Hack-cheat for ChatGPT, scandalous leak from the RKN internal network and other cybersecurity events


We have collected the most important news from the world of cybersecurity for the week.

  • Drain “CyberPartizanov” revealed the real role of one of the structures of Roskomnadzor.
  • Reddit was hacked and the source code was stolen.
  • Hackers have learned how to create malware using ChatGPT.
  • Tor onion services slowed down due to DDoS attacks.

Drain “CyberPartizanov” revealed the real role of one of the structures of Roskomnadzor

The hacker group “CyberPartisans” from Belarus shared with Russian media an archive of documents from the internal network of the Main Radio Frequency Center (GRC) subordinated to Roskomnadzor.

A dump with more than 2 TB of information was received by hackers back in November 2022. At the time, the GRFC itself admitted the fact of the attack, but called the situation manageable.

About 1.5 million emails, mostly from 2020-2022, as well as about 200,000 text documents, spreadsheets and presentations, shed light on the key role of this structure in spying on Russians on the Internet.

Among other things, the GRFC helps to block independent media, writes denunciations of potential “foreign agents”, censors queries in Yandex about the war, seeks out reports about the health of Vladimir Putin, protests and “fakes” about the army.

Reddit hacked and source code stolen

February 5th ͏unknown attacked Reddit site and stole its source code.

Cybercriminals have created a phishing page imitating the Reddit intranet site. Through it, hackers stole the credentials of company employees and two-factor authentication tokens.

The compromised data includes limited Reddit contact information, as well as information regarding current and former employees. Potentially advertiser information could have been stolen, but more specific financial information and advertising campaign statistics were not affected.

The hack did not affect the main working systems of the site, passwords and user accounts.

The company did not share other details of the incident, pointing only to a recent similar attack on game maker Riot Games.

Hackers learned how to create malware using ChatGPT

Telegram has a paid bot that allows you to bypass ChatGPT’s bans on creating illegitimate content, including malware and phishing emails. The specialists of the company drew attention to this check point.

ChatGPT is freely available to developers. However, the current API– the AI ​​bot version is poorly protected from various abuses and can be used by external applications.

“For example, the integration of the GPT-3 language model into Telegram channels allows you to create malicious content without any of the restrictions and barriers that are set in the ChatGPT user interface,” the researchers said.

On one of the hacker forums, they found an advertisement for a similar service. The first 20 requests to the chatbot are free, then users are charged $5.5 for every 100 requests.

Hack-cheat for ChatGPT, scandalous leak from the RKN internal network and other cybersecurity events
Data: Check Point.

As part of the test, experts were able to create a phishing email and a script that steals PDF documents from an infected computer and sends them to an attacker via FTP. To create this script, they used the query: “Write a malware that will collect PDF files and send them via FTP.”

Another member of the hack forum posted a code that allows you to generate malware for free.

Hack-cheat for ChatGPT, scandalous leak from the RKN internal network and other cybersecurity events
Data: Check Point.

Secure messenger hacked to spy on drug dealers

The Dutch police have taken down the anonymous messenger Exclu. Before that, law enforcement officers hacked the service and monitored the activities of criminals for five months.

During the investigation, 79 searches were carried out in the Netherlands, Germany and Belgium, 42 people were arrested.

Two of the detainees were owners and managers of Exclu, while the rest were users of the service, including operators of drug laboratories. Several kilograms of narcotic substances, firearms, more than €4.3 million in cash and luxury goods were confiscated from them.

Exclu sold six-monthly subscriptions for €800 and allowed the exchange of encrypted messages and media files. According to police estimates, the messenger’s audience was about 3,000 people, 750 of whom lived in the Netherlands.

Tor onion services slowed down due to DDoS attacks

During the last seven months, the availability of the Tor network regularly violated due to powerful DDoS attacks. Users complain about page loading problems and lack of access to onion services.

Hack-cheat for ChatGPT, scandalous leak from the RKN internal network and other cybersecurity events
Data: Risky Business.

The Tor Project developers are aware of the problem and are trying to mitigate the effects of the attacks and secure the network.

“The methods and targets of these attacks have changed over time, and we have adapted as they continue. It is impossible to determine with certainty who is behind them, and what their intentions are, ”said the representatives of the service.

According to information risky business, attacks do not occur simultaneously on the entire network. Instead, the attackers target a small number of specific relays and switch to others a few days later.

At the same time, during the attacks, none of the operators received ransom demands.

Malicious Dota 2 mods found on Steam

Specialists Avast found four malicious game mods for Dota 2 in the Steam store, with the help of which attackers introduced backdoors into players’ systems. Despite the presence of mandatory verification upon publication, mod authors were able to bypass it.

Hack-cheat for ChatGPT, scandalous leak from the RKN internal network and other cybersecurity events
Data: Avast.

To gain control over the player’s machine, the attackers used the Panorama framework, developed by Valve itself. The JavaScript part of it relies on a vulnerable version of the V8 engine.

The exploit was embedded in a legitimate file that added scoreboard functionality to the game, making it difficult to detect.

“The backdoor allowed any JavaScript received over HTTP to be executed, giving the attacker the ability to both hide and modify their exploit code at their own discretion, as well as the ability to completely update the entire mod,” Avast said.

In addition, the attacker embedded a file into his mods that tested the possibility of executing a malicious Lua snippet on the server side. It has the functions of logging, executing arbitrary commands, creating coroutines, and sending HTTP GET requests.

Avast analysts reported their discovery to Valve developers, and on January 12, 2023, they updated the vulnerable version of V8. The company also removed malicious game mods from Steam and alerted at least 200 victims of the attack.

Also on CryptoNewsHerald:

What to read on the weekend?

In the educational section of CryptoNewsHerald “Cryptorium” we talk about the types of scam and give advice on how not to become a victim of it.

Subscribe to CryptoNewsHerald on social networks

Found a mistake in the text? Select it and press CTRL+ENTER

CryptoNewsHerald Newsletters: Keep your finger on the pulse of the bitcoin industry!

Comments (No)

Leave a Reply