{"id":730,"date":"2020-04-14T08:09:41","date_gmt":"2020-04-14T08:09:41","guid":{"rendered":"https:\/\/news.nucleon.sh\/?p=730"},"modified":"2020-04-14T08:09:42","modified_gmt":"2020-04-14T08:09:42","slug":"cyber-intel-update","status":"publish","type":"post","link":"https:\/\/news.nucleon.sh\/ko\/2020\/04\/14\/cyber-intel-update\/","title":{"rendered":"Cyber Intel Update 13.4.2020"},"content":{"rendered":"\n<figure class=\"wp-block-embed-soundcloud wp-block-embed is-type-rich is-provider-soundcloud wp-embed-aspect-4-3 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"CYBER news UPDATE 13.4.2020 by Cyber Intelligence Briefing\" width=\"660\" height=\"400\" scrolling=\"no\" frameborder=\"no\" src=\"https:\/\/w.soundcloud.com\/player\/?visual=true&#038;url=https%3A%2F%2Fapi.soundcloud.com%2Ftracks%2F797583085&#038;show_artwork=true&#038;maxheight=990&#038;maxwidth=660&#038;secret_token=s-LhEFokDdEld\"><\/iframe>\n<\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">A common cyber attacks type that we frequently discuss here is when hackers are targeting different service suppliers.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">stopping hackers from hacking your service provider is almost impossible and also hard to know it happened.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Not long ago, a hacker from Malaysia performed a phishing campaign against the world&#8217;s biggest domain registrar called GoDaddy.<\/p>\n\n\n\n<figure class=\"wp-block-video wp-block-embed is-type-video is-provider-videopress\"><div class=\"wp-block-embed__wrapper\">\n<iframe title=\"VideoPress Video Player\" aria-label='VideoPress Video Player' width='660' height='371' src='https:\/\/videopress.com\/embed\/jyksAJR6?autoPlay=1&amp;controls=0&amp;loop=1&amp;muted=1&amp;persistVolume=0&amp;preloadContent=metadata&amp;hd=0&amp;cover=1' frameborder='0' allowfullscreen allow='clipboard-write'><\/iframe><script src='https:\/\/v0.wordpress.com\/js\/next\/videopress-iframe.js?m=1674852142'><\/script>\n<\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">The incident gave the attacker the ability to view and modify key customer records, access that was used to change domain settings for different GoDaddy customers, including transaction brokering site escrow.com.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">During the incident, the hackers changed the DNS records for Escrow.com to point to a third party web server.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">GoDaddy acknowledged that on March 30 the company was alerted to a security incident involving a customer\u2019s domain name.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">An investigation revealed a GoDaddy employee had fallen victim to a spear-phishing attack, and that five other customer accounts were \u201cpotentially\u201d affected \u2014&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">although GoDaddy wouldn\u2019t say which or how many domains those customer accounts may have with GoDaddy.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u201cOur team investigated and found an internal employee account triggered the change,\u201d the statement reads. \u201cWe conducted a thorough audit on that employee account and confirmed there were five other customer accounts potentially impacted.\u201d<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">GoDaddy continues and say: \u201c\u201cWe immediately locked down the impacted accounts involved in this incident to prevent further changes. Any actions done by the threat actor have been reverted and the impacted customers have been notified. The employee involved in this incident fell victim to a spear-phishing or social engineering attack. We have taken steps across our technology, processes and employee education, to help prevent these types of attacks in the future.\u201d<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Someone should tell GoDaddy that simple feature like forcing 2 factor authentication could have prevented such hacks.<\/p>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<p class=\"wp-block-paragraph\">Close to the end of 2019 an hacker known as Phineas Fisher offered to pay other hackers up to $100,000 in what they called the \u2018Hacktivist Bug Hunting Program.\u201d The idea is to pay other hackers who carry out politically motivated hacks against companies that could lead to the disclosure of documents in the public interest.\u00a0<\/p>\n\n\n\n<figure class=\"wp-block-video wp-block-embed is-type-video is-provider-videopress\"><div class=\"wp-block-embed__wrapper\">\n<iframe title=\"VideoPress Video Player\" aria-label='VideoPress Video Player' width='660' height='371' src='https:\/\/videopress.com\/embed\/NshGPa4o?autoPlay=1&amp;controls=0&amp;loop=1&amp;muted=1&amp;persistVolume=0&amp;preloadContent=metadata&amp;hd=0&amp;cover=1' frameborder='0' allowfullscreen allow='clipboard-write'><\/iframe><script src='https:\/\/v0.wordpress.com\/js\/next\/videopress-iframe.js?m=1674852142'><\/script>\n<\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">The hacker said he will pay in cryptocurrency, such as Bitcoin or Monero.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Some time has passed and the notorious hacktivist Phineas Fisher said they paid a bounty of $10,000 to another hacker who obtained and leaked Chilean military emails. Phineas Fisher told that this was the first payment.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The money went to the person responsible for stealing around 3,500 emails from several email accounts belonging to Chilean military personnel.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The Chilean Army disclosed the hack in a tweet from its official account in December, which included a press release on the breach of \u201csix emails accounts belonging to the @ejercito.cl domain.\u201d The press release blamed \u201can organization of cyber criminals,\u201d and downplayed the incident, saying it only affected accounts managed by an external provider. Those accounts were used to interact with providers and companies that regularly work with the Army, according to the press release.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1600\" height=\"901\" data-attachment-id=\"739\" data-permalink=\"https:\/\/news.nucleon.sh\/ko\/2020\/04\/14\/cyber-intel-update\/chile_-_escuela_de_suboficiales_ejercito_-_19-09-2014\/\" data-orig-file=\"https:\/\/i0.wp.com\/news.nucleon.sh\/wp-content\/uploads\/2020\/04\/Chile_-_Escuela_de_Suboficiales_Eje%CC%81rcito_-_19-09-2014.jpg?fit=1600%2C901&amp;ssl=1\" data-orig-size=\"1600,901\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Chile_-_Escuela_de_Suboficiales_Eje\u0301rcito_-_19-09-2014\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/news.nucleon.sh\/wp-content\/uploads\/2020\/04\/Chile_-_Escuela_de_Suboficiales_Eje%CC%81rcito_-_19-09-2014.jpg?fit=660%2C372&amp;ssl=1\" src=\"https:\/\/i1.wp.com\/blog.cybercure.ai\/wp-content\/uploads\/2020\/04\/Chile_-_Escuela_de_Suboficiales_Eje\u0301rcito_-_19-09-2014.jpg?fit=660%2C372&#038;ssl=1\" alt=\"\" class=\"wp-image-739\" srcset=\"https:\/\/i0.wp.com\/news.nucleon.sh\/wp-content\/uploads\/2020\/04\/Chile_-_Escuela_de_Suboficiales_Eje%CC%81rcito_-_19-09-2014.jpg?w=1600&amp;ssl=1 1600w, https:\/\/i0.wp.com\/news.nucleon.sh\/wp-content\/uploads\/2020\/04\/Chile_-_Escuela_de_Suboficiales_Eje%CC%81rcito_-_19-09-2014.jpg?resize=300%2C169&amp;ssl=1 300w, https:\/\/i0.wp.com\/news.nucleon.sh\/wp-content\/uploads\/2020\/04\/Chile_-_Escuela_de_Suboficiales_Eje%CC%81rcito_-_19-09-2014.jpg?resize=1024%2C577&amp;ssl=1 1024w, https:\/\/i0.wp.com\/news.nucleon.sh\/wp-content\/uploads\/2020\/04\/Chile_-_Escuela_de_Suboficiales_Eje%CC%81rcito_-_19-09-2014.jpg?resize=768%2C432&amp;ssl=1 768w, https:\/\/i0.wp.com\/news.nucleon.sh\/wp-content\/uploads\/2020\/04\/Chile_-_Escuela_de_Suboficiales_Eje%CC%81rcito_-_19-09-2014.jpg?resize=1536%2C865&amp;ssl=1 1536w, https:\/\/i0.wp.com\/news.nucleon.sh\/wp-content\/uploads\/2020\/04\/Chile_-_Escuela_de_Suboficiales_Eje%CC%81rcito_-_19-09-2014.jpg?resize=1200%2C676&amp;ssl=1 1200w, https:\/\/i0.wp.com\/news.nucleon.sh\/wp-content\/uploads\/2020\/04\/Chile_-_Escuela_de_Suboficiales_Eje%CC%81rcito_-_19-09-2014.jpg?resize=10%2C6&amp;ssl=1 10w, https:\/\/i0.wp.com\/news.nucleon.sh\/wp-content\/uploads\/2020\/04\/Chile_-_Escuela_de_Suboficiales_Eje%CC%81rcito_-_19-09-2014.jpg?resize=432%2C243&amp;ssl=1 432w, https:\/\/i0.wp.com\/news.nucleon.sh\/wp-content\/uploads\/2020\/04\/Chile_-_Escuela_de_Suboficiales_Eje%CC%81rcito_-_19-09-2014.jpg?resize=396%2C223&amp;ssl=1 396w, https:\/\/i0.wp.com\/news.nucleon.sh\/wp-content\/uploads\/2020\/04\/Chile_-_Escuela_de_Suboficiales_Eje%CC%81rcito_-_19-09-2014.jpg?resize=1120%2C631&amp;ssl=1 1120w, https:\/\/i0.wp.com\/news.nucleon.sh\/wp-content\/uploads\/2020\/04\/Chile_-_Escuela_de_Suboficiales_Eje%CC%81rcito_-_19-09-2014.jpg?resize=660%2C372&amp;ssl=1 660w, https:\/\/i0.wp.com\/news.nucleon.sh\/wp-content\/uploads\/2020\/04\/Chile_-_Escuela_de_Suboficiales_Eje%CC%81rcito_-_19-09-2014.jpg?resize=391%2C220&amp;ssl=1 391w, https:\/\/i0.wp.com\/news.nucleon.sh\/wp-content\/uploads\/2020\/04\/Chile_-_Escuela_de_Suboficiales_Eje%CC%81rcito_-_19-09-2014.jpg?w=1320&amp;ssl=1 1320w\" sizes=\"auto, (max-width: 600px) 91vw, (max-width: 900px) 600px, (max-width: 1060px) 50vw, (max-width: 1200px) 520px, (max-width: 1400px) 43vw, 600px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">The Hacker who claimed responsibility for this hack released a statement with political nature saying:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u201cFreedom for the political prisoners in Chile!&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Justice for those who have been mutilated and murdered by the Chilean state!<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u201cWe are tired, angry, but more united than ever. We are those who are left over, the forgotten, we are legion. See you on the streets.\u201d<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The hack and leak appears to have had a limited impact in Chile, though it did get some local news coverage.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Is this type of political hacking effective ?&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">are we going to see more politically motivated hacking for profit in other countries as well ?<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Cybercure will monitor such type of sponsored hacking and will report if there are new developments.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">&#8212;&#8211;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">That\u2019s it for this podcast, stay safe and see you in the next podcast.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Don\u2019t forget to visit<a href=\"http:\/\/www.cybercure.ai\"> www.cybercure.ai<\/a> for the latest podcasts on cyber intelligence.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">++++++<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A common cyber attacks type that we frequently discuss here is when hackers are targeting different service suppliers.&nbsp; stopping hackers from hacking your service provider is almost impossible and also hard to know it happened. Not long ago, a hacker from Malaysia performed a phishing campaign against the world&#8217;s biggest domain registrar called GoDaddy. The [&hellip;]<\/p>\n","protected":false},"author":143072865,"featured_media":744,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","_crdt_document":"","advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_wpas_customize_per_network":false,"jetpack_post_was_ever_published":false},"categories":[646263560],"tags":[103,21013,1142,684292279,684292278,684292283,684292281,684292282,684292277,684292280],"class_list":["post-730","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybercure-ai","tag-news","tag-phishing","tag-podcast","tag-army","tag-chile","tag-crypto","tag-dns","tag-escrow","tag-godaddy","tag-malasia","entry-image--portrait"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/news.nucleon.sh\/wp-content\/uploads\/2020\/04\/storyblocks-a-busy-road-in-santiago-with-the-andes-in-the-background_rEXl2eI6NM.jpg?fit=2063%2C2700&ssl=1","jetpack_likes_enabled":true,"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/paa2yX-bM","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/news.nucleon.sh\/ko\/wp-json\/wp\/v2\/posts\/730","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/news.nucleon.sh\/ko\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news.nucleon.sh\/ko\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news.nucleon.sh\/ko\/wp-json\/wp\/v2\/users\/143072865"}],"replies":[{"embeddable":true,"href":"https:\/\/news.nucleon.sh\/ko\/wp-json\/wp\/v2\/comments?post=730"}],"version-history":[{"count":4,"href":"https:\/\/news.nucleon.sh\/ko\/wp-json\/wp\/v2\/posts\/730\/revisions"}],"predecessor-version":[{"id":743,"href":"https:\/\/news.nucleon.sh\/ko\/wp-json\/wp\/v2\/posts\/730\/revisions\/743"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news.nucleon.sh\/ko\/wp-json\/wp\/v2\/media\/744"}],"wp:attachment":[{"href":"https:\/\/news.nucleon.sh\/ko\/wp-json\/wp\/v2\/media?parent=730"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news.nucleon.sh\/ko\/wp-json\/wp\/v2\/categories?post=730"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news.nucleon.sh\/ko\/wp-json\/wp\/v2\/tags?post=730"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}