European Police Dismantle Cybercrime Gang Behind €38M CEO Fraud
Read also: GoDaddy reveals multi-year security breach, hackers targeted Asia-based data centers used by major global firms, and more.
Thursday, February 23, 2023
European police dismantle cybercrime gang behind €38M CEO fraud
Eight alleged members of a Franco-Israeli cybercrime gang, including its leader, have been arrested as a result of a joint law enforcement operation that took place between January 2022 and January 2023 in France and Israel.
The scammers are said to have orchestrated a large-scale CEO fraud scheme using which they defrauded French companies of hundreds of thousands of euros by posing as executives. In one case the group managed to steal a whopping €38 million from a Paris-based firm. The stolen money was laundered through threat actor-controlled bank accounts in the EU, China, and Israel.
World’s largest domain registrar GoDaddy reveals a multi-year security breach
Domain registrar and web hosting giant GoDaddy revealed it was targeted in a multi-year security breach it believes was carried out by a sophisticated and organized group focused on attacking hosting services like GoDaddy. The group’s goal appears to be infecting websites and servers with malware for phishing, malware campaigns, and other nefarious activities.
The company said it experienced several security breaches in March 2020 and November 2021, and the most recent breach has been detected in December 2022. In the latter case threat actors planted malware that redirected users on malicious websites on GoDaddy’s cPanel hosting servers and stole source code related to some of its services.
The company says it is still investigating the root cause of the incident.
Cybersecurity Compliance
Prevent data breaches and meet regulatory requirements
Hackers targeted Asia-based data centers used by major global businesses
Data centers operated by Shanghai-based GDS Holdings and Singapore-based ST Telemedia Global Data Centres were compromised in a series of hacker attacks spanning from 2021 to January 2023, with threat actors exfiltrating login credentials of data center operators and their customers.
According to reports from cybersecurity firm Resecurity and Bloomberg, the data breach impacted roughly 2,000 STT GDC and GDS customers, including some world’s biggest firms such as Alibaba, Amazon, Huawei, Baidu, Apple, Goldman Sachs, BMW, Bank of America, and Bank of China.
It is said that the threat actors had access to login credentials for more than a year before they put the data for sale in January 2023 for a price of $175,000.
Coinbase employees targeted in a sophisticated phishing attack
The cryptocurrency exchange platform Coinbase has shared details on a recent social engineering attack that targeted some of its employees in an attempt to compromise the company’s systems.
The attack involved an SMS alert prompting a recipient to submit their login credentials through a link provided in the message. While the majority of staff ignored the message, one of the employees entered their login and password, enabling the attacker to steal limited employee information, including names, e-mails, and phone numbers. Customers’ funds and data were not affected, Coinbase said.
The company believes that this attack was perpetrated by 0ktapus, a group behind last year’s Twilio and Cloudflare hacks.
In related news, the popular video game publisher Activision is said to have suffered a similar phishing attack in December 2022, with hackers exfiltrating sensitive work place documents, scheduled to be released content, and sensitive employee data.
Threat actors use fake ChatGPT apps to deploy Windows, Android malware
Malicious actors are taking advantage of the growing popularity of OpenAI’s ChatGPT chatbot to spread various types of malware or commit financial fraud.
Security researchers have discovered more than 50 bogus ChatGPT apps promoted via Google Play Store or a fake OpenAI social media page that distributed several well-known malware families like Lumma Stealer, and Aurora Stealer; clipper malware, PUP (potentially unwanted programs), adware, spyware, billing fraud, etc. Researchers also spotted fake ChatGPT-related payment pages designed to steal victims’ money and credit card data.
What’s next:
- Follow ImmuniWeb on Twitter and LinkedIn
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Application Security Weekly is a weekly review of the most important news and events in cybersecurity, privacy and compliance. We cover innovative cyber defense technologies, new hacking techniques, data breaches and evolving cyber law. 
