Written by
Team Nucleus
Content
Written on
8th November, 2024
SHARE ARTICLE
Analyst Insight
INTERPOL recently led a successful cyber operation, dismantling 22,000 malicious IP addresses and significantly disrupting cybercriminal activities worldwide. Meanwhile, a threat actor claimed to have leaked Nokia’s source code on a prominent hacking forum, sparking serious security concerns across the tech industry. In Washington, reports of “unauthorised activity” prompted officials to take court systems offline, launching an ongoing investigation. A coordinated global effort also dismantled a DDoS-for-hire platform, resulting in the arrest of two suspects. Additionally, the National Cyber Security Centre (NCSC) disclosed a new threat: the ‘Pygmy Goat’ malware, specifically targeting Sophos XG firewalls.
22,000 Malicious IP Addresses Taken Down by INTERPOL Cyber Operation
Operation Synergia II is a collaborative initiative involving private sector partners and law enforcement agencies from 95 INTERPOL member countries. Global efforts from INTERPOL has seen the take down of more than 22,000 malicious IP addresses utilised for cybercrime spanning across multiple countries including Hong Kong, Macau, Mongolia, Madagascar and Estonia where local law enforcement collaborated with INTERPOL .
The operation targeted phishing, ransomware and information stealers. During the operation, authorities also seized 43 electronic devices, including laptops, mobile phones, and hard disks. The effort led to the arrest of 41 individuals, with 65 others remaining under investigation.
Threat Actor Claims Leak of Nokia Source Code on Popular Hacking Forum
Nokia is currently investigating a potential leak of data from a 3rd party contractor who supposedly has worked with the technology company. The threat actor “IntelBroker” who has a history of releasing stolen data on the popular hacking forum BreachForums is quoted “Today, I am selling a large collection of Nokia source code, which we got from a 3rd party contractor that directly worked with Nokia to help aid their development of some internal tools.” sourced by BleepingComputer.
IntelBroker claims that the stolen data contains “SSH keys, source code, RSA keys, BitBucket Logins, SMTP accounts, webhooks and hardcoded credentials”. Nokia has launched an investigation to see if any systems were affected, but to date has found no evidence of any stolen data relating to Nokia.
Washington Court Systems Offline After “Unauthorised Activity” Reported by Officials
Court Systems within Washington are experiencing an outage this week due to “unauthorised activity detected on the Washington Courts network” Pierce County announced. The outages affect some electronic court record searches and the balance information regarding judgements/fines that are owed, these outages affect multiple counties. The Pierce County court stated that the outage has limited some services, but essential functions and most proceeding are expected to continue with minimal disruption.
“The Administrative Office of the Courts (AOC) has taken immediate action to secure critical systems and is actively working to safely restore services.” There is currently limited information about the “Unauthorised Access” to the systems, and what exactly is causing the outage.
Global Operation Disrupts DDoS-for-Hire Platform and Two Suspects Arrested
Operation PowerOFF is a joint effort by the FBI, EUROPOL, Dutch National Police Corps, German Federal Criminal Police Office, Poland Cybercrime Police, and the NCA. The goal is to disrupt platforms that offer DDoS-for-Hire services, which are used by criminals to take servers offline for a period of time. These platforms pretend to be “stress testers” that check the resilience of servers with permission, but this is not the case.
This week, as part of Operation PowerOFF, authorities successfully shut down dstat[.]cc, a website notorious for offering DDoS-for-Hire services. In connection with this takedown, two men from Germany, aged 19 and 28, were arrested in Darmstadt and Rhein-Lahn. They are suspected of running the criminal infrastructure behind these DDoS attacks and being involved in large-scale drug trafficking.
NCSC Discloses ‘Pygmy Goat’ Malware Used on Sophos XG Firewalls
The UK’s National Cyber Security Centre (NCSC) has published technical details on a network backdoor known as “Pygmy Goat,” identified on compromised Sophos XG firewalls. The NCSC has also cautioned that this malware targets other Linux-based network devices. Pygmy Goat employs advanced techniques to maintain persistence and evade detection.
According to the NCSC, “While not containing any novel techniques, Pygmy Goat is quite sophisticated in how it enables the actor to interact with it on demand, while blending in with normal network traffic. The code itself is clean, with short, well-structured functions aiding future extensibility, and errors are checked throughout, suggesting it was written by a competent developer or developers.”
