Call of Duty publisher leak, Coinbase employee phishing and other cybersecurity events

We have collected the most important news from the world of cybersecurity for the week.

Employees Coinbase became victims of SMS phishing

February 17 Coinbase cryptocurrency exchange statedthat its employees were victims of a phishing SMS campaign. The incident happened on February 5th.

The targeted workers received text messages about the urgent need to log into their account using the link provided. One of the recipients clicked on it, entered a username and password.

installed on the account 2FA the attackers got around by calling the employee on behalf of the IT department. The victim followed the instructions and logged in to their device.

Suspicious activity spotted by Coinbase security, which promptly blocked the compromised account.

The attacker managed to get limited contact information of employees, including names, email addresses and phone numbers.

At the same time, the exchange assured that customer data and their funds were not affected.

Coinbase suggested that the hacker group 0ktapus, also known as the Scattered Spider, was behind the attack, which accounted for at least 130 similar hacks of other organizations.

The FBI has detected malicious activity on the internal network

On February 17, an unknown attacker hacked into the computer system of the FBI headquarters in New York. This is reported CNN.

According to people familiar with the matter, the affected segment was used to investigate crimes related to the sexual exploitation of children.

According to the agency, this was a single incident, which was quickly localized. The FBI did not provide any other comments regarding the investigation, including about the sources of the threat.

Call of Duty update schedule leaked online

Game developer and publisher Activision has confirmed unauthorized access to one of its internal Slack channels and data theft. The incident occurred back in December 2022, but it became publicly known only after a report from researchers from Vx-underground.

.@Activision was breached December 4th, 2022. The Threat Actors successfully phished a privileged user on the network. They exfiltrated sensitive work place documents as well as scheduled to be released content dating by November 17th, 2023.

Activision did not tell anyone. pic.twitter.com/urD64iIlC5

— vx-underground (@vxunderground) February 20, 2023

They posted a number of edited screenshots from December 4, 2022, obtained directly from the attackers. They feature confidential Activision working papers related to the Call of Duty franchise, as well as content publishing schedule for 2023.

According to Vx-underground, the hack was carried out through a phishing SMS attack on one of the company’s employees. The hackers then infiltrated Activision’s Slack channel.

Himself a video game developer did not specify details of the hack, however, he assured that the source codes of the games and the personal data of the players were not affected.

According to the publication Insider Gaming, the leak includes full names, email addresses, phone numbers, salaries and other employee data. In addition, the compromised Activision specialist, according to journalists, works in the personnel department and has access to a large amount of confidential information.

GoDaddy reported years of compromised systems

GoDaddy registrar in filed SEC report revealed the fact of a targeted attack on their systems, which lasted for several years.

According to companiesunknown persons compromised cPanel shared hosting environment, stole the source code and installed malware on their servers.

The issue came to light in early December 2022 following customer complaints that their sites were being used to redirect to random domains.

GoDaddy noted that the attack was carried out by an organized group that targeted hosting providers around the world. Their task was to infect sites with malware for phishing campaigns and other malicious activities.

The registrar team is currently working with external cybersecurity experts and law enforcement to investigate the incident.

A new infostealer has spread on the dark web

Among cybercriminals, a new stealer Stealc, capable of stealing data from browsers, extensions and addresses of cryptocurrency wallets. Sekoia experts drew attention to this.

https://t.co/CnRXY1H4Ke uncovered a new #infostealer advertised as #Stealc on underground forums since early 2023 and already widespread in the wild.

In a nutshell, Stealc is a copycat of the prominent #Vidar and #Raccoon stealers.https://t.co/3FqVt4y9ZM

— SEKOIA.IO (@sekoia_io) February 20, 2023

Since January 2023, the malware has been actively advertised on hacker forums and Telegram channels.

In particular, the authors of the posts note that the creators of Stealc relied on solutions already existing “on the market”, including Vidar, Raccoon, Mars and Redline. However, unlike them, the new stealer can be configured to capture certain types of files.

Researchers have identified more than 40 Stealc control servers and several dozen samples of malware, which indicates interest in it among cybercriminals.

Experts pointed to a surge in attacks through social networks and instant messengers

Positive Technologies specialists studied the most relevant cyber threats of the fourth quarter of 2022. Among the main trends is an increase in the number of attacks through social networks and instant messengers.

The attackers also resorted to using malware, social engineering methods, and exploiting vulnerabilities.

Due to their actions, there were interruptions in the operation of critical infrastructure, large leaks of user data and the source code of products.

The total number of cyberattacks during the study period increased by 15% compared to the fourth quarter of 2021.

Also on CryptoNewsHerald:

What to read on the weekend?

In the educational section “Cryptorium” we talk about the restart of the Ronin sidechain after a large-scale hack.