Spectra Assure Free Trial
Get your 14-day free trial of Spectra Assure
Get Free TrialMore about Spectra Assure Free TrialThis week: BlackCat hackers threaten to leak Reddit’s data. Also: Hijacked S3 buckets are being used in attacks on npm packages.
Back in February of this year, the BlackCat (also known as ALPHV) ransomware gang attacked Reddit by phishing one of their employees, which hackers claim allowed them to steal 80GB of data from the platform. Reddit disclosed that they were hacked on February 5th, and shared that the attackers breached the platform’s systems, giving the threat actors access to “internal docs, code, as well as some internal dashboards and business systems,” said Reddit CTO Christoper Slowe. He also made it known in the post that there were “no indications of breach of our primary production systems,” and that user information, such as passwords, accounts, and financial information were not impacted.
BlackCat is now claiming that they were behind the February attack on Reddit, and posted a “Reddit Files” page on their leak site. The attackers share that they stole 80GB worth of compressed data, and now plan on leaking all of it if Reddit doesn’t follow through on the gang’s demands. BlackCat attackers said they have contacted Reddit twice since February about their demands, which include a $4.5 million ransom for the data and API policy changes. BlackCat claims that they have received no response from the platform to date, and will release the data if the demands aren’t met.
Reddit declined BleepingComputer’s request for comment, but the news source is now able to confirm that the attack BlackCat is referencing on their leak site is the same as the February phishing attack on Reddit.
Here are the stories we’re paying attention to this week…
Miscreants are using expired Amazon Web Services (AWS) S3 buckets to place malicious code into a legitimate package in the npm repository without having to tinker with any code.
In a recent blog post, Microsoft officially acknowledged that the disruptions to its services earlier this month were the result of deliberate hacks. The tech giant attributed the temporary unavailability of some of its services to ongoing Distributed Denial-of-Service (DDoS) attacks conducted by a threat actor identified as Storm-1359.
The U.S. State Department's Rewards for Justice program announced up to a $10 million bounty yesterday for information linking the Clop ransomware attacks to a foreign government. Rewards of Justice (RFJ) is a U.S. Department of State program that offers monetary rewards for information on threat actors and attacks impacting the national security of the USA.
A highly targeted cyber attack against an East Asian IT company involved the deployment of a custom malware written in Golang called RDStealer. Evidence gathered by Bitdefender shows that the campaign – dubbed RedClouds – started in early 2022. The targeting aligns with the interest of China-based threat actors.
Not only has tension and confusion extended to Microsoft's internal AI team—which apparently is dealing with budget cuts and limited access to OpenAI technology—but sources said it also clouded Microsoft's controversial rollout of AI-powered Bing search last February. At that time, Bing was found to be vulnerable to prompt injection attacks revealing company secrets and providing sometimes inaccurate and truly unhinged responses to user prompts.
Featured image: brett-jordan/unsplash
Explore RL's Spectra suite: Spectra Assure for software supply chain security, Spectra Detect for scalable file analysis, Spectra Analyze for malware analysis and threat hunting, and Spectra Intelligence for reputation data and intelligence.
Get your 14-day free trial of Spectra Assure
Get Free TrialMore about Spectra Assure Free Trial