CYBERSECURITY NEWS V. April – Lapsus$ Hackers Target T-Mobile, Coca-Cola under cyber attack
The Bored Ape Yacht Club's Discord server has been hacked
An unknown hacker has broken into the official Discord server dedicated to NFT holders Bored Ape Yacht Club, Mutant Ape Yacht Club and Mutant Ape Kennel Club - the three main collections of Yuga Labs. The attacker posted phishing links on the Mutant Ape Kennel Club channel to trick users into creating fake NFTs.
The hacker could have carried out the attack using the Ticket Tool, a popular Discord bot that automatically generates support tickets.
Anonymous continue their attacks on Russia organizations
Anonymous claimed to have gained access to the ROC servers. Hackers leaked 15 GB of data from the charity wing of the Russian Orthodox Church and published about 57,500 emails via DDoSecrets
In addition, Anonymous announced the hacking of the base of the Russian Lipetsk Mechanical Plant, which produces components for anti-aircraft missile systems, and other military equipment. 25 GB of data has been posted online.
On April 2, hackers also hacked Sukhoi's website and published political slogans on it.
Spanish energy company Iberdrola hit by cyberattack
The Spanish company Iberdrola, which is a manufacturer and supplier of electricity, was subjected to a cyber attack. An investigation by the National Cyber Security Institute (Incibe) found that the incident exposed the personal data of 1.3 million Iberdrola customers. In particular, the attackers gained access to information about identity cards, home addresses, phone numbers, and e-mail. Details of bank accounts or credit cards of customers were not disclosed.
Karakurt turned out to be a subdivision of the Conti extortion syndicate
A link has been found between the Conti ransomware and the recently emerged ransomware group Karakurt. Conti is one of the most prolific cybercriminal groups to date and has not waned despite massive leaks of internal conversations and source code. Karakurt has been in operation since at least June 2021. Hackers steal data from companies and then force them to pay a ransom by threatening to release the stolen information. In about two months (from September to November 2021), more than 40 organizations became victims of Karakurt.
Lapsus$ Hackers Target T-Mobile
T-Mobile confirmed that the cyber-ransomware group Lapsus$ hacked into its network, stole credentials and gained access to internal systems that stored operating software tools. As a result, the hackers allegedly managed to get their hands on T-Mobile's proprietary source code.
After the hack was discovered, access to the systems was closed, and the stolen credentials were blocked. The hackers failed to steal any sensitive user or government information.
Coca-Cola under cyber attack
Coca-Cola confirmed the fact of a cyber attack on its computer networks. The company is currently cooperating with law enforcement in the investigation of the incident.
The company launched an investigation after cybercriminal group Stormous said it successfully hacked into some of the company's servers and stole 161 GB of data.
The attackers published the stolen data on their data breach site and demanded a ransom of 1.65 bitcoins (approximately $64,000). The stolen data includes compressed documents, text files, email, passwords, ZIP archives of accounts and payments, and other sensitive information.
Hackers stole NFTs from the collection of Bored Ape Yacht Club worth $3 million
Unidentified attackers hacked into the Instagram page of the famous collection of non-fungible tokens (NFT) Bored Ape Yacht Club and published a link to a phishing site, thanks to which they managed to steal $ 3 million worth of NFT from the baited users.