Record-Breaking Crypto Heists by North Korean Hackers in 2024
North Korean state-backed hackers have set a new record in 2024, stealing $1.34 billion in cryptocurrency through 47 targeted cyberattacks, according to Chainalysis. This staggering figure accounts for 61% of the global crypto thefts for the year, reflecting a 21% increase compared to 2023. Although the total number of incidents worldwide hit an all-time high of 303, the overall value stolen still trails behind 2022’s $3.7 billion peak. The majority of the losses occurred in the first half of the year, with January to July witnessing 72% of the total stolen funds. High-profile breaches, such as the $305 million DMM Bitcoin hack in May and the $235 million WazirX heist in July, underscore the scale of these operations. Analysts emphasize that while enhanced security audits have reduced exploitable platform flaws, weak private key management remains a critical vulnerability that continues to be exploited.
US Court Holds Spyware Maker NSO Group Accountable for WhatsApp Hacks
A U.S. federal court has ruled against Israeli spyware developer NSO Group, finding it liable for breaching U.S. hacking laws through the use of WhatsApp zero-day exploits to deploy its Pegasus spyware. The decision marks a significant privacy victory for Meta-owned WhatsApp, which filed the lawsuit five years ago, accusing NSO of violating the Computer Fraud and Abuse Act (CFAA) and California’s Computer Data Access and Fraud Act (CDAFA). Pegasus, marketed to governments for surveillance, was used in zero-click attacks on over 1,400 devices, even after the lawsuit’s initiation in 2019.
WhatsApp emphasized the broader implications of the ruling, asserting that spyware firms cannot operate without accountability. While NSO denied direct involvement in its clients’ activities, the spyware has been linked to targeting diplomats, politicians, journalists, and activists globally. The court has yet to determine the damages, with a decision expected early next year.
Clop Ransomware Intensifies Extortion Efforts After Cleo Data-Theft Attacks
Clop ransomware operators have escalated their extortion campaign following a significant breach involving Cleo software. The gang exploited a zero-day vulnerability, tracked as CVE-2024-50623, in Cleo’s LexiCom, Harmony, and VLTrader products to steal sensitive data. Now, they are pressuring 66 victimized companies to engage in ransom negotiations within 48 hours. Clop’s dark web portal lists partial company names, warning that full disclosures will follow if victims remain unresponsive.
This latest zero-day exploitation is part of Clop’s established pattern of targeting vulnerabilities in secure file transfer solutions, such as MOVEit Transfer and Accellion FTA. The Cleo vulnerability allowed unrestricted file uploads and downloads, leading to remote code execution and data theft. A patch has been issued for Cleo’s affected products, though concerns remain over its robustness. With over 4,000 organizations using Cleo software globally, the extent of Clop ransomware’s impact in this attack wave remains uncertain.
ZAGG Customer Credit Card Data Exposed in Third-Party Breach
ZAGG Inc. has revealed that hackers accessed customer credit card information through a breach in the FreshClicks app, a third-party tool provided by its e-commerce partner, BigCommerce. The malicious attack targeted the checkout process on ZAGG’s website between October 26 and November 7, 2024, stealing names, addresses, and payment card details. FreshClicks, offered through BigCommerce’s app marketplace, was compromised by injected malicious code designed to scrape sensitive data.
BigCommerce clarified that its core systems were not affected and acted swiftly to uninstall the compromised app from affected stores. In response, ZAGG has introduced remedial measures, informed federal authorities, and is providing impacted customers with 12 months of credit monitoring via Experian. While the exact number of affected individuals remains undisclosed, ZAGG advises vigilance in monitoring financial activity and considering fraud alerts or credit freezes to mitigate potential risks from this breach.
Outdated D-Link Routers Targeted by Malware Botnets in Recent Attacks
The malware botnets ‘Ficora’ and ‘Capsaicin’ are exploiting outdated and end-of-life D-Link routers in a surge of attacks, using known vulnerabilities such as CVE-2015-2051, CVE-2019-10891, and CVE-2024-33112. Targeted models include popular devices like DIR-645 and GO-RT-AC750, often used by individuals and businesses.
After gaining access, the botnets exploit weaknesses in the routers’ management interface to execute commands and deploy malicious payloads. Ficora, a Mirai botnet variant, spreads through brute-forcing credentials and launches DDoS attacks with UDP, TCP, and DNS amplification. Capsaicin, linked to the Keksec group, uses downloader scripts to infect devices and disable competing botnets.
Both botnets leverage the compromised routers for data theft and DDoS attacks. To defend against such threats, users should update device firmware, replace unsupported hardware, and secure devices with strong passwords while disabling unnecessary remote access features.
Chinese Hackers Breach U.S. Treasury via Remote Support Platform
Chinese state-sponsored hackers have breached the U.S. Treasury Department by exploiting vulnerabilities in BeyondTrust’s Remote Support SaaS platform. The attack, attributed to an Advanced Persistent Threat (APT) group, was disclosed to lawmakers after the breach was identified on December 8, 2024. The threat actors used a stolen API key to reset passwords and gain privileged access to the agency’s systems, allowing them to steal sensitive documents remotely.
BeyondTrust’s investigation uncovered two zero-day vulnerabilities, CVE-2024-12356 and CVE-2024-12686, which enabled the compromise. The company has since shut down the affected instances and revoked the stolen key. The FBI and CISA have confirmed that no ongoing access exists following the mitigation efforts.
This breach highlights a broader pattern of attacks by Chinese hackers, including recent telecom intrusions targeting text messages and wiretap data. In response, U.S. agencies are emphasizing encrypted communication tools to counter interception risks.
Conclusion
In conclusion, the evolving cybersecurity landscape continues to be marked by sophisticated threats, including zero-day exploits, ransomware attacks, and data breaches targeting critical infrastructures. Organizations must remain proactive by implementing robust defenses and staying informed about emerging vulnerabilities.
As specialists in ransomware recovery and cybersecurity, we provide tailored solutions to help businesses mitigate and recover from ransomware incidents. Our services include Ransomware Recovery Services, Ransomware Negotiation Services, and Ransomware Settlement Services. If your organization is facing a ransomware crisis or needs expert guidance to enhance its defenses, contact us today.