Check out Threat Flow, the Security Industry’s First Transparent Generative AI Application
Check It Out
Free Trial
Get Full Access

Launching Leaky Weekly with Flare, Cybercrime Current Events Podcast

Picture of Flare
Flare
  • Reading time: 4 min

There’s so much to keep up with in the world of cybercrime…especially for security practitioners.

Leaky Weekly is a bi-weekly podcast hosted by security researcher Nick Ascoli as he dives into the most pressing stories on data leaks, cybercrime, and the dark web in the last week or so.

Tune in for current events every other week on Spotify with short and sweet episodes in about 15 minutes, on YouTube, or check out this article for the highlights.

*Important disclaimer: When a company is possibly the victim of a breach, that may not necessarily be the case for various reasons, such as if threat actors may not actually have the information they claim to. Security practitioners should be supportive of organizations/security teams addressing breaches and never shame them.*

AT&T Breach

Billions of text and call records stolen 

A threat actor reached out to a security researcher to share a sampling of the researcher’s call records. After the researcher confirmed that those were their call records, the threat actor reveals that they leveraged a Snowflake account that didn’t have MFA turned on, and accessed the information in that tenant.

This threat actor sent the information to a few people including a member of ShinyHunters, a threat actor group. 

The original security researcher informed Mandiant, which then notified AT&T, which then filed an SEC filing and claimed that the threat actor associated with the breach has been arrested. 

The original threat actor had been arrested but was actually arrested in relation to a T-Mobile breach, a few years ago. 

AT&T attempted to contact ShinyHunters through the original security researcher:

  1. AT&T paid ShinyHunters five bitcoins to delete the data (with the security researcher also receiving a cut).
  2. ShinyHunters sent AT&T a video deleting the data (though it’s possible they may have other copies).
  3. WIRED also gets a hold of this video.
  4. ShinyHunters told several news outlets that the original threat actor shared the data with multiple people, including a ShinyHunters member (so it’s possible there are multiple copies of this information out there). 

This is a developing story, and it’s unclear how many copies of this information may be floating around. There are many theories of how malicious actors can exploit this data as they include information such as cell tower local pings that can geolocate where a call took place.

AT&T Breach

Billions of text and call records stolen 

Automate Your Threat Exposure Management

Integrate the world’s easiest to use and most comprehensive cybercrime database into your security program in 30 minutes.

 Sign Up for Your Free Trial

A threat actor reached out to a security researcher to share a sampling of the researcher’s call records. After the researcher confirmed that those were their call records, the threat actor reveals that they leveraged a Snowflake account that didn’t have MFA turned on, and accessed the information in that tenant.

This threat actor sent the information to a few people including a member of ShinyHunters, a threat actor group. 

The original security researcher informed Mandiant, which then notified AT&T, which then filed an SEC filing and claimed that the threat actor associated with the breach has been arrested. 

The original threat actor had been arrested but was actually arrested in relation to a T-Mobile breach, a few years ago. 

AT&T attempted to contact ShinyHunters through the original security researcher:

  1. AT&T paid ShinyHunters five bitcoins to delete the data (with the security researcher also receiving a cut).
  2. ShinyHunters sent AT&T a video deleting the data (though it’s possible they may have other copies).
  3. WIRED also gets a hold of this video.
  4. ShinyHunters told several news outlets that the original threat actor shared the data with multiple people, including a ShinyHunters member (so it’s possible there are multiple copies of this information out there). 

This is a developing story, and it’s unclear how many copies of this information may be floating around. There are many theories of how malicious actors can exploit this data as they include information such as cell tower local pings that can geolocate where a call took place.

Screenshot of message from SiegedSec leader in their Telegram channel, announcing disbanding the group

Disney Hack

The hacktivist group NullBulge, which claims to protect artists’ rights, hacked into Disney’s internal Slack messages in a protest over AI-generated art. 

NullBulge claimed there were two prominent methods of hacking:

  • An insider supposedly gave the group access to Disney’s internal Slack. However, this insider cut off NullBulge’s access, and the group responded by doxxing this individual. 
  • The WIRED article mentions infostealers may have been involved. 

The leak revealed 1.1 terabytes of messages, unreleased projects, code, documentation, and more across 10,000 Slack channels. NullBulge posted this information on their blog. 

Screenshot of NullBulge’s blog with stolen information from Disney’s Slack

These are all developing stories that we covered very briefly, so check out cybersecurity news outlets to stay up-to-date. We couldn’t cover everything in the last few weeks or so, and we’ll look into new stories and developments in two weeks.

Brought to you by Flare, Threat Exposure Management solution that empowers organizations to proactively detect, prioritize, and mitigate types of exposures commonly exploited by threat actors. Sign up for our free trial here.

Share This Article
View posts

Flare

Related Content

Cybercrime Current Events: Background Check Organization Breach, a Repossessed Ransomware Blog, Feuding Forums, and Double Arrest of “J.P. Morgan”

Read More

Let’s Meet at Hacker Week in Las Vegas!

Read More

ShapeUp at Flare: A Game-Changer for Project Management

Read More
4.9

“What used to take about 1500 hours to complete can now be done in 1 week. Flare allows me to empower junior analysts to do dark web investigations that were previously impossible, hence liberating bandwidth.

Senior Security Specialist at a MSSP

4.9

“Other solutions would present us with thousands of potential leaks which were impossible to work with for our small team, Flare was the only one that could successfully filter and prioritize data leaks with their 5-point scoring system.”

CTI Director at a Major North American Bank

4.9

“Flare enables us to react quickly when threats are publicized. It helps us protect our brand and financial resources from data breaches.”

CISO in a Major North American Bank

4.9

“We audited dozens of different solutions and Flare was the only one making CTI easy and understandable for all, with the right data.”

Senior Advisor at an IT Services Industry

Start your free trial today

Experience Flare for yourself and see why Flare is used by organization’s including federal law enforcement, Fortune 50, financial institutions, and software startups.

START FREE TRIAL
Flare logo
Get a Demo
Free Trial
Linkedin Twitter Facebook Youtube
Copyright 2024 Flare Systems, Inc.
1751 Rue Richardson, Unit 3.108, Montreal, Quebec, H3K 1G6

Flare HQ

soc 2 cybersecurity company
Flare logo
Free Trial
Get Full Access
Log in