Pokemon developer Game Freak has been hit by a large-scale hack that is currently seeing thousands of its assets dumped on the internet, including personal details of former and current employees as well as contractors that have worked on the company’s many Pokemon games for Nintendo.

The hack appears to have taken place in August of this year but only now is data being released online, perhaps suggesting that a time period to negotiate with the hackers has run out.

Over 2,000 items of personnel information have been breached, as well as information, sprites, concept art, and character sheets are being compiled by internet users now and being reposted online.

The leak also includes meeting notes and information on a live-action Pokemon TV series.

Game Freak posted a statement (in Japanese) confirming that the company’s security had been breached saying there had been “unauthorized access by a third party,”

It goes on to confirm that names, addresses, emails, and phone numbers of employees past and present are included in the leak.

“Those who can not be contacted individually due to retirement or other reasons will be notified in this announcement, and a contact person will be set up to respond to inquiries regarding this matter. ”

“We sincerely apologize for any inconvenience and concern this may have caused to all concerned,”

For all of those just tuning in, we're currently covering the Game Freak Teraleak.

Lots of source files and beta content for past Pokémon games are currently leaking, along with a few details on upcoming projects.

We expect more information to be uncovered in the coming hours… pic.twitter.com/KdoJ4G87Sb

— Centro LEAKS (@CentroLeaks) October 12, 2024

As of yet, there seems to be little around Game Freak’s future Pokemon video game projects which leaves it less damaging than the hack that Insomniac suffered at the start of the year.

The company is currently developing Pokemon Legends Z-A for the Nintendo Switch but, as yet there is no indication that that has been compromised in any way.

Pokemon parent company Nintendo has been targeting emulators and hackers extensively in the last year and has managed to eradicate Switch emulators Ryujinx and Yuzu as well as the Nintendo DS emulator Citra.

Featured image: AI-generated in MidJourney

The post Pokemon hack – masses of employee data and more stolen from game developer appeared first on ReadWrite.

The United Kingdom’s armed forces are being urged to rethink the use of smart devices in the wake of the Hezbollah pager incident that rocked the Middle East.

This revisal of security concerns comes in the wake of the electronic pager attacks that resulted in 2,800 people being injured and a dozen killed as explosions rippled through Lebanon and parts of Syria.

Major General (Retired) Chip Chapman, a former head of the Ministry of Defence’s (MOD) Counter Terrorist Unit, spoke to military media outlet Forces News about the threats that electronic devices could pose in the age of technological warfare.

He has urged caution in an era of cyberattacks and elaborate methods that hackers can deploy, like our coverage of the network and banking collapse in Ukraine. This would be the most significant cyber-attack of the Russia-Ukraine War so far, at the hands of politically motivated cyber criminals.

UK armed forces urged to be cautious

The retired military commander spoke of the threats posed by explosive or compromised devices. He told the army news outlet, “In operational security terms, they [Hezbollah] took the view that going to a more analog system would preserve their op sec (operational security). The flaw was they didn’t look inside them because a pager can’t explode, of course. A pager is just a pager until you add something to it.”

British Defence Secretary John Healey backed existing armed forces measures: “Military communications are evolving all the time, with ultra-secure systems like Trinity coming online, which uses a series of deployable nodes to create a self-contained battlefield network.”

Cyberattacks have been a prominent topic in 2024, with Russian cybercriminals at the forefront. Several European elections were at risk of large-scale distributed denial of service (DDoS) attacks.

The United Kingdom has also been a focal point for cyber attacks such as the takedown of the King’s College Hospital, Guy’s and St Thomas’, including the Royal Brompton and the Evelina London Children’s Hospital.

Image: Pexels.

The post UK armed forces urged to revise smart devices in the wake of Hezbollah pager incident appeared first on ReadWrite.

Another day, another company sending a “Probably nothing to worry about, but maybe, if you kinda feel like it, it might be time to change your password” email.

FlightAware, the popular flight tracking app is, “a digital aviation company and operates the world’s largest flight tracking and data platform. With global connectivity to every segment of aviation, FlightAware provides over 10,000 aircraft operators and service providers as well as over 13,000,000 passengers with global flight tracking solutions, predictive technology, analytics, and decision-making tools.”

I have used FlightAware previously while dabbling in some online plane spotting for family and friends, which is why the following dropped into my inbox late last night: “FlightAware respects the privacy of your personal information and takes the security of that information seriously. We write to let you know about a data security incident that potentially involves your personal information and out of an abundance of caution, we are requiring you to reset your password.”

I can’t actually remember the last time I used the website so from that opening paragraph I wasn’t immediately alarmed.

However, in the explanation of what has seemingly happened the email goes much further “On July 25, 2024, we discovered a configuration error that may have inadvertently exposed your personal information in your FlightAware account, including user ID, password, and email address. Depending on the information you provided, the information may also have included your full name, billing address, shipping address, IP address, social media accounts, telephone numbers, year of birth, last four digits of your credit card number, information about aircraft owned, industry, title, pilot status (yes/no), and your account activity (such as flights viewed and comments posted).”

From that one paragraph it seems that somebody could potentially have every last piece of data on you, and if they have, changing my password after being alerted nearly 25 days later is probably not going to have much effect. But thanks for the tip-off FlightAware.

While another line states that FlightAware is deeply regretful of what’s happened there is also a line that states, “Please note that this notification was not delayed as a result of a law enforcement investigation.” with no explanation of why it has then been delayed.

If there is any potential that literally all my details are out in the wild, including how many planes I own (okay, granted that column may not be that exciting) do we not really need to know pretty much instantly they do? It doesn’t have to be details but they could have told me I needed to change my password earlier.

It is unclear from the email whether FlightAware is, er aware of the data being removed, just it may have “inadvertently exposed” data to someone, anyone.

What you can do?

Well, you will have to change your password next time you log into FlightAware for starters, so it may be best to do that as soon as possible, although the horse has well and truly bolted.

If you use the same email and password combo to log into other sites (surely not), then you should change your password everywhere you can – a rather tedious job and you really should be using a password manager in this day and age for ease of managing multiple, secure passwords.

Besides that, you are going to need to keep an eye on anything that looks odd in your financials. It looks like in terms of credit card details they only have the last four digits but other information would give any potential bad actors plenty of information to socially engineer you or even pretend to be you in certain circumstances so watch out for unusual contacts claiming to be from other companies quoting back your details to persuade you they are legit.

As yet there is no indication of how many people this data leak has affected but if you are concerned about the leak FlightAware can be contacted at privacy@flightaware.com or write to FlightAware – Attn:  Privacy, 11 Greenway Plaza, Suite 2900, Houston, TX 77046.

Featured Image: via FlightAware

The post FlightAware data leak – you thought you were tracking planes, but now somebody could be tracking you – what you need to know appeared first on ReadWrite.

Lie with dogs and you will wake up with fleas. The old proverb still rings true to this day and a Disney employee today will allegedly be waking up to a cold chill and a morning of internal meetings after being outed as “the inside man” in the Disney hack which has seen 1 Tebibyte (around 1.1TB) of data lifted from its servers. The hack supposedly includes information on unreleased games, images, internal messaging, and pretty much everything.

There has already been information leaked elsewhere this morning about an unknown Aliens game rumored to be Fireteam Elite 2 from an internal Disney presentation. This is going to be a rough few weeks for them.

None more so than for the alleged inside man who was named in an intimidating warning to others not to cross the group. Readwrite is not publishing the name of the employee as we do not wish to add to the pile on, but our research confirms he has been at the company for almost nine years and lives in Los Angeles.

The message posted online by the hackers reads:

DISNEY INTERNAL SLACK 1.1TiB of data, almost 10,000 channels, every message and file possible, dumped. Unreleased projects, raw images and code, some logins, links to internal api/web pages, and more! Have fun sifting through it, there is a lot there. We tried to hold off until we got deeper in, but our inside man got cold feet and kicked us out! I thought we had something special [Name of employee was here] Consider the dropping of literally every bit of personal info you have, from logins to credit cards to SSN, as a warning for people in the future. MAGNET

>Disney has been hacked

>1TiB of data stolen (unreleased projects, logins, images codes..) pic.twitter.com/nGi5Fv6Qgj

— Pirat_Nation (@Pirat_Nation) July 13, 2024

Even with his “cold feet” it seems the hackers managed to breach the company’s Slack defenses and gain access to almost anything they wanted. Disney is yet to comment but from what we have seen online the hack seems to be genuine and as yet there has been no mention of a ransom, the data seems to have just been released through normal hacker channels.

As we wait to see what information follows the leak we can be sure Disney’s not exactly unsubstantial legal team will be gearing up as you read this.

The post Disney hackers hang “inside man” out to dry as they name him and say they will release all his personal information “as a warning” appeared first on ReadWrite.

The “largest password compilation” with approximately 10 billion unique passwords has been leaked on a popular hacking forum, presenting significant risks for users who reuse passwords.

Researchers at Cybernews uncovered a file named rockyou2024.txt, containing 9,948,575,739 unique plaintext passwords. This file was posted by a forum user known as ObamaCare, who only recently joined the forum but has been active in sharing data from various breaches.

The file is described by researchers as a mixture of old and new data breaches, pointing out that it does not represent a single new breach involving 10 billion passwords. They explained that the RockYou2024 leak includes passwords that are commonly used by people worldwide, thereby significantly increasing the risk of credential stuffing attacks where attackers use stolen passwords to attempt access to unrelated services.

For example, someone might use a password obtained from the Frontier Communications breach to see if you use the same password for your bank account.

The researchers elaborated on potential threats, stating, “Threat actors could exploit the RockYou2024 password compilation to conduct brute-force attacks and gain unauthorized access to various online accounts.”

RockYou2021 data breach

They also showed that this compilation is an evolved form of a previous leak named RockYou2021, which had 8.4 billion passwords and originated from a 2009 data breach but had expanded significantly by 2021.

The team analyzed that attackers likely built the RockYou2024 dataset by collecting additional passwords from subsequent leaks, increasing the total by 15 per cent over three years. This compilation now includes data possibly accumulated from over 4,000 databases spanning more than two decades.

The team also warned that the extensive RockYou2024 compilation could be used to target any system vulnerable to brute-force attacks, ranging from online services to industrial hardware.

They also noted the compounding threat posed when this data is combined with other leaked information, such as user email addresses from other databases, which can lead to widespread financial fraud and identity theft.

What should users do?

Data security isn’t always within our control, especially in the face of constant data breaches. It’s important for users to take proactive steps and remain vigilant to prevent cybercriminal attacks.

Here are a few measures users can implement:

• Reset passwords for any accounts sharing the same credentials (email and password)
• Enable two-factor authentication (2FA) and multi-factor authentication (MFA) on all accounts to introduce an additional layer of security
• Use a password manager to create and manage secure, complex, and unique passwords for different accounts effortlessly.

Featured image: Canva

The post ‘Largest password leak ever’ exposes 10 billion credentials appeared first on ReadWrite.

A hacker reportedly obtained access to the internal messaging systems of OpenAI, stealing confidential information on the design process involved with the creation of the company’s AI products.

As reported by the New York Times, an online forum where employees communicate on the ChatGPT maker’s latest developments was compromised but the tech giant has intimated the malicious actor did not access the main repository systems for storing and building its AI.

Senior executives at OpenAI, which has recently launched CriticGPT, briefed the company board and workers on the breach which is said to have taken place in April 2023 but no details were made public as there was no loss of customer or partner data. The report further indicated that bosses believed this was the work of a private individual with no connections to a nation-state backer, nor was it believed to be a national security threat.

OpenAI also did not inform federal law enforcement agencies regarding the incident.

Potential for national security risk

The company is familiar with a sense of alert after it confirmed in May that it had rumbled five covert influence operations that aimed to use its AI models for “deceptive activity” across the internet.

Some employees have expressed fears relating to this security breach, concerned that it could lead to geopolitical rivals like China stealing the firm’s AI property.

Although the technology is primarily a tool for work and search, it is evolving at a rapid pace and eventually, that could lead to a national security risk. Questions have been asked on how serious OpenAI was taking security matters with the findings highlighting flaws within the company on the risks posed by AI.

Leopold Aschenbrenner, a technical manager working on a brief to safeguard the future of AI tech contacted OpenAI’s board of directors to warn them not enough was being done to prevent hostile foreign actors from penetrating its systems.

Aschenbrenner was fired earlier this year for leaking information outside the company but he has insisted his sacking was politically motivated.

The post Hacker stole internal details from OpenAI in 2023 breach, says report appeared first on ReadWrite.

Akira — a ransomware hacker group —that extorted $42 million from over 250 organizations across North America, Europe, and Australia within a year, is now actively targeting businesses in Singapore, according to a joint advisory issued by Singaporean authorities.

The Cyber Security Agency of Singapore (CSA), the Singapore Police Force, and the Personal Data Protection Commission have recently received several complaints from victims of the cyberattack. The CSA announced in a Twitter post that the joint advisory:

It highlights the observed Tactics, Techniques and Procedures (TTPs) employed by Akira threat group to compromise their victims’ networks and provides some recommended measures for organisations to mitigate the threat posed.

Investigations conducted by the United States Federal Bureau of Investigation (FBI) have found that Akira ransomware primarily targets businesses and critical infrastructure entities. The Singaporean authorities have provided guidance on how to detect, deter, and neutralize Akira attacks, and have advised businesses that have been compromised to refrain from paying ransom to the attackers.

Akira members demand payments in cryptocurrencies such as Bitcoin (BTC) to return control of their victims’ computer systems and internal data. However, Singapore authorities have advised businesses not to make these payments, stating:

“If your organization’s systems have been compromised with ransomware, we do not recommend paying the ransom and advise you to report the incident immediately to the authorities. Paying the ransom does not guarantee that the data will be decrypted or that threat actors will not publish your data.”

The authorities warn that paying the ransom may lead to further attacks, as malicious entities may attempt to extort more money. The FBI has also found that Akira never contacts its victims and expects them to reach out first.

Recommended threat mitigation techniques

To protect against ransomware attacks like Akira, authorities recommend implementing a recovery plan and multifactor authentication. Furthermore, they also suggest filtering network traffic, disabling unused ports and hyperlinks, and employing system-wide encryption.

The post Singapore businesses targeted by ransomware hackers demanding crypto appeared first on ReadWrite.

Telecoms company Frontier Communications announced that a cyberattack, which took place in mid-April and had been previously reported, exposed the data of over 750,000 customers.

The Dallas-based firm disclosed information following reports that an extortion group identified Frontier as a victim of data theft, exposing the full names and Social Security numbers of some customers.

In a notification to Maine’s Attorney General, the Internet Service Provider reported that a data breach impacted 751,895 individuals. The company states that it is in the process of issuing data breach notices to those affected while the hacking group believed to be responsible is preparing to sell the stolen data.

The company has said that it will provide one year of complimentary credit monitoring and identity theft services to all impacted customers. However, it stated that it “does not believe” any customer financial information was compromised in the breach.

BleepingComputer reports that the RansomHub ransomware group claimed responsibility for the cyberattacks that took place in April and on June 4. The group announced on its dark web extortion portal that it has targeted Frontier, threatening to release 5GB of data reportedly taken during the attack. This data is said to include the personal information of two million customers.

The hackers have set a deadline of June 14 for the company to respond to their demands. They threaten to sell the data to the highest bidder if their conditions are not met.

The company detected the attack on April 14 and subsequently took “containment measures, which included shutting down certain of the company’s systems,” according to a prior filing with the U.S. Securities and Exchange Commission, as stated by Frontier.

Who is RansomHub?

Security firm Symantec states that RansomHub is a newly emerged Ransomware-as-a-Service (RaaS) that has quickly ascended to become one of the most prominent ransomware collectives. It appears to be a revamped and renamed version of the older Knight ransomware.

Symantec’s analysis of the RansomHub payload shows many similarities with Knight, indicating that RansomHub likely evolved from Knight.

Although RansomHub shares its origins with Knight, it is unlikely that the original developers of Knight are behind RansomHub. The source code for Knight, previously known as Cyclops, was put up for sale on dark web forums in February 2024 following the decision by its developers to cease their activities. This suggests that new parties may have bought and changed the Knight source code to create RansomHub.

Featured image: Canva / Ideogram

The post Frontier Communications data breach affects over 750K customers appeared first on ReadWrite.

The Russia-aligned cyber threat actor known as NoName057 (16) has reportedly announced that it is launching large-scale distributed denial of service (DDoS) attacks targeting internet infrastructure throughout Europe.

The group is notorious for orchestrating Project DDoSia, a campaign that conducts massive DDoS attacks against entities supportive of Ukraine, mainly targeting NATO countries.

Why are hacker groups targeting European elections with DDoS attacks?

During the current European election season, the hackers declared their intention to disrupt these events with DDoS attacks. The election period began on June 6, in the Netherlands, while Estonia started its voting process on June 3. Both Czechia and Ireland are casting their votes on Friday (June 7), with other EU member states scheduled to vote over the upcoming weekend.

According to cyber security news website DailyDarkWeb, the group criticized the European Parliament as a “pseudo-democratic and thoroughly Russophobic body.” NoName057(16) accused the European Parliament of implementing “meaningless anti-Russian sanctions” following Russia’s actions in Crimea in 2014 and Donbas in 2022. In response to what they perceive as “Russophobia” and the double standards of European authorities, the group announced that Europe’s internet infrastructure would be targeted by Russian hackers.

It said on the social media site Telegram: “When Russia began protecting the peaceful population of Crimea in 2014 and the residents of Donbas in 2022, the EP [European Parliament], like a rabid printer, started issuing meaningless anti-Russian sanctions in bulk.

“For the Russophobia and double standards of European authorities, Europe’s internet infrastructure will suffer from Russian hackers.”

NoName057(16) claims that it has recruited several other malicious hacking groups to its cause, such as 22C, IAMKILLMILK, CoupTeam, Cyberdragon, People’s CyberArmy, Root@kali, and Usersec. This is in addition to other participants who wish to remain anonymous.

Dutch party websites attacked

In a blog post, Cloudflare’s João Tomé said that the firm had already observed “significant” DDoS attacks targeting multiple election or politically-related Internet properties in the Netherlands. He added: “On June 5 and 6, 2024, Cloudflare systems automatically detected and mitigated DDoS attacks that targeted at least three politically-related Dutch websites.” On June 5, Cloudflare said it had mitigated one billion HTTP requests from daily DDoS attacks in the Netherlands.

The primary DDoS attack on June 5 targeted a specific website, peaking at 14:13 UTC (16:13 local time) with a rate of 73,000 requests per second. This attack persisted for several hours.

The security firm attributes these attacks to the pro-Russian hacker group HackNeT, which has claimed responsibility. Writing on Telegram, a group purporting to be HackNeT, said: “The Netherlands is the first country to vote for a new European Parliament.

“So they’ll be the first to suffer from DDoS attacks.”

The center-right Christian Democratic Appeal (CDA), Geert Wilders’ far-right Party for Freedom (PVV), and the populist, far-right Forum for Democracy (FvD) all encountered issues with their websites.

Vanochtend was de CDA-website door een zware DDOS-aanval tijdelijk minder bereikbaar.

Op verkiezingsdag beschouwen we dit als een aanval op vrije, democratische verkiezingen. We maken melding bij de relevante instanties. Onze website is inmiddels weer bereikbaar. #VerkiezingenEU

— CDA (@cdavandaag) June 6, 2024

The CDA announced on X that its website was subjected to a “heavy” distributed denial-of-service (DDoS) attack. “On election day, we consider this to be an attack on free, democratic elections,” it said.

Other European nations in firing line

Meanwhile, another security analyst under the username CyberKnow stated that the group Cyber Army Russia Reborn also launched DDoS attacks targeting Ireland.

Cyber Army Russia Reborn as part of the DDoS attacks against the European elections has targeted Ireland. In what be one of the first pro-Russian hacktivist attacks on Ireland since 2022#cybersecurity #infosec #Europe pic.twitter.com/ah5b6VivfP

— CyberKnow (@Cyberknow20) June 7, 2024

#Spain – NoName057(16) allegedly carried out a #DDoS attack on Santa Bárbara Sistemas, a Spanish defense contractor based in Madrid.#DarkWeb #cyberattack pic.twitter.com/KuZfPYFcQR

— Dark Web Intelligence (@DailyDarkWeb) June 6, 2024

DailyDarkWeb also reported that NoName057(16) allegedly carried out a DDoS attack on Santa Bárbara Sistemas, a Spanish defense contractor based in Madrid.

Featured image: Ideogram

The post Pro-Russian hackers target European elections with widespread DDoS attacks appeared first on ReadWrite.

Last October, subscribers to an internet service provider called Windstream became embroiled in a mass router breakdown issue, impacting around 600,000 devices across 18 US states.

Initially, many customers blamed the company for the widespread system outage but it would later become apparent that something very different was happening after the sets were unresponsive to reboots and other attempts to restore them to working order.

Users congregated around online message boards to vent anger and express their own experiences of how the ActionTec T3200 was displaying a solid red light but very little else. From Alabama and Arkansas to Georgia and Kentucky, people were cut off from the outside world. Some detailed lost earnings as they were unable to work from home, with one Windstream subscriber stating they were down $1500 due to no WiFi and hours spent troubleshooting.

The company replaced the bricked routers but there has not been much in terms of an explanation until a recent report conducted by cyber security firm Lumen Technologies’ Black Lotus Labs.

The investigation uncovered a “destructive event” that Windstream is yet to account for.

It transpires that over 72 hours beginning October 25, malware was deployed, wiping out more than 600,000 router devices connected to a solitary autonomous system number (ASN) belonging to an unnamed ISP.

Potential nation-state attack

Coincidence? While the research team has not declared the ISP involved, the situation matches up to the mass bricking reported by Windstream’s subscribers and the timeframe of their comments on the forums.

Malware known as Chalubo was specified, which infected the routers, executing custom Lua scripts that permanently overwrote the firmware, rendering the devices redundant. 

The researchers stated, “Destructive attacks of this nature are highly concerning, especially so in this case.”

“A sizeable portion of this ISP’s service area covers rural or underserved communities; places where residents may have lost access to emergency services, farming concerns may have lost critical information from remote monitoring of crops during the harvest, and health care providers cut off from telehealth or patients’ records.”

“Needless to say, recovery from any supply chain disruption takes longer in isolated or vulnerable communities.”

The researchers noted a sophisticated threat actor is likely to be responsible, potentially a nation-state-sponsored attack, without elaborating further. After thorough analysis, the initial infection vector remains unknown, with a range of possibilities under consideration.

Windstream has still not provided a detailed response or explanation on what happened, leaving customer queries open, with security experts also seeking more answers about this significant and unique cyberattack.

Image credit: Ideogram

The post Significant mystery malware attack destroys 600,000 routers appeared first on ReadWrite.

Call of Duty publisher Activision has won a $14.5 million civil lawsuit judgment in the United States against EngineOwning, a maker of cheat software.

Germany-based EngineOwning has openly admitted to developing and promoting cheat software that manipulates the game mechanics in the Call of Duty series published by Activision Blizzard. The cheat developers dispute the final judgment, calling it “bogus.”

The legal battle between Activision and EngineOwning began in 2022 when Activision filed a complaint that specifically targeted EngineOwning and asked a judge to stop its operations:

“Activision is the owner and publisher of the Call of Duty series of video games (the “COD Games”). By this lawsuit, Activision seeks to stop unlawful conduct by an organization that is distributing and selling for profit numerous malicious software products designed to enable members of the public to gain unfair competitive advantages (i.e., to cheat) in the COD Games. These ongoing activities damage Activision’s games, its overall business, and the experience of the COD player community.”

EngineOwning, nor any of its representatives, appeared in court to defend the case, resulting in a summary judgment. The default judgment in this case awarded Activision $14,465,000 and attorney’s fees of $292,912, though it is up to Activision and its lawyers to actually collect those sums. Judge Michael Fitzgerald of U.S. District Court for the Central District of California issued a permanent injuction on EngineOwning, also declaring the Internet domain it operates is now the property of Activision.

“The Court is therefore satisfied that a permanent injunction should be issued to enjoin Defendants’ unlawful conduct and to transfer EO’s domain to Plaintiff,” Fitzgerald wrote in his judgment.

Call of Duty cheat maker remains defiant

EngineOwning released a statement in response to the court’s decision, saying it intends to keep making cheat software and refutes the “bogus claim” Activision brough.

There has been a lot of false claims regarding the lawsuit against EngineOwning. All the guys targeted in the lawsuit are inactive and have been for a long time. The project was handed over to a new owner years ago. Now Activision is trying to claim our engineowning.to domain. We have created backup domains (listed below) and kindly ask you to bookmark them. We hope and think that our domain registrar will not defer to this bogus claim, that would not have been approved by any clearheaded judge with even basic democratic values in a proper jurisdiction.”

It remains to be seen if Activision can collect the $14.5 million owed to the company and what the cryptic statement might mean for the future of the cheat software.

Otherwise, it has been a busy month for Activision, which has ramped up anticipation for the next installment of Call of Duty: Black Ops 6. More details on the shooter set in the Middle East will be revealed after the Xbox Games Showcase next month.

Image: Activision.

The post Activision wins $14.5 million lawsuit against cheat maker EngineOwning appeared first on ReadWrite.

The Internet Archive is heading into its third day of fending off a DDos attack, affecting service for users around the world.

As a nonprofit research library that’s home to millions of historical documents, including the entire history of Aruba, the Internet Archive offers free access to collections of digital materials. For the last three days, it’s been hit by intermittent DDoSing (distributed denial-of-service attack). This is a form of cyber attack that has affected service throughout the week.

According to library staff, the collections within the Internet Archive are safe, although service remains inconsistent, affecting whether or not people can access the Internet Archive Wayback Machine, which has preserved more than 866 billion webpages.

Internet Archive responds to DDoS attack

The attacks began on Sunday, with the DDoS intruders launching thousands of fake information requests a second. This overloaded the service and caused the ongoing issues. At the time of writing, the source or identity of the attackers are unknown.

“Thankfully the collections are safe, but we are sorry that the denial-of-service attack has knocked us offline intermittently during these last three days,” explained Brewster Kahle, founder and digital librarian of the Internet Archive.

“With the support from others and the hard work of staff we are hardening our defenses to provide more reliable access to our library. What is new is this attack has been sustained, impactful, targeted, adaptive, and importantly, mean.”

This DDoS attack is not isolated, with cyber-attacks becoming more and more frequent against libraries and other information-based institutions. Other recent victims include the British Library, the Solano County (California) Public Library, the Berlin Natural History Museum, and Ontario’s London Public Library (in Canada).

This attack comes after the Internet Archive was also recently sued by the U.S. book publishing and recording industries associations, with organizations claiming copyright infringement and demanding combined damages worth hundreds of millions of dollars from all libraries.

“If our patrons around the globe think this latest situation is upsetting, then they should be very worried about what the publishing and recording industries have in mind,” added Kahle. “I think they are trying to destroy this library entirely and hobble all libraries everywhere. But just as we’re resisting the DDoS attack, we appreciate all the support in pushing back on this unjust litigation against our library and others.”

Featured image: Ideogram

The post Internet Archive and the Wayback Machine under DDoS cyber-attack appeared first on ReadWrite.

Hackers are reportedly using malicious scripts within a spoofed version of Microsoft’s classic Minesweeper game to launch attacks on financial organizations in Europe and the U.S.

Ukraine‘s cybersecurity teams, the Cyber Security Center of the National Bank of Ukraine (CSIRT-NBU) and the Government Computer Emergency Response Team of Ukraine (CERT-UA) have linked these attacks to a known threat actor identified as ‘UAC-0188’. The hacking group is also referred to as “FRwL,” which likely stands for “From Russia with Love,” the title of a 1963 James Bond movie.

The group exploits the actual game code to conceal Python scripts that allow the download and installation of SuperOps RMM. It is said to be distributing phishing emails from the address “support@patient-docs-mail.com,” pretending to be a medical center.

These emails use the subject “Personal Web Archive of Medical Documents” and include a 33 MB attachment. The attachment is a .SCR file hosted on Dropbox, which contains the code from the well-known Minesweeper game for Windows.

The Minesweeper code includes a function called “create_license_ver” that has been modified to decode and execute the hidden malicious code. The legitimate SuperOps RMM program is then downloaded and installed from a ZIP file, providing attackers with remote access to the targeted computer.

CERT-UA confirmed that investigations into the cyberattack uncovered at least five possible intrusions involving the same files at financial and insurance organizations throughout Europe and the United States.

CERT-UA advises the following measures:

• Organizations not using SuperOps RMM should confirm there is no network activity related to the domain names: [.]superops[.]com, [.]superops[.]ai
• Improve employee cyber hygiene practices
• Employ and routinely update antivirus software
• Update operating systems and other software continuously
• Implement robust passwords and update them frequently
• Regularly back up critical data.

Hackers use SuperOps RMM to launch phishing attacks

SuperOps RMM, a legitimate remote management software, enables remote users to gain direct access to the systems they compromise.

Ransomware gangs are increasingly exploiting legitimate Remote Monitoring and Management (RMM) tools in their attacks. RMM software like AnyDesk, Atera, and Splashtop is important for IT administrators to manage devices remotely across their networks.

However, these tools can also be misused by ransomware gangs to infiltrate corporate networks and steal data, enabling them to “live off the land.”

FromRussiaWithLove is a hacktivist group with ties to Russian state interests that surfaced during the Russia-Ukraine conflict in 2022. They have predominantly targeted sectors such as critical infrastructure, media, energy, and government.

FRwL has been associated with deploying the Vidar stealer and Somnia ransomware, using them as data wipers rather than for financial extortion.

Details on the targets and the number of organizations compromised by these tactics remain unclear.

Featured image: Ideogram / Canva

The post Hackers attack banks’ computers with a spoofed version of Minesweeper game appeared first on ReadWrite.

The Chinese state has reportedly hacked the UK Ministry of Defence, with MPs receiving reports of a massive data breach.

Although a country has not officially been named as yet, Sky News reports that the perpetrator is believed to be China. MPs will be formally briefed later today on May 7 but as it stands, the Chinese state is thought to be accused of two or three attempts to attack Ministry of Defence (MoD) employees. The MoD is a department of British government that implements defence policy, made up of a combination of admin and military personnel.

The data under attack appears to stem from the payroll system, which contains personal information of current MoD personnel and some veterans. Sky News reports that the main types of data affected are thought to be named and bank details. The news outlet asserted that all salaries will still be paid this month.

What’s more, the BBC reported on May 7 that the hacked system was managed by an external contractor, meaning that no operational MoD data is believed to have been obtained. The contractor system has since been taken down, with a review launched into how the attack took place.

How has China responded to the Ministry of Defence hacking accusations?

China’s foreign ministry stated that it “firmly opposes and fights all forms of cyber attacks” and “rejects the use of this issue politically to smear other countries”.

The reasoning behind the attack could be related to attempting to coerce UK MoD employees, as suggested by Conservative MP Tobias Ellwood when speaking to Sky News, arguing that China “was probably looking at the financially vulnerable with a view that they may be coerced in exchange for cash”.

The UK government has not yet made a public statement on the situation but Defence Secretary Grant Shapps will make a statement to the Commons around lunchtime on May 7, with the BBC stating he will set out a “multi-point plan” which will include action to protect affected service men and women.

This wouldn’t be the first time that China has been accused of hacking Western countries, with millions of Americans thought to be affected by a hacking plot in March 2024.

Featured image: Harland Quarrington on Flickr, licensed under CC BY-NC 2.0 DEED

The post China accused of hacking the UK Ministry of Defence in massive data breach appeared first on ReadWrite.

Hackers have stolen millions of files from the studio that developed the controversial hit Steam shooter, Ready or Not, according to reports. The stolen data includes the game’s source code and builds for console versions.

Insider Gaming reports that 4TB of data, comprising over 2.1 million files, had been stolen in March. The hackers have not been named, and according to the site, Void Interactive has not reported any breach or expressed concern regarding Ready or Not.

The news platform was reportedly shown the contents of the files taken under the condition they are not republished. In addition to the source code for the SWAT-style multiplayer simulator, the stolen data also included versions of the game designed for PlayStation 5, PS4, Xbox Series X/S, and Xbox One. Insider Gaming allegedly saw images of Ready or Not being played on a PlayStation 4 test kit.

Fortunately, the data breach does not appear to have compromised the personal information of players or Void Interactive employees involved in developing the game. It seems that the stolen files are strictly related to the technical aspects of Ready or Not.

Since its Early Access launch in 2022, Ready or Not has been exclusive to PC, attracting a large player base on Steam due to its gritty atmosphere and intense hostage situations.

What games have been targeted?

In the past year, several games were affected by data breaches. Hackers targeted the esports final of online shooter game Apex Legends, causing significant disruption to the closing stages of the North American tournament.

Hacker group Rhysida made good on a promise to leak gaming and personal data related to Insomniac Games in December after the Spider-Man developer refused the ransom demand of 50 Bitcoin (BTC), which is equivalent to around $2 million.

While a Japanese game hacker was recently arrested for selling modded Pokemon. He is now facing five years in prison.

ReadWrite has reached out to Void Interactive for comment.

Featured image: Void Interactive / Canva

The post Hackers ‘steal Ready or Not developer’s source code’ appeared first on ReadWrite.

China is increasingly turning to artificial intelligence (AI) powered forms of misinformation to interfere in foreign elections, according to a new report from Microsoft.

Deepfakes and other forms of AI-generated content are reportedly being deployed by Beijing to meddle in the affairs of the United States and Taiwan, with the research finding specific examples of manipulated imagery being pushed to fuel conspiracy theories that the US government intentionally caused a train derailment in Kentucky and wildfires in Maui, Hawaii in 2023.

With geopolitical tensions between Taiwan and China ongoing, the recent elections in the East Asian island provided the backdrop for interference. Microsoft detailed in the report how it observed Chinese actors creating AI-generated news broadcasts with fake presenters to spread misinformation to influence the elections.

Some of the content was said to be made using CapCut, an AI editing tool owned by ByteDance, the same parent company of TikTok which is currently the subject of action from US lawmakers with proposed legislation to effectively ban the popular video-hosting app in the states.

On the interference in Taiwan, the report noted “This was the first time Microsoft Threat Intelligence has witnessed a nation-state actor using AI content in attempts to influence a foreign election.”

Examples of Chinese hackers’ disinformation tactics

The campaign also honed in on individuals, with Microsoft finding “a notable uptick” in material featuring political figures in Taiwan, including prominent politicians such as Lai Ching-te. The president-elect and leading light in the country’s pro-independence party was at the center of various dirty tricks, including AI-generated memes showing him being charged and the party mired in corruption.

Another video depicted a woman claiming Lai had several mistresses and illegitimate children.

China-based campaigns are also said to have used sockpuppet social media accounts to create noise around topical issues such as climate change, immigration, and US foreign policy in Ukraine and Israel. Impersonation of American voters and the use of online polls to better understand the US electorate are tools being used for further exploitation ahead of the presidential election later this year.

However, the Microsoft report does not conclude the current level of AI-inspired disinformation is a game changer or of critical impact.

The post Chinese hackers increasingly using AI to interfere in elections – report appeared first on ReadWrite.

Millions of Americans have been caught up in a Chinese hacking ploy which has resulted in seven Chinese men being charged with conspiracy to commit computer intrusions and wire fraud.

Yesterday (Mar. 25) the indictment setting out the charges was announced via a press release from the Office of Public Affairs.

The seven men are said to be involved in a People’s Republic of China-based hacking group that has spent around 14 years targeting U.S. and foreign critics, businesses and political officials.

More than 10,000 ‘malicious’ emails were said to be sent within the hacking community known as Advanced Persistent Threat 31. Some of this activity resulted in compromises of peoples’ networks, email accounts, cloud storage accounts and telephone call records.

Court documents say the group’s activities have potentially compromised work and personal email accounts, cloud storage accounts and telephone call records belonging to millions of Americans.

Many of the emails were under the guise of news articles that were sent to the target. These emails contained hidden tracking links and once opened the hackers would then gain access to and information about the recipient. The group then used this information to engage in more direct targeted hacking.

People working in the White House, at the Departments of Justice, Commerce, Treasury, and State, the U.S. Senators and Representatives of both political parties were targeted.

Deputy Attorney General Lisa Monaco says: “The Department of Justice will relentlessly pursue, expose, and hold accountable cyber criminals who would undermine democracies and threaten our national security.”

Both the UK and New Zealand’s governments have also accused China of being responsible for cyber campaigns. A spokesperson for the Chinese embassy in Washington DC said: “without valid evidence, relevant countries jumped to an unwarranted conclusion” and “made groundless accusations.”

Embassy Spokesperson on the UK’s hype-up of so-called cyber attacks by China pic.twitter.com/TqACY7NSqq

— Chinese Embassy in UK (@ChineseEmbinUK) March 26, 2024

The international community responds to Chinese hacking allegations

The UK Government has now formally accused China of being behind cyber attacks against Members of Parliament and the Electoral Commission. As a result, sanctions have been imposed.

Two Chinese nationals and a company named Wuhan Xiaoruizhi Science and Technology Company Ltd have been sanctioned, resulting in a freezing of assets and a travel ban stopping them from entering or remaining in the UK. UK citizens and businesses have been barred from handling their funds or resources too.

The government says the company is affiliated with Advanced Persistent Threat Group 31.

Authorities in New Zealand have also accused China of targeting its parliamentary network in 2021.

Featured image: Ideogram

The post ‘Millions of Americans affected by Chinese hacking plot’ appeared first on ReadWrite.

Microsoft has detailed an update on the ongoing cyber attack it has been subjected to from suspected Russian state-sponsored hackers.

Using information obtained during a hit last year, the group known as Midnight Blizzard has targeted Microsoft’s internal systems, the tech giant said in an official blog post.

The company has also shared the latest information with the US Securities and Exchange Commission, in a fresh filing posted on Friday.

“In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access,” Microsoft wrote.

“This has included access to some of the company’s source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised.”

What was the initial Midnight Blizzard cyber attack on Microsoft?

In a targeted recon mission, Midnight Blizzard (also known as Nobelium) was able to access a legacy system account using a password-spraying attack.

Although the malicious activity was discovered on 12 January, it is believed the cyberattack commenced in late November 2023, leaving the American multinational tech giant to play catch-up on the serious incident.

Now, Microsoft is facing further intrusion with the hackers “ attempting to use secrets of different types it has found,” as the company detailed an increase in the volume of the attacks. It stated password sprays had increased almost 10-fold in February, beyond the significant rate experienced in January this year.

This is a sophisticated, organized cyber attack that shows no sign of abating, as detailed in the statement.

“Midnight Blizzard’s ongoing attack is characterized by a sustained, significant commitment of the threat actor’s resources, coordination, and focus. It may be using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so.”

“This reflects what has become more broadly an unprecedented global threat landscape, especially in terms of sophisticated nation-state attacks.”

Microsoft has insisted it remains committed to the ongoing investigation of Midnight Blizzard’s activities.

The hacker collective is believed to be working at the behest of Russia’s Foreign Intelligence Service, known by its native initials, SVR.

Featured image: Pexels

The post Microsoft details update on Russian-sponsored “ongoing attack” appeared first on ReadWrite.

Update: Epic have sent us the following statement:

“We are investigating but there is currently zero evidence that these claims are legitimate. Mogilevich has not contacted Epic or provided any proof of the veracity of these allegations. When we saw these allegations, which were a screenshot of a darkweb webpage in a Tweet from a third party, we began investigating within minutes and reached out to Mogilevich for proof. Mogilevich has not responded. The closest thing we have seen to a response is this Tweet, where they allegedly ask for $15k and ‘proof of funds’ to hand over the purported data.”

So it seems hopefully that the hacking group might be trying to pull a fast one, but it was always doomed to failure unless they can provide evidence.

If we get any more we will update this page further, the advice below of making sure your account has a new password and 2FA enabled still stands as good practice.

Original story below:

News is breaking that Epic Games, the publisher of Fortnite is being held to a ransomware attack by a little-known hacking group Mogilvich. While at this stage the hack is unverified according to Cyberdaily, overnight the group posted details on its darknet leak site.

The group claims to have nearly 200GB of data including, the gang says,  “email, passwords, full name, payment information, source code, and many other data,“  this could turn out to be a real security threat for many people as the data is currently up for sale for an unknown amount.

Mogilvich says, “We have quietly carried out an attack to [sic] Epic Games’ servers, If you are an employee of the company or someone who would like to buy the data, click on me.”

A deadline to purchase the data outright, including Epic, is set as the 4th of March but as yet there is zero proof that they have data at all.

Generally, as with the Rhysida attack on Insomniac last year, we would expect to get file examples of just what exactly they have got and an indication of what is at stake.

Epic Games holds a lot of payment data, due to having its own Games Store and just because of the size of games like Fortnite, so this could turn into a real headache for a lot of people.

As yet, Epic has not commented but we will keep you up to date with developments.

How to secure your Epic Games account

We should take this take seriously at this stage and get ahead of the game, even without any proof, and if you have an Epic Games account, you could start by changing your password and enabling 2FA (two-factor authorization) if you haven’t already for it. Even if this attack turns out to be false, your account will be more secure, so you really should do it anyway. 

As ever, and we are sure you already know, it is extremely bad practice to use the same password on multiple sites, so if your Epic password is the same as everywhere else, it might be time to spend an hour or so tightening up your personal password policy.

Who is Mogilevich?

Cyberdaily lists Mogilevich as a new threat and the Epic hack would be only its fourth, having previously hit Infiniti USA, a subsidiary of Nissan just over a week ago,

The post Epic Games hack update – Epic has no evidence that hack is not a hoax appeared first on ReadWrite.

It is believed the ongoing cyber attack on US health tech giant Change Healthcare is the work of the ‘Blackcat’ ransomware gang.

The targeted hit has caused significant disruption to the health system in recent days with hospitals and pharmacies impacted, as reported by Reuters.

Owned by parent company UnitedHealth, Change operates a major health payment system, connecting care providers and patients across the states. Headquartered in Nashville, Tennessee, the company posted revenues of almost $3.5 billion in 2022.

Last week, hackers obtained access to Change Healthcare’s IT infrastructure with immediate knock-on effects at pharmacies to the detriment of of patients.

Whilst there was no immediate comment from UnitedHealth or Blackcat (also known as ALPHV) in the aftermath of the breach, Reuters has now briefed on the latter’s responsibility for the attack.

Inevitable outcome

This latest development comes after the parent company of Change Healthcare attributed an earlier incident to a “suspected nation-state associated cybersecurity threat actor,” but an industry expert has played down that line of enquiry.

“I am not aware of any links between ALPHV and a nation state,” said Brett Callow, a threat analyst at the cybersecurity firm Emsisoft. “As far as I am aware they are financially motivated cybercriminals and nothing more.”

In December, Blackcat was the target of an international law enforcement response led by US authorities to take down its websites and digital assets, with a relative degree of success. In response, the cyber criminals threatened to retaliate by going after critical infrastructure concerning hospitals and providers.

On this outcome, Callow added law enforcement activity was important but unlikely to completely eradicate the problem.

“It’s inevitable that if you have a group that’s making millions of bucks, they are going to attempt to make a comeback,” he said.

Blackcat is an infamous ransomware gang, one of the most prolific groups of online attackers which has previously targeted the likes of MGM Resorts International and Caesars International.

Image: Tima Miroshnichenko/Pexels

The post ‘Blackcat’ ransomware hit on Change Healthcare impacts hospital and pharmacy systems appeared first on ReadWrite.