7.5 million boAT customers impacted from alleged data breach

7.5 million boAT customers impacted from alleged data breach

Photo: Malik Haris 10 / Shutterstock.com

Prominent Indian electronic manufacturer boAT was allegedly hit with a massive data breach on April 5, affecting over 7.5 million customers. The leaked data includes Personally Identifiable Information (PII) like names, addresses, contact numbers, email IDs, and customer IDs.

Cybersecurity experts have traced back the breach to a cybercriminal named ShopifyGUY. The hacker claims to have accessed and leaked approximately 2 GB of data related to boAT customers, reported Forbes India.

The hacker behind the breach, ShopifyGUY, is relatively new but stands to gain recognition within dark web circles, potentially leading to further breaches and data sales.

Cybersecurity researchers are still unsure about the exact time of the breach. “Considering the timeline, we can assume that the hackers gained access to the boAt customer database at least one month ago,” says senior threat analyst Rakesh Krishnan.

As the data is available on dark web forums, boAT customers could expect phishing emails, calls, and random text messages luring them to click on a link. If they click on the malicious link, the hackers can install malware on the devices, or the customers will land on phishing sites where they must enter their personal information.

The company hasn’t responded to our request for a comment.

To legitimise their phishing communication further, scammers can also act like the official boAT customer care and ask you to change your password under the pretext of this leak.

“The data is available for eight credits on some forums, so literally, it costs two euros to buy the data. It’ll probably be available for free in a few days on Telegram. This data will be used by a lot of scammers for different phone and email scams,” says Yash Kadakia, founder of Security Brigade.

Despite the massive data breach, the company has not issued an official statement and it is unclear whether it has notified the affected customers.

To check whether your email has been affected, go to Have I Been Pwned and enter your email address.

We reached out to boAT for comment and will update the story when we receive a response.

In the News: Hacked YouTube accounts are spreading info stealers to thousands

Source link

First Time Seeing A HellBomb In HELLDIVERS 2 #gaming #funny

First Time Seeing A HellBomb In HELLDIVERS 2 #gaming #funny

First Time Seeing A HellBomb In HELLDIVERS 2 #gaming #funny

Source link

HELLDIVERS 2 HELLDIVE Difficulty With Bots – Livestream #5

HELLDIVERS 2 HELLDIVE Difficulty With Bots – Livestream #5

HELLDIVERS 2 HELLDIVE Difficulty With Bots – Livestream #5

Source link

Crossplaying in Remnant 2  Latest Update Livestream

Crossplaying in Remnant 2 Latest Update Livestream

Crossplaying in Remnant 2 Latest Update Livestream

Source link

Agent Tesla phishing campaigns targets US and Australian orgs

Agent Tesla phishing campaigns targets US and Australian orgs

Two threat actors, Bignosa and Gods, have been deploying Agent Tesla malware in three phishing campaigns against organisations in the United States and Australia.

The attackers had a huge and intricate database of 62,000 emails, including those of individuals and organisations from different walks of life.

Check Point Research exposed the two threat actors behind the recent attacks. The researchers also discovered that both threat actors were involved in a phishing campaign against Furman University in South Carolina from December 2023 to January 2024.

Furthermore, these threat actors maintained a well-guarded network of servers that they used for identity obfuscation.

Agent Tesla, a formidable remote access trojan (RAT), has consistently posed a significant threat in the cybersecurity landscape. Cybercriminals favour this tool, which extracts sensitive information from the affected machines, including keystrokes and login credentials.

Check Point discovered campaigns that employ sophisticated phishing tactics to acquire email credentials, facilitating the deployment of Agent Tesla payloads for data exfiltration.

Source: Check Point Research

Two principal threat actors are at the forefront of these illicit operations: Bignosa and Gods. Bignosa is a prominent figure within a cybercriminal syndicate that specialises in malware deployment and phishing campaign orchestration. On the other hand, Gods provide technical expertise and strategic guidance, showcasing a symbiotic relationship within the cybercriminal ecosystem.

The researchers discovered that Bignosa has been using Agent Tesla for quite a while. They also discovered another alias of the same actor, ‘Nosakhare,’ which appears to be a word of Nigerian origin. Bignosa employs Cassandra Protector, an obfuscation tool, to protect its identity.

A sample of phishing text. | Source: Check Point Research

Researchers identified the threat actor as Nosakhare Godson and accessed his desktop. There, they found traces of other malware, including Quasar, Warzone, and PureCrypter. Moreover, the hacker also used Grammarly and SuperMailer to spam and test.

The second threat actor, Gods/Kmarshal, has been in the hacking business since 2023. Researchers discovered their Jabber account and found that the email used by Gods corresponds to a YouTube channel. By meticulously tracing the IP addresses associated with Gods, scrutinising the TikTok profiles linked to the attackers, and navigating through Instagram accounts, researchers successfully unveiled the true identity of Gods, revealing him to be Kingsley Fredrick.


Attack chain of the campaigns

Source: Check Point Research

Researchers uncovered the intricate attack chains orchestrated by these threat actors:

  • Phishing campaigns: The operational blueprint commences with specially crafted emails masquerading as authentic communications. These deceptive emails lure recipients into disclosing their credentials or unwittingly downloading malicious attachments.
  • Malware deployment: Agent Tesla payloads are stealthily deployed onto victim machines upon successful phishing attempts. These payloads adeptly evade conventional security measures, ensuring persistent access and data exfiltration.
Source: Check Point Research
  • Cassandra Protector: The Cassandra Protector introduces a layer of sophistication to the malware. This tool obscures malware code, employs anti-av and anti-emulation techniques, and signs files with certificates to evade detection.
  • Command and control infrastructure: The threat actors maintained a robust C&C infrastructure to coordinate and control compromised machines. This infrastructure is a central hub for data exfiltration, command execution, and ongoing malicious activities.

Agent Tesla excels in capturing data, and remote servers subsequently exfiltrate this pilfered data under the threat actors’ control.

The malware employs an injection method for persistence, evades antivirus and emulation techniques, and leverages PowerShell commands for system manipulation and evasion.

To mitigate the risks of phishing attacks, experts advise keeping software updated with timely patches, exercising caution when clicking on any link, and installing a robust antivirus.

In the News: Google may put AI-powered search results behind paywall

Source link

First Time Playing HELLDIVERS 2 – Livestream #1

First Time Playing HELLDIVERS 2 – Livestream #1

First Time Playing HELLDIVERS 2 – Livestream #1

Source link

First Time Playing HELLDIVERS 2 – Livestream #2

First Time Playing HELLDIVERS 2 – Livestream #2

First Time Playing HELLDIVERS 2 – Livestream #2

Source link

Playing HELLDIVERS 2 Everyday Until I Can Beat The Highest Difficulty – Livestream #3

Playing HELLDIVERS 2 Everyday Until I Can Beat The Highest Difficulty – Livestream #3

Playing HELLDIVERS 2 Everyday Until I Can Beat The Highest Difficulty – Livestream #3

Source link

Playing HELLDIVERS 2 Everyday Until I Can Beat The Highest Difficulty – Livestream #4

Playing HELLDIVERS 2 Everyday Until I Can Beat The Highest Difficulty – Livestream #4

Source link