Cyber Intel Update 13.4.2020

A common cyber attacks type that we frequently discuss here is when hackers are targeting different service suppliers. 

stopping hackers from hacking your service provider is almost impossible and also hard to know it happened.

Not long ago, a hacker from Malaysia performed a phishing campaign against the world’s biggest domain registrar called GoDaddy.

The incident gave the attacker the ability to view and modify key customer records, access that was used to change domain settings for different GoDaddy customers, including transaction brokering site escrow.com.

During the incident, the hackers changed the DNS records for Escrow.com to point to a third party web server.

GoDaddy acknowledged that on March 30 the company was alerted to a security incident involving a customer’s domain name. 

An investigation revealed a GoDaddy employee had fallen victim to a spear-phishing attack, and that five other customer accounts were “potentially” affected — 

although GoDaddy wouldn’t say which or how many domains those customer accounts may have with GoDaddy. 

“Our team investigated and found an internal employee account triggered the change,” the statement reads. “We conducted a thorough audit on that employee account and confirmed there were five other customer accounts potentially impacted.”

GoDaddy continues and say: ““We immediately locked down the impacted accounts involved in this incident to prevent further changes. Any actions done by the threat actor have been reverted and the impacted customers have been notified. The employee involved in this incident fell victim to a spear-phishing or social engineering attack. We have taken steps across our technology, processes and employee education, to help prevent these types of attacks in the future.”

Someone should tell GoDaddy that simple feature like forcing 2 factor authentication could have prevented such hacks.


Close to the end of 2019 an hacker known as Phineas Fisher offered to pay other hackers up to $100,000 in what they called the ‘Hacktivist Bug Hunting Program.” The idea is to pay other hackers who carry out politically motivated hacks against companies that could lead to the disclosure of documents in the public interest. 

The hacker said he will pay in cryptocurrency, such as Bitcoin or Monero. 

Some time has passed and the notorious hacktivist Phineas Fisher said they paid a bounty of $10,000 to another hacker who obtained and leaked Chilean military emails. Phineas Fisher told that this was the first payment. 

The money went to the person responsible for stealing around 3,500 emails from several email accounts belonging to Chilean military personnel.

The Chilean Army disclosed the hack in a tweet from its official account in December, which included a press release on the breach of “six emails accounts belonging to the @ejercito.cl domain.” The press release blamed “an organization of cyber criminals,” and downplayed the incident, saying it only affected accounts managed by an external provider. Those accounts were used to interact with providers and companies that regularly work with the Army, according to the press release.

The Hacker who claimed responsibility for this hack released a statement with political nature saying:

“Freedom for the political prisoners in Chile! 

Justice for those who have been mutilated and murdered by the Chilean state!

“We are tired, angry, but more united than ever. We are those who are left over, the forgotten, we are legion. See you on the streets.”

The hack and leak appears to have had a limited impact in Chile, though it did get some local news coverage.

Is this type of political hacking effective ? 

are we going to see more politically motivated hacking for profit in other countries as well ?

Cybercure will monitor such type of sponsored hacking and will report if there are new developments.

—–

That’s it for this podcast, stay safe and see you in the next podcast.

Don’t forget to visit www.cybercure.ai for the latest podcasts on cyber intelligence.

++++++

Leave a Reply