cyberattacks

Birləşmiş Ştatlar, Yaponiya və Cənubi Koreya hökumətləri birgə bəyanatda Şimali Koreya kiber hücumlarının qlobal blokçeyn və kriptovalyuta sahələrinə verdiyi artan riskləri vurğuladılar. Xəbərdarlıq, xüsusilə Şimali Koreyadan İT işçiləri işə götürməklə bağlı potensial təhdidlərə diqqət yetirir.
Şimali Koreya Hackerlərinin Blokçeyn Sənayəsinə Təhdidi
Üç ölkə 14 yanvar tarixli bəyanatlarında Şimali Koreyanın tanınmış Lazarus Qrupu kimi kiber hücum qruplarının kripto mübadilələri və investorlarını hədəf aldığını vurğuladılar. Bu qruplar sosial mühəndislik də daxil olmaqla mürəkkəb taktikalardan istifadə edir və TraderTraitor və AppleJeus kimi zərərli proqramlar yayır.

CertiK-in analitik hesabatına görə, kriptovalyuta sektoru kiberhücumlar və fırıldaqçılıq fəaliyyətləri səbəbindən 116 milyon dollar dəyərində əhəmiyyətli maliyyə ziyanları yaşadı. Əhəmiyyətli ziyana baxmayaraq, bu rəqəm müsbət bir tendensiyanı əks etdirir, son altı ayda ən aşağı ziyanı göstərir və sektorda cinayət fəaliyyətlərinin tədricən azaldığını işarə edir.
Protokol istismarları ziyanın əsas mənbəyi idi və ümumi ziyanın 113.3 milyon dollarından çoxunu təşkil edirdi. Təsirə məruz qalan layihələr arasında, mərkəzləşdirilməmiş kredit platforması Radiant Capital ən çox ziyan çəkdi, ziyan 34.7 milyon dollara çatdı. Terra LFG və Berry DAO ekosistemlərində də əhəmiyyətli maliyyə ziyanları qeydə alındı, müvafiq olaraq 5.4 milyon dollar və 2.9 milyon dollar ziyan.

Investors Face Risks from Fee-Related Scams
Cypriot authorities are urging the public to exercise caution after a 50-year-old man from Limassol lost $58,000 to a fraudulent cryptocurrency trading platform. This incident highlights the growing prevalence of manipulative tactics used in crypto market scams.
How the Scam Unfolded
Fake Platform with a Professional Appearance
The victim encountered a website in December that appeared to be a legitimate trading platform. It featured detailed charts, interactive dashboards, and tools for tracking profits. Lured by the professional design and promises of high returns, the man invested a total of $58,000 across multiple transactions.
Manipulated Data and Illusions of Profit
The scammers used a manipulated dashboard to display fake rising profits. This common tactic creates the illusion of successful investments, encouraging victims to continue depositing funds.
Demands for "Additional Fees"
When the man attempted to withdraw his supposed earnings, the scammers refused to release the funds, instead demanding additional fees to "unlock" the profits. This tactic, known as an advance fee scam, involves pressuring victims to pay more money under false pretenses, only to leave their funds inaccessible.
Recommendations from Authorities and Additional Warnings
Caution in Investing
The Cypriot Financial Crime Investigation Bureau advises against sharing sensitive financial and personal information and recommends investing only through licensed and reputable institutions. They also emphasize the importance of verifying the credibility of any advisor or platform.
Other Crypto Scam Incidents
Similar warnings have been issued by U.S. financial authorities. For instance, in June 2024, another investor lost $310,000 through a fake platform called Ethfinance. Scammers employed similar tactics, leveraging manipulated data to deceive victims.
More Sophisticated Scams
In July, another scam was uncovered where fraudsters offered fake loans. Victims were convinced their trading account profits would cover the loan repayments. However, the victims ended up repaying the loans from their own pockets while their supposed earnings remained locked on the platform.
Summary
This case from Cyprus underscores the risks of investing in cryptocurrencies through unverified platforms. Police and financial authorities warn against scammers who manipulate data and exploit investor trust. Exercising caution and thoroughly verifying investment opportunities are crucial for avoiding financial losses.

#CyberSecurity , #HackerAlert , #cyberattacks , #CryptoScamAlert , #CryptoNewss

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

The Health Sector #cybersecurity Coordination Center (HC3) in the United States has announced that at least one healthcare institution in the U.S. has been hit by the Trinity ransomware, a new threat targeting critical infrastructure.
The Threat of Trinity Ransomware and How It Works
A U.S. government agency issued a warning regarding the Trinity ransomware, which targets victims and extorts them for #CryptocurrencyPayments in exchange for not leaking sensitive data. This ransomware uses various attack methods, including phishing emails, malicious websites, and exploiting software vulnerabilities.
Once it infiltrates a system, the ransomware scans the victim's computer, collects sensitive information, and encrypts files using advanced encryption algorithms, rendering them unreadable. #hackers then leave a message in the computer informing the victim that their data has been encrypted and demanding a ransom in exchange for a decryption key.
Hackers’ Demands: 24-Hour Deadline for Payment
In the ransom note, victims are warned that they have only 24 hours to pay the ransom in cryptocurrency, or their data will be leaked or sold. HC3 noted that there are currently no available decryption tools for Trinity ransomware, leaving victims with few options for recovery.
"Victims have 24 hours to contact the cybercriminals, and if they fail to do so, the stolen data will be leaked or sold," HC3 reported. The ransomware primarily targets critical infrastructure, including healthcare providers.
Attacks on Healthcare Institutions
The Trinity ransomware has already affected seven organizations, with healthcare facilities being one of its primary targets. HC3 reported that at least one healthcare entity in the U.S. was recently impacted by this ransomware, raising concerns about cybersecurity in the healthcare sector.
Crypto Ransom Payments Reached $1 Billion in 2023
According to the Chainalysis 2024 #cryptocrime Report, ransomware attackers received approximately $1.1 billion in cryptocurrency payments in 2023. These ransoms were paid by high-profile institutions and critical infrastructure, with attacks ranging from small criminal groups to large syndicates.
The report also revealed that 538 new ransomware variants were created in 2023, with major corporations like BBC and British Airways being among the primary targets of these attacks.
#cyberattacks

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!

Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

 

Researchers from HP have discovered malware created using generative #artificialintelligence during the analysis of a suspicious email.

Generative AI Accelerates Malware Creation
The development of malware has become easier and faster thanks to generative AI. Malware developers can now use AI to speed up the process of writing code, leading to an increase in the number of #Attacks and allowing even less experienced individuals to develop harmful software.
A September report from HP’s Wolf Security team uncovered a new version of the AsyncRAT trojan, which is used to remotely control a victim’s computer. Researchers found this version while analyzing a suspicious email sent to one of their clients.
Malware Written with Artificial Intelligence
While the original AsyncRAT was developed by humans, this new version contained an injection technique that researchers believe was created using generative AI. Although AI has previously been used to create phishing lures, the report notes that there was little evidence of AI being used to write malicious code "in the wild" before this discovery.
One of the key indicators was that the code contained detailed comments explaining the function of each part. This is unusual for #Cybercriminals , who generally do not want others to understand how their malware works.

In-Depth Analysis of the Malware
Researchers initially encountered the suspicious email, which was sent to users of HP’s Sure Click threat containment software. The email appeared to be an invoice written in French, likely targeting French-speaking individuals. Initially, the contents of the file were difficult to determine because it was encrypted. However, after breaking the password, the hidden malware was revealed.
The #Malware consisted of a Visual Basic script that wrote data to the user’s registry, installed a JavaScript file, and launched Powershell. This led to the installation of AsyncRAT malware on the device.

AsyncRAT Development and Its Risks
AsyncRAT, originally released on GitHub in 2019, is a remote management tool. Although its developers claim it is a legitimate open-source software, it has been predominantly used by cybercriminals. It allows attackers to remotely control infected devices and can be used to steal sensitive data, such as private keys or phrases for cryptocurrency wallets, leading to potential financial losses.
Although AsyncRAT is not new, this variant uses a new injection method, which shows signs of having been created using generative AI. This indicates that the new technology is making it easier for attackers to carry out cyberattacks.
AI Increases the Threat of Cyberattacks
HP’s report highlights that generative artificial intelligence is accelerating #cyberattacks and lowering the barrier for cybercriminals to infect devices. Security researchers are still grappling with the effects of AI advancements on cybersecurity.
The risks associated with AI include its potential misuse to identify vulnerabilities in smart contracts, which could be exploited by both ethical and malicious hackers. In May 2023, Meta also warned that some malware creators are using fake versions of popular AI tools to lure victims.
Generative artificial intelligence is fundamentally changing the rules of cybersecurity and presents a new challenge in the fight against malware.

Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

 

Нещодавно в даркнеті з'явився революційний, але небезпечний сервіс Xanthorox AI — штучний інтелект, спеціально розроблений для проведення офенсивних кібератак. За даними фірми з кібербезпеки SlashNext, цей інструмент почав поширюватися в кінець першого кварталу 2025 року через форуми та зашифровані канали кіберзлочинців. Xanthorox AI позиціонується як "повний спектр хакерського асистента", дозволяючи автоматизувати складні операції, які раніше вимагали високої кваліфікації.
Сервіс базується на локально налаштованих моделях ШІ, що уникають залежності від великих постачальників, таких як OpenAI. Він пропонує інструменти для генерації шкідливого коду, фішингових атак, аналізу вразливостей, створення deepfake для соціальної інженерії та навіть оптимізації ransomware. Ціна підписки — від $500 на місяць, з опціями кастомізації. Експерти Bugcrowd називають це "фascinating development", підкреслюючи, як Xanthorox робить кіберзлочин доступним для новачків, подібно до SaaS-моделі.
Зростання "темного ШІ" (dark AI) на даркнеті сягнуло 200% у 2024–2025 роках, за даними Kela. Інструменти на кшталт WormGPT, FraudGPT та DarkBERT еволюціонували в AI-as-a-Service, дозволяючи генерувати шкідливий контент для фішингу, deepfake та автоматизованих атак. Це знижує бар'єри входу, роблячи атаки масштабованими та складними для виявлення. Кіберзлочинці використовують ШІ для самонавчального malware, яке змінює код, щоб уникати антивірусів.
Цей тренд загрожує глобальній безпеці: зловмисники можуть проводити атаки на швидкості машин, обходячи традиційні оборонні системи. Експерти радять посилити моніторинг даркнету за допомогою AI-інструментів, як DarkOwl чи Cybersixgill, та впроваджувати мультифакторну аутентифікацію. Без швидких регуляцій та міжнародної співпраці кіберзагрози стануть неконтрольованими. Суспільство мусить адаптуватися, перетворюючи ШІ на інструмент захисту, а не руйнування.
#DarkAI #cyberattacks #XanthoroxAI #DarkWebThreats #AICybercrime #HackingTools
Підписуйтесь на #MiningUpdates , щоб бути в курсі новин про майнінг і криптоінновації!

İyun 2025-də kiber təhlükəsizlik icması sarsıldı. Kimsuky APT-nin tanınmış Şimali Koreya haker qrupunun bir üzvü kütləvi məlumat sızması qurbanı oldu və yüzlərlə gigabayt həssas daxili fayllar, alətlər və əməliyyat detalları açıqlandı.
Slow Mist-dən təhlükəsizlik ekspertlərinin sözlərinə görə, sızdırılan məlumatlar brauzer tarixçələrini, detallı fişinq kampaniya qeydlərini, xüsusi arxa qapılar və TomCat nüvəsi arxa qapısı, dəyişdirilmiş Cobalt Strike siqnalları, Ivanti RootRot istismarı və Toybox kimi Android zərərli proqramlar üçün manual daxil idi.

The Layer 2 "Base" network on the Coinbase platform has been the target of a large-scale price manipulation attack. This attack focused on an unverified loan contract, leading to a loss of approximately $1 million.
CertiK Warned of the Attack
Early this morning, CertiK Alert monitoring system informed users on the X platform about the ongoing attack. According to the report, the attack targeted the Base chain and affected an unverified loan contract starting with the address 0x5c52.

According to CertiK’s post on X: "The exploiter manipulated the price of WETH and Sui and gained approximately $1 million in tokens through excessive borrowing." CertiK also noted that the oracle used to verify this loan contract, which was deployed only six days ago, has a liquidity of only around $400,000.

Repeated Contract Manipulation Incident
This attack marks the second similar incident in the last two days. On October 24, suspicious transactions were detected on the Polygon network, affecting an unverified NAS contract with the address 0x5d6084Bf..F36Ac7. In that case, the attacker obtained a large amount of NAS tokens, which were later exchanged for USDT.
Base Has Yet to Comment
The Base platform has not yet commented on the incident. However, on October 30, Base announced the launch of Fault Proofs, which aims to provide a more secure environment by removing trusted third parties. The new update will also allow users to monitor and challenge invalid withdrawals.

#hackers , #cyberattacks , #CoinbaseExchange. , #cybersecurity , #CryptoHack
Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!

Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

ABŞ Senatoru Ron Wyden texnologiya nəhəngi Microsoft ətrafında yeni bir fırtına qaldırıb. Federal Ticarət Komissiyasına (FTC) göndərdiyi məktubda, o, şirkəti kibertəhlükəsizlikdəki ciddi laqeydlik səbəbindən “milli təhlükəsizlik təhdidi” adlandırıb.

“Yanğınsöndürmə Xidmətləri Satışında Yanğınsalıcı”
Wyden Microsoft-u zəif standart ayarları və köhnəlmiş texnologiyalar vasitəsilə ciddi kibertəhlükəsizlik hücumlarını təmin etməkdə ittiham edib. O, şirkətin biznes İT sahəsində effektiv monopoliyaya sahib olduğunu, dövlət qurumlarını və müəssisələri “seçim imkanı” olmadan onlara risk yaradan məhsullara güvənməyə məcbur etdiyini müdafiə edib.