide of data breaches, ransomware attacks and other hacking incidents. In a 120-day sprint, the US government will work with employers to establish apprenticeship programs in the cybersecurity industry, said Labor Secretary Marty Walsh, vowing to launch the joint program with the Department of Commerce "in as little as 48 hours."

The initiative draws funding from a wider $500 million Commerce Department program known as the Good Jobs Challenge, and will particularly focus on recruiting young people, women and minorities to train and work in the cybersecurity field, said Walsh and Commerce Secretary Gina Raimondo at a White House event on Tuesday focused on broader cyber workforce issues. The US government commitment highlights what officials describe as a critical lack of cybersecurity professionals in both government and the private sector who can help protect the nation from foreign adversaries and cybercriminals. Months ago, there were an estimated 500,000 unfilled cybersecurity positions in the United States, Raimondo said, but today that figure has exploded to more than 700,000, a 40% increase.

Russian government hackers tried to trick Ukrainian and international volunteers into using a malicious Android app disguised as an app to launch Distributed Denial of Service (DDoS) attacks against Russian sites, according to new research published by Google on Tuesday. Motherboard reports: Since the beginning of the Russian invasion, Ukraine has resisted not only on the ground, but also online. A loose collective of technologists and hackers has organized under an umbrella quasi-hacktivist organization called the IT Army, and they have launched constant and persistent cyberattacks against Russian websites. The Russian government tried to turn this volunteer effort around to unmask Ukrainian hackers, in a smart, but ultimately failed attempt.

Google researchers wrote in the report that the app was created by the hacking group known as Turla, which several cybersecurity companies believe works for the Kremlin. [Shane Huntley, the head of the Google research team Threat Analysis Group] said that they were able to attribute this operation to Turla because they have tracked the group for a long time and have good visibility into their infrastructure and link it to this app. The hackers pretended to be a "community of free people around the world who are fighting russia's aggression" -- much like the IT Army. But the app they developed was actually malware. The hackers called it CyberAzov, in reference to the Azov Regiment or Battalion, a far-right group that has become part of Ukraine's national guard. To add more credibility to the ruse they hosted the app on a domain "spoofing" the Azov Regiment: cyberazov[.]com.

The app actually didn't DDoS anything, but was designed to map out and figure out who would want to use such an app to attack Russian websites, according to Huntely. "Now that they have an app that they control, and they see where it came from, they can actually work out what the infrastructure looks like, and work out where the people that are potentially doing these sorts of attacks are," Huntley said. Google said the fake app wasn't hosted on the Play Store, and that the number of installs "was miniscule." Still, it was a smart attempt to trick unknowing Ukrainians or people interested in working with Ukrainians to fall into the trap.

With gas prices at record highs in the U.S. in recent months, some people have turned to hacking the pump. From a report: Since prices spiked in March, police have arrested at least 22 people across the country for either digitally manipulating computers that manage gas pumps or installing homemade devices to discount their fuel, according to an NBC News review of police and local news reports.

The most common tactics aren't technologically sophisticated. Gas hackers take advantage of the fact that gas pump equipment in the U.S. is heavily standardized and largely relies on a handful of manufacturers that often don't include strong security protections. And some of the hacking tools are easily available online for purchase. While there's no formal law enforcement metric to measure the trend, 1 in 4 convenience-store gas station owners say fuel thefts have been rising since March, said Jeff Lenard, a vice president of the National Association of Convenience Stores, an industry group.

NSO Group's Pegasus spyware was used to target Thai pro-democracy protesters and leaders calling for reforms to the monarchy. "We forensically confirmed that at least 30 individuals were infected with NSO Group's Pegasus spyware," reports Citizen Lab. "The observed infections took place between October 2020 and November 2021." Here's an excerpt from the report: Introduction: Surveillance & Repression in Thailand: The Kingdom of Thailand is a constitutional monarchy with a parliamentary-style government divided into executive, legislative, and judiciary branches. The country has been beset by intense political conflict since 2005, during the government of former Prime Minister Thaksin Shinawatra. Corruption allegations against the regime culminated in a military coup on September 19, 2006 that ousted Thaksin. The military launched another coup on May 22, 2014 and seized power following mass protests against the civilian government led by Thaksin's sister, Yingluck Shinawatra. The junta claimed that the 2014 coup was needed to restore order and called itself the National Council for Peace and Order (NCPO).

Findings: Pegasus Infections in Thailand: On November 23, 2021, Apple began sending notifications to iPhone users targeted by state-backed attacks with mercenary spyware. The recipients included individuals that Apple believes were targeted with NSO Group's FORCEDENTRY exploit. Many Thai civil society members received this warning. Shortly thereafter, multiple recipients of the notification made contact with the Citizen Lab and regional groups. In collaboration with Thai organizations iLaw and DigitalReach, forensic evidence was obtained from notification recipients, and other suspected victims, who consented to participate in a research study with the Citizen Lab. We then performed a technical analysis of forensic artifacts to determine whether these individuals were infected with Pegasus or other spyware. Victims publicly named in this report consented to be identified as such, while others chose to remain anonymous, or have their cases described with limited detail.

Civil Society Pegasus Infections: We have identified at least 30 Pegasus victims among key civil society groups in Thailand, including activists, academics, lawyers, and NGO workers. The infections occurred from October 2020 to November 2021, coinciding with a period of widespread pro-democracy protests, and predominantly targeted key figures in the pro-democracy movement. In numerous cases, multiple members of movements or organizations were infected. Many of the victims included in this report have been repeatedly detained, arrested, and imprisoned for their political activities or criticism of the government. Many of the victims have also been the subject of lese-majeste prosecutions by the Thai government. While many of the infections were detected on the devices of prominent figures, hacking was also observed against individuals who are not publicly involved in the protests. Speculatively, this may reflect the attackers' intent to uncover details about how opposition movements were organized, and may have been prompted by specific financial transactions that would have been known to Thai financial institutions and the government, but not the public.

Federal investigators "disrupted" a North Korean state-sponsored hacking group that targeted US medical facilities and other health organizations, a top Justice Department official said Tuesday. From a report: The attacks included the targeting of a medical center in Kansas last year, Deputy Attorney General Lisa Monaco said, disabling the hospital's systems that store important data and run key equipment. Monaco said the government's investigation led to a public warning, with the Department of Homeland Security, about "Maui" ransomware targeting the health sector.

"The hospital's leadership faced an impossible choice: Give in to the ransom demand, or cripple the ability of the doctors and nurses to provide critical care," Monaco said at the International Conference on Cyber Security at Fordham University in New York. The Biden administration has increasingly warned of cyber threats from countries, including Russia, and has urged the private sector to do more to harden its security. The Cybersecurity and Infrastructure Security Agency, for instance, has widely published tips it said could help deter and mitigate potentially disruptive attacks.

The New York Times describes Pegasus as "a 'zero-click' hacking tool that can remotely extract everything from a target's mobile phone [and] turn the mobile phone into a tracking and recording device." But they also report that the tool's "notorious" maker, NSO Group, was visited "numerous times" in recent months by a executives from American military contractor L3Harris — makes of the cellphone-tracking Stingray tool — who'd wanted to negotiate a purchase of the company.

Their first problem? The U.S. government had blacklisted NSO Group in November, saying Pegasus had been used to compromise phones of political leaders, human rights activists and journalists. But five people familiar with the negotiations said that the L3Harris team had brought with them a surprising message that made a deal seem possible. American intelligence officials, they said, quietly supported its plans to purchase NSO, whose technology over the years has been of intense interest to many intelligence and law enforcement agencies around the world, including the F.B.I. and the C.I.A.

The talks continued in secret until last month, when word of NSO's possible sale leaked and sent all the parties scrambling. White House officials said they were outraged to learn about the negotiations, and that any attempt by American defense firms to purchase a blacklisted company would be met by serious resistance.... Left in place are questions in Washington, other allied capitals and Jerusalem about whether parts of the U.S. government — with or without the knowledge of the White House — had seized an opportunity to try to bring control of NSO's powerful spyware under U.S. authority, despite the administration's very public stance against the Israeli firm....

[NSO Group] had seen a deal with the American defense contractor as a potential lifeline after being blacklisted by the Commerce Department, which has crippled its business. American firms are not allowed to do business with companies on the blacklist, under penalty of sanctions. As a result, NSO cannot buy any American technology to sustain its operations — whether it be Dell servers or Amazon cloud storage — and the Israeli firm has been hoping that being sold to a company in the United States could lead to the sanctions being lifted....

L3 Harris's representatives told the Israelis that U.S. intelligence agencies supported the acquisition as long as certain conditions were met, according to five people familiar with the discussions. One of the conditions, those people said, was that NSO's arsenal of "zero days" — the vulnerabilities in computer source code that allow Pegasus to hack into mobile phones — could be sold to all of the United States' partners in the so-called Five Eyes intelligence sharing relationship. The other partners are Britain, Canada, Australia and New Zealand.
"Several people familiar with the talks said there have been attempts to resuscitate the negotiations..."

An anonymous reader quotes a report from The Block: Ronin, the Ethereum-linked sidechain that underpins play-to-earn game Axie Infinity, lost $540 million in crypto to an exploit in March. While the US government later tied the incident to North Korean hacking group Lazarus, full details of how the exploit was carried out have not been disclosed. The Block can now reveal that a fake job ad was Ronin's undoing. According to two people with direct knowledge of the matter, who were granted anonymity due to the sensitive nature of the incident, a senior engineer at Axie Infinity was duped into applying for a job at a company that, in reality, did not exist.

Earlier this year, staff at Axie Infinity developer Sky Mavis were approached by people purporting to represent the fake company and encouraged to apply for jobs, according to the people familiar with the matter. One source added that the approaches were made through the professional networking site LinkedIn. After what one source described as multiple rounds of interviews, a Sky Mavis engineer was offered a job with an extremely generous compensation package. The fake "offer" was delivered in the form of a PDF document, which the engineer downloaded -- allowing spyware to infiltrate Ronin's systems. From there, hackers were able to attack and take over four out of nine validators on the Ronin network -- leaving them just one validator short of total control. [...]

In its post-mortem, Sky Mavis revealed that the hackers managed to use the Axie DAO (Decentralized Autonomous Organization) -- a group set up to support the gaming ecosystem -- to complete the heist. Sky Mavis had asked the DAO for help dealing with a heavy transaction load in November 2021. [...] A month after the hack, Sky Mavis had increased the number of its validator nodes to 11, and said in the blog post that its long-term goal was to have more than 100. Sky Mavis declined to comment on how the hack was carried out when reached. Earlier today, ESET Research published an investigation showing that North Korea's Lazarus had abused LinkedIn and WhatsApp by posing as recruiters to target aerospace and defense contractors. But the report did not tie that technique to the Sky Mavis hack. The Block notes that Axie Infinity "boasted 2.7 million daily active users and $214 million in weekly trading volume for its in-game NFTs in November last year -- although both numbers have since plummeted."

Users affected by the exploit will be reimbursed via the company's funds, along with the $150 million it raised in a round led by Binance in early April. "The company said recently that it would begin returning funds to users on June 28," adds the report.

An anonymous reader quotes a report from the BBC: The heads of UK and US security services have made an unprecedented joint appearance to warn of the threat from China. FBI director Christopher Wray said China was the "biggest long-term threat to our economic and national security" and had interfered in politics, including recent elections. MI5 head Ken McCallum said his service had more than doubled its work against Chinese activity in the last three years and would be doubling it again. MI5 is now running seven times as many investigations related to activities of the Chinese Communist Party compared to 2018, he added. The FBI's Wray warned that if China was to forcibly take Taiwan it would "represent one of the most horrific business disruptions the world has ever seen."

The first ever joint public appearance by the two directors came at MI5 headquarters in Thames House, London. McCallum also said the challenge posed by the Chinese Communist Party was "game-changing," while Wray called it "immense" and "breath-taking." Wray warned the audience -- which included chief executives of businesses and senior figures from universities -- that the Chinese government was "set on stealing your technology" using a range of tools. He said it posed "an even more serious threat to western businesses than even many sophisticated businesspeople realized." He cited cases in which people linked to Chinese companies out in rural America had been digging up genetically modified seeds which would have cost them billions of dollars and nearly a decade to develop themselves. He also said China deployed cyber espionage to "cheat and steal on a massive scale," with a hacking program larger than that of every other major country combined.

The MI5 head said intelligence about cyber threats had been shared with 37 countries and that in May a sophisticated threat against aerospace had been disrupted. McCallum also pointed to a series of examples linked to China. [...] The MI5 head said new legislation would help to deal with the threat but the UK also needed to become a "harder target" by ensuring that all parts of society were more aware of the risks. He said that reform of the visa system had seen over 50 students linked to the Chinese military leaving the UK. "China has for far too long counted on being everybody's second-highest priority," Wray said, adding: "They are not flying under the radar anymore."

Hotel group Marriott International has confirmed another data breach, with hackers claiming to have stolen 20 gigabytes of sensitive data including guests' credit card information. From a report: The incident, first reported by Databreaches.net Tuesday, is said to have happened in June when an unnamed hacking group claimed they used social engineering to trick an employee at a Marriott hotel Maryland into giving them access to their computer. "Marriott International is aware of a threat actor who used social engineering to trick one associate at a single Marriott hotel into providing access to the associate's computer," Marriott spokesperson Melissa Froehlich Flood told TechCrunch in a statement. "The threat actor did not gain access to Marriott's core network."

Reuters shares the results of its investigation into what it calls "mercenary hackers": Reuters identified 35 legal cases since 2013 in which Indian hackers attempted to obtain documents from one side or another of a courtroom battle by sending them password-stealing emails. The messages were often camouflaged as innocuous communications from clients, colleagues, friends or family. They were aimed at giving the hackers access to targets' inboxes and, ultimately, private or attorney-client privileged information.

At least 75 U.S. and European companies, three dozen advocacy and media groups and numerous Western business executives were the subjects of these hacking attempts, Reuters found.

The Reuters report is based on interviews with victims, researchers, investigators, former U.S. government officials, lawyers and hackers, plus a review of court records from seven countries. It also draws on a unique database of more than 80,000 emails sent by Indian hackers to 13,000 targets over a seven-year period. The database is effectively the hackers' hit list, and it reveals a down-to-the-second look at who the cyber mercenaries sent phishing emails to between 2013 and 2020.... The targets' lawyers were often hit, too. The Indian hackers tried to break into the inboxes of some 1,000 attorneys at 108 different law firms, Reuters found....

"It is an open secret that there are some private investigators who use Indian hacker groups to target opposition in litigation battles," said Anthony Upward, managing director of Cognition Intelligence, a UK-based countersurveillance firm.

The legal cases identified by Reuters varied in profile and importance. Some involved obscure personal disputes. Others featured multinational companies with fortunes at stake. From London to Lagos, at least 11 separate groups of victims had their emails leaked publicly or suddenly entered into evidence in the middle of their trials. In several cases, stolen documents shaped the verdict, court records show.
Reuters spoke to email experts including Linkedin, Microsoft and Google to help confirm the authenticity of the data they'd received, and reports that one high-profile victim was WeWork co-founder Adam Neumann. (After Reuters told him he'd been targetted starting in 2017, Neumann hired a law firm.) "Reuters reached out to every person in the database — sending requests for comment to each email address — and spoke to more than 250 individuals. Most of the respondents said the attempted hacks revealed in the email database occurred either ahead of anticipated lawsuits or as litigation was under way."

America's FBI has been investigating the breachers since at least early 2018, Reuters reports, adding that pressure is now increasing on private eyes who acted as go-betweens for interested clients.

Meanwhile, Reuters found former employees of the mercenary firms, who told them that the firms employed dozens of workers — though "a month's salary could be as low as 25,000 rupees (then worth about $370), according to two former workers and company salary records...

"Asked about the hacker-for-hire industry, an official with India's Ministry of Justice referred Reuters to a cybercrime hotline, which did not respond to a request for comment."

A trove of thousands of email records uncovered by Reuters reveals Indian cyber mercenaries hacking parties involved in lawsuits around the world -- showing how hired spies have become the secret weapon of litigants seeking an edge.

An unusually advanced hacking group has spent almost two years infecting a wide range of routers in North America and Europe with malware that takes full control of connected devices running Windows, macOS, and Linux, researchers reported on Tuesday. From a report: So far, researchers from Lumen Technologies' Black Lotus Labs say they've identified at least 80 targets infected by the stealthy malware, infecting routers made by Cisco, Netgear, Asus, and DrayTek. Dubbed ZuoRAT, the remote access Trojan is part of a broader hacking campaign that has existed since at least the fourth quarter of 2020 and continues to operate. The discovery of custom-built malware written for the MIPS architecture and compiled for small office and home office routers is significant, particularly given its range of capabilities. Its ability to enumerate all devices connected to an infected router and collect the DNS lookups and network traffic they send and receive and remain undetected is the hallmark of a highly sophisticated threat actor.

An anonymous reader shares a report: In February 2019, a large container ship sailing for New York identified a cyber intrusion on board that startled the US Coast Guard. Though the malware attack never controlled the vessel's movement, authorities concluded that weak defenses exposed critical functions to "significant vulnerabilities." A maritime disaster didn't happen that day, but a warning flare rose over an emerging threat to global trade: cyber piracy able to penetrate on-board technology that's replacing old ways of steering, propulsion, navigation and other key operations. Such leaps in hacking capabilities could do enormous economic damage, particularly now, when supply chains are already stressed from the pandemic and the war in Ukraine, experts including a top Coast Guard official said.

"We've been lucky so far," said Rick Tiene, vice president with Mission Secure, a cybersecurity firm in Charlottesville, Virginia. "More and more incidents are happening, and the hackers are getting a better understanding what they can do once they've taken over an operational technology system. In the case of maritime -- whether it be the ports or the vessels themselves -- there is a tremendous amount that could be done to harm both the network and physical operations." Rear Admiral Wayne Arguin, the Coast Guard's assistant commandant for prevention policy, said shipping faces cyber risks similar to those in other industries -- it's just that the stakes are so much higher given that almost 80% of global trade moves on the sea. While Arguin declined to put a number on the frequency of attempted break-ins, he said "I feel very confident that every day networks are being tested, which really reinforces the need to have a plan." "That universe includes not just ship operators but port terminals and the thousands of logistics links in global supply chains that are increasingly interconnected," the story adds.