FlagThis

A new malicious AI chatbot, GhostGPT, is being advertised on underground forums as a tool for creating malware, executing BEC attacks, and other cybercrimes. This tool lowers the barrier for less-skilled hackers to launch attacks, which is very concerning. GhostGPT is an uncensored AI chatbot which does not have any ethical safeguards which can be found in similar AI tools, and it provides unrestricted responses to malicious queries.

This is one of the first use cases of a malicious AI chatbot being used in cyber crime, and is an indicator of things to come. This new frontier in AI is a major concern.

UK telco TalkTalk is investigating a potential data breach, after a threat actor offered the data of millions of its current and former customers on a cybercrime forum. The investigation is in progress, but the claims suggest a potential exfiltration of sensitive user data. This incident highlights the ongoing challenges of safeguarding user data in the telecommunications sector. The claims about data size might be overstated.

The fact that a threat actor is attempting to sell user data on a cybercrime forum is a big risk. The incident highlights the need for telcos to invest more into security practices. It also shows that customers are at risk of their data being exposed via a third party.

North Korean IT workers, including one who renamed himself ‘Bane’, are accused of engaging in fraudulent schemes. They infiltrated various companies and stole confidential source codes and demanding ransom to prevent release of the stolen data. This highlights a continued trend of North Korea using cyber operations to generate revenue while evading international sanctions. Organizations should be aware of this threat and take necessary precautions.

North Korean IT workers are increasingly using their access to company systems to steal source code and extort companies for ransom. These workers, often hired under false pretenses, are becoming more aggressive and are actively funneling funds back to the North Korean regime. The FBI and Mandiant have issued fresh warnings regarding this evolving threat, urging organizations to be vigilant. These North Korean IT workers are exploiting their remote access to extract sensitive data from companies and demand payment to prevent its release. Additionally, the US Department of Justice has charged several individuals involved in this scheme for conspiracy and money laundering. This highlights the severity and breadth of North Korean cybercrime activities.

The Australian Cyber Security Centre (ACSC) is targeting bulletproof hosting providers which are essential to cybercrime networks. BPH services enable criminals to conduct malicious operations while avoiding detection. These providers ignore takedown requests and facilitate various cybercriminal activities. This highlights the increasing efforts to combat cybercrime at its core by targetting BPH providers.

The Lazarus Group, a North Korean cyber threat actor, is using LinkedIn to target organizations across various sectors. The group uses social engineering to establish contact, then moves communications to other platforms, and tricks victims into downloading malware. This includes posing as recruiters with fake job offers, which ultimately lead to malware infection. This activity highlights the risk of using LinkedIn for business purposes without proper security protocols and employee training and also indicates how social media can be used to target unsuspecting users and bypass common network security measures.

FunkSec, a rising ransomware group, blurs the lines between cybercrime and hacktivism. This group utilizes AI to develop malware and has quickly gained notoriety by breaching databases and selling access to government websites. They have unusually low ransom demands and operate as a four-member team, indicating a blend of financial and visibility motivations. This group emphasizes the evolving landscape of ransomware and the potential for AI to lower the barrier for new groups to engage in cybercrime. This group is being tracked as an evolving cyber threat. Organizations should implement robust security measures, including network segmentation, data backups and security awareness trainings.

A significant amount of cryptocurrency, totaling nearly $500 million, was stolen in 2024 through wallet drainer malware. This malware tricks users into signing malicious transactions that transfer their assets to the attacker. The attacks have targeted over 332,000 victims, indicating the scale of the threat. These attacks pose a substantial risk to crypto users and highlight the need for enhanced security measures and user education about how to avoid such scams. The rise in losses underscores the growing sophistication of cryptocurrency-related cybercrime.

A 20-year-old U.S. Army soldier, identified as Kiberphant0m, has been arrested for allegedly stealing and selling sensitive customer call records from AT&T and Verizon. The suspect, a communications specialist previously stationed in South Korea, is accused of extorting the telecommunication companies and leaking customer data. This incident highlights the risk of insider threats and the potential damage caused by unauthorized access to sensitive customer information.

The soldier allegedly used his position and access to systems to exfiltrate the data. The arrest comes after a thorough investigation and raises concerns about the security protocols used by telecommunication companies to protect customer data from insider threats and the need for strict access controls and continuous monitoring to prevent such incidents in the future.

The RansomHub ransomware group has experienced a rapid rise in activity, quickly outpacing other cybercriminal groups. This emergence is attributed to the disruptions of LockBit and ALPHV. The group has been actively naming and shaming hundreds of organizations on its leak site, while also demanding exorbitant payments. RansomHub is suspected to be a rebrand of the Knight ransomware group.