CYBERSECURITY NEWS V. March – Anonymous declares cyberwar, Samsung source code leak, Denso under cyberattack

hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates

News FYI

Samsung confirms source code leak

The South American hacker group Lapsus$ hacked into Samsung networks. It claimed to have stolen 190GB of data, including the source code for trusted applets installed in TrustZone, biometric authentication algorithms, bootloaders for the latest device models, and even confidential data from the chip supplier Qualcomm. Samsung has confirmed the leak of internal data, including source code associated with Galaxy smartphones.

Israel declares state of emergency due to cyber attack

A number of Israeli government websites were unavailable as a result of a massive DDoS attack that blocked access to them.

It was the largest cyber attack ever carried out against Israel. It is assumed that an Iranian statesman or a large organization is behind the incident, but it is not yet known who exactly.

OldGremlin attacked Wildberries

The hacker group OldGremlin attacked the international online store Wildberries. Hackers not only disrupted the site but also took control of it. The attackers placed an encryption virus in the site data, which caused a large-scale failure of Wildberries' work.

German company Denso under cyberattack

Denso, the leading supplier to Toyota, has been attacked by ransomware. The Japanese supplier said it detected unauthorized access to the networks of Denso Automotive Deutschland GmbH, a group of companies that does sales and engineering in Germany, on March 10.

The Pandora hacker group gained access to Denso's systems and threatened to expose trade secrets on the dark web, including email, invoices, and parts diagrams. Pandora said it had got over 157,000 emails and purchase orders, or 1.4TB of data.

Hackers attacked Greek National Postal Service

On March 21, the state-owned provider of postal services in Greece (Hellenic Post, ELTA) announced the temporary shutdown of its commercial information systems in all post offices due to a cyberattack that occurred on Sunday night. IT specialists have determined that attackers exploited an unpatched vulnerability through which malware was downloaded, allowing hackers to access one of the workstations using the HTTPS reverse shell. The main goal of the cyberattack was to encrypt the critical systems of the postal service, but ELTA did not report any ransom demands.

Anonymous issues ultimatum to foreign companies remaining in Russia

The Anonymous hacktivists are threatening all companies that continue to cooperate with Russia with cyberattacks and urged them to cut off all relations with the country within 48 hours. The call was accompanied by an image with the logos of dozens of major corporations, including Burger King, Citrix, Nestle, and Subway. Nestle, the global food and beverage maker, angered the group of hacktivists the most, and they tweeted, "Nestle, as the death toll climbs, you have been warned and now breached." It is not yet clear whether they really hacked Nestle or if it was just a threat.

Earlier, Anonymous hacktivists announced on Twitter the start of a war with Russia over a special operation in Ukraine.