FlagThis - #hacking

Spanish authorities have arrested a hacker in Alicante for allegedly conducting over 40 cyberattacks targeting critical public and private organizations, including NATO, the US Army, and various Spanish entities such as the Guardia Civil and the Ministry of Defense. The investigation began in early 2024 after a data leak was reported from a Madrid business association, revealing that the hacker was boasting about stolen information on an underground criminal forum, even defacing the victim's website.

The suspect, known online as "Natohub" among other pseudonyms, is accused of illegally accessing computer systems, disclosing secrets, damaging computers, and money laundering. Police seized multiple computers, electronic devices, and over 50 cryptocurrency accounts containing various digital assets. Although the suspect's name hasn't been released by police, local news reports identify him as an 18-year-old man.


References :

• BleepingComputer: The Spanish police have arrested a suspected hacker in Alicante for allegedly conducting 40 cyberattacks targeting critical public and private organizations, including the Guardia Civil, the Ministry of Defense, NATO, the US Army, and various universities.
• securityaffairs.com: Spanish Police arrested an unnamed hacker who allegedly breached tens of government institutions in Spain and the US.
• BleepingComputer: The Spanish police have arrested a suspected hacker in Alicante for allegedly conducting 40 cyberattacks targeting critical public and private organizations, including the Guardia Civil, the Ministry of Defense, NATO, the US Army, and various universities.
• Help Net Security: Suspected NATO, UN, US Army hacker arrested in Spain
• SecurityWeek: Spanish authorities have arrested an individual who allegedly hacked several high-profile organizations, including NATO and the US army.
• : The Spanish National Police and the Civil Guard announced the arrest (and release) of a hacker responsible for the cyberattacks against various Spanish government organizations, NATO and U.S. Army databases, and other international companies and entities.
• www.scworld.com: Suspected hacker arrested for attacks on NATO, US Army
• CyberInsider: Police Arrest Hacker Behind Attacks on U.S. and NATO Systems
• cyberinsider.com: Police Arrest Hacker Behind Attacks on U.S. and NATO Systems
• www.bleepingcomputer.com: Spanish National Police : (Spanish language) The Spanish National Police and the Civil Guard announced the arrest (and release) of a hacker responsible for the cyberattacks against various Spanish government organizations, NATO and U.S. Army databases, and other international companies and entities. Police seized multiple computers, electronic devices, and 50 cryptocurrency accounts containing various digital assets. Although no identity was released, linked the victim organizations to high profile attacks by the hacker using the alias "natohub".
• www.helpnetsecurity.com: Suspected NATO, UN, US Army hacker arrested in Spain
• www.securityweek.com: SecurityWeek provides details on the hacker's arrest and the organizations targeted.
• BleepingComputer: The Spanish police have arrested a suspected hacker in Alicante for allegedly conducting 40 cyberattacks targeting critical public and private organizations, including the Guardia Civil, the Ministry of Defense, NATO, the US Army, and various universities.
• bsky.app: The Spanish police have arrested a suspected hacker in Alicante for allegedly conducting 40 cyberattacks targeting critical public and private organizations, including the Guardia Civil, the Ministry of Defense, NATO, the US Army, and various universities. https://www.bleepingcomputer.com/news/legal/spain-arrests-suspected-hacker-of-us-and-spanish-military-agencies/
• Cybernews: An undisclosed hacker has been accused of over 40 cyberattacks on strategic organizations, including government, universities, NATO, and the US Army.
• www.policia.es: Spanish National Police : (Spanish language) The Spanish National Police and the Civil Guard announced the arrest (and release) of a hacker responsible for the cyberattacks against various Spanish government organizations, NATO and U.S. Army databases, and other international companies and entities.
• Techmeme: Spanish police arrest a hacker for allegedly conducting 40 cyberattacks on critical public and private organizations, seizing 50 crypto accounts, PCs, and more
• BleepingComputer: The Spanish police have arrested a suspected hacker in Alicante for allegedly conducting 40 cyberattacks targeting critical public and private organizations, including the Guardia Civil, the Ministry of Defense, NATO, the US Army, and various universities.
• www.techmeme.com: Spanish police arrest a hacker for allegedly conducting 40 cyberattacks on critical public and private organizations, seizing 50 crypto accounts, PCs, and more
• ciso2ciso.com: Police arrest teenager suspected of hacking NATO and numerous Spanish institutions
• gbhackers.com: Authorities Arrested Hacker Who Compromised 40+ Organizations
• www.helpnetsecurity.com: The Spanish National Police has arrested a hacker suspected of having breached national and international agencies (including the United Nation’s International Civil Aviation Organization and NATO), Spanish universities and companies, and released stolen data on the dark web.

Classification:

• HashTags: #Cybercrime #Hacking #Arrest
• Company: NATO, US Army
• Target: NATO, US Army
• Attacker: Spanish Hacker
• Feature: Data Theft
• Type: Hack
• Severity: High

A 15-year-old hacker has uncovered a significant security vulnerability related to Cloudflare's caching feature. This "zero-click deanonymization attack" can expose a user's precise location, within a 250-mile radius, without any interaction required from the user. The exploit impacts several popular platforms, including Signal and Discord, raising concerns for privacy among users. The hacker published a research paper warning about this undetectable exploit, targeted towards journalists, activists, and hackers, highlighting how attackers could send a malicious payload and reveal locations within seconds.

Multiple online cybercrime platforms including Cracked, Nulled, Sellix, and StarkRDP, have been seized by law enforcement in a large international operation. These sites, which facilitated the trading of stolen data, malware, and hacking tools, were used by over 10 million users. The operation involved authorities from multiple countries, and included arrests, property searches, and the confiscation of devices and funds. Europol reports that these platforms had generated over a million euros in illicit profits. The shutdown also targeted supporting services like financial processor Sellix and hosting service StarkRDP. Authorities indicate that these forums also offered AI-based tools to automate security vulnerability scans and enhance phishing attacks.


References :

• lobste.rs: Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform
• The Hacker News: Authorities Seize Domains of Popular Hacking Forums in Major Cybercrime Crackdown
• blog.cloudflare.com: Cloudflare : Cloudflare released an outage postmortum for yesterday's incident in which multiple Cloudflare services were unavailable for almost a full hour.
• BleepingComputer: A routine attempt to block a phishing URL in Cloudflare's R2 object storage platform backfired yesterday, triggering a widespread outage yesterday that brought down multiple services for nearly an hour.
• www.bleepingcomputer.com: A routine attempt to block a phishing URL in Cloudflare's R2 object storage platform backfired yesterday, triggering a widespread outage yesterday that brought down multiple services for nearly an hour.
• BleepingComputer: A routine attempt to block a phishing URL in Cloudflare's R2 object storage platform backfired yesterday, triggering a widespread outage yesterday that brought down multiple services for nearly an hour.
• cyb_detective: An attempt to block a phishing URL in Cloudflare's R2 object storage platform backfired yesterday, triggering a widespread outage that brought down multiple services for nearly an hour.
• Anonymous ???????? :af:: An attempt to block a phishing URL in Cloudflare's R2 object storage platform backfired yesterday, triggering a widespread outage that brought down multiple services for nearly an hour.
• : Cloudflare : Cloudflare released an outage postmortum for yesterday's incident in which multiple Cloudflare services were unavailable for almost a full hour. This caused all operations against R2 object storage to fail for the duration of the incident, and caused a number of other Cloudflare services that depend on R2 to fail as well.
• bsky.app: A routine attempt to block a phishing URL in Cloudflare's R2 object storage platform backfired yesterday, triggering a widespread outage yesterday that brought down multiple services for nearly an hour.
• BleepingComputer: A routine attempt to block a phishing URL in Cloudflare's R2 object storage platform backfired yesterday, triggering a widespread outage that brought down multiple services for nearly an hour.
• : Cloudflare released an outage postmortum for yesterday's incident in which multiple Cloudflare services were unavailable for almost a full hour.

Classification:

• HashTags: #Cloudflare #Privacy #Hacking
• Company: Cloudflare
• Target: Signal and Discord Users
• Attacker: none
• Product: Cloudflare
• Feature: caching
• Malware: none
• Type: 0Day
• Severity: Major

Microsoft is taking legal action against a foreign-based hacking group accused of operating a "hacking-as-a-service" infrastructure. This group exploited stolen Azure API keys and customer Entra ID credentials to bypass the safety controls of Microsoft's generative AI services, particularly the Azure OpenAI Service. They are said to have developed sophisticated software to gain access, and then intentionally alter the capabilities of those services. This allowed them to generate offensive and harmful content, which was then distributed through tools sold to other malicious actors. This abuse was discovered by Microsoft in July 2024, leading to the lawsuit.

Microsoft's Digital Crimes Unit has stated that the threat actors actively scraped public websites to obtain exposed customer credentials. The group monetized their illicit access by selling custom tools, alongside detailed instructions on generating harmful content. The lawsuit seeks to dismantle the group’s operation, including seizing websites like "aitism[.]net" central to their criminal activity. Microsoft has since revoked the threat-actor's access, put in place countermeasures and strengthened their safeguards to prevent future incidents. The threat actor group is believed to have targeted not only Microsoft but other AI platforms and U.S. based companies, including those in Pennsylvania and New Jersey.


References :

• ciso2ciso.com: Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation – Source:thehackernews.com
• osint10x.com: Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation
• The Hacker News: Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation
• Pyrzout :vm:: Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation – Source:thehackernews.com
• www.the420.in: Microsoft Sues Hackers for Exploiting AI Services with Stolen Azure Credentials
• Schneier on Security: Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme
• arstechnica.com: Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme
• Osint10x: Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation
• blogs.microsoft.com: Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme

Classification:

• HashTags: #AzureAI #Hacking #LegalAction
• Company: Microsoft
• Target: Azure AI
• Product: Azure AI
• Feature: Azure AI Abuse
• Malware: Azure Abuse Enterprise
• Type: AI
• Severity: Medium