The Week in Security: BlackCat threatens to leak Reddit data, attackers target npm packages (again)

This week: BlackCat hackers threaten to leak Reddit’s data. Also: Hijacked S3 buckets are being used in attacks on npm packages.

This Week’s Top Story

BlackCat hackers threaten to leak Reddit’s data

Back in February of this year, the BlackCat (also known as ALPHV) ransomware gang attacked Reddit by phishing one of their employees, which hackers claim allowed them to steal 80GB of data from the platform. Reddit disclosed that they were hacked on February 5th, and shared that the attackers breached the platform’s systems, giving the threat actors access to “internal docs, code, as well as some internal dashboards and business systems,” said Reddit CTO Christoper Slowe. He also made it known in the post that there were “no indications of breach of our primary production systems,” and that user information, such as passwords, accounts, and financial information were not impacted.

BlackCat is now claiming that they were behind the February attack on Reddit, and posted a “Reddit Files” page on their leak site. The attackers share that they stole 80GB worth of compressed data, and now plan on leaking all of it if Reddit doesn’t follow through on the gang’s demands. BlackCat attackers said they have contacted Reddit twice since February about their demands, which include a $4.5 million ransom for the data and API policy changes. BlackCat claims that they have received no response from the platform to date, and will release the data if the demands aren’t met.

Reddit declined BleepingComputer’s request for comment, but the news source is now able to confirm that the attack BlackCat is referencing on their leak site is the same as the February phishing attack on Reddit.

News Roundup

Here are the stories we’re paying attention to this week…

Hijacked S3 buckets used in attacks on npm packages (The Register)

Miscreants are using expired Amazon Web Services (AWS) S3 buckets to place malicious code into a legitimate package in the npm repository without having to tinker with any code.

Microsoft confirms recent service disruptions were caused by Russian hacking group (ONMSFT.com)

In a recent blog post, Microsoft officially acknowledged that the disruptions to its services earlier this month were the result of deliberate hacks. The tech giant attributed the temporary unavailability of some of its services to ongoing Distributed Denial-of-Service (DDoS) attacks conducted by a threat actor identified as Storm-1359.

U.S. government offers $10 million bounty for info on Clop ransomware (Bleeping Computer)

The U.S. State Department's Rewards for Justice program announced up to a $10 million bounty yesterday for information linking the Clop ransomware attacks to a foreign government. Rewards of Justice (RFJ) is a U.S. Department of State program that offers monetary rewards for information on threat actors and attacks impacting the national security of the USA.

Experts Uncover Year-Long Cyber Attack on IT Firm Utilizing Custom Malware RDStealer (The Hacker News)

A highly targeted cyber attack against an East Asian IT company involved the deployment of a custom malware written in Golang called RDStealer. Evidence gathered by Bitdefender shows that the campaign – dubbed RedClouds – started in early 2022. The targeting aligns with the interest of China-based threat actors.

Report: Microsoft launched Bing chatbot despite OpenAI warning it wasn’t ready (ArsTechnica)

Not only has tension and confusion extended to Microsoft's internal AI team—which apparently is dealing with budget cuts and limited access to OpenAI technology—but sources said it also clouded Microsoft's controversial rollout of AI-powered Bing search last February. At that time, Bing was found to be vulnerable to prompt injection attacks revealing company secrets and providing sometimes inaccurate and truly unhinged responses to user prompts.

Featured image: brett-jordan/unsplash