Cyber Round-up

Cyber Round-up for 23rd February

February 22, 2024

Cyber Round-up for 23rd February

Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week to cover some of the news, posts, views, and highlights from the world of Security.

In this week’s round-up:

Security News

Ukrainian Police Arrest Father & Son with Ties to LockBit Ransomware Gang

Ukrainian authorities have made a significant breakthrough in the fight against LockBit by arresting a father and son linked to the notorious ransomware gang. This operation, part of a larger crackdown on LockBit, highlights Ukraine's commitment to combatting cyber threats. The gang has caused substantial economic damage in recent history and has become one of the most prolific cybercrime groups. This arrest is a crucial step in dismantling their activities and showcases international cooperation in tackling cyber threats.

In addition to this, the National Crime Agency has led an international investigation into the LockBit cybercrime group. This has resulted in the NCA gaining control over LockBit's services, "compromising their entire criminal enterprise.". More details on this operation can be found here.


Android & Linux Devices at Risk – Open-Source Wi-Fi Software Vulnerable to Authentication Bypass

Security researchers have uncovered two critical vulnerabilities (tracked as CVE-2023-52160 and CVE-2023-52161) in open-source Wi-Fi software affecting Android, Linux, and ChromeOS devices.

CVE-2023-52160 affects wpa_supplicant versions 2.10 and prior. Successful exploitation of this flaw requires the attacker to possess the SSID of a Wi-Fi network the victim has previously connected to. Additionally, any Wi-Fi clients that are configured to correctly verify the certificate of the authentication server are not affected. wpa_supplicant is used by default on all Android devices, making this a high-profile vulnerability.  

CVE-2023-52161 exists in Intel’s iNet Wireless Daemon (IWD) and affects versions 2.12 and prior. If exploited correctly, the attacker could gain unauthorised access to secure networks that would otherwise require a password.

These vulnerabilities underscore the importance of robust security measures in Wi-Fi authentication processes. As always, affected users are prompted to apply the latest updates at the earliest date.


Latest iMessage Upgrade Aims to Combat Quantum Decryption Methods

In an innovative move to future-proof its messaging service, Apple has announced an upgrade to iMessage that enhances its encryption standards to resist decryption by quantum computers. This update is pivotal as quantum computing promises to break traditional encryption methods, posing a significant risk to data privacy. Apple's proactive measure ensures that iMessage remains a secure communication platform and highlights Apple's commitment to user privacy.


Free Decryption Tool for Rhysida Ransomware Victims Now Available

South Korean security researchers from Kookmin University have discovered a vulnerability in the Rhysida ransomware, enabling them to decrypt files encrypted by this notorious malware. By exploiting an implementation flaw in Rhysida's encryption key generation process, the team was able to regenerate the random number generator's internal state at the time of infection, allowing for the successful decryption of data. This breakthrough marks the first successful decryption of Rhysida ransomware. A decryption tool has been developed and released to the public through the Korea Internet and Security Agency (KISA), with instructions available in English to ensure broader accessibility.

While this will allow victims to recover their data, the public disclosure of such a recovery tool will alert Rhysida to the flaw in their software, almost guaranteeing the arrival of a patch in the near future. This will unfortunately limit the effectiveness of the decryption tool over time.


Latest Mustang Panda Campaign Targets Asia with New Advanced PlugX Variant

A China-linked cyber espionage group known as Mustang Panda has intensified its activities in Asia using an advanced variant of the PlugX malware, dubbed DOPLUGS. This campaign has primarily targeted Taiwan and Vietnam through spear-phishing campaigns, in which DOPLUGS is used for initial data gathering before deploying the more complex PlugX backdoor. The upgrades in DOPLUGS, including the use of the Nim programming language and a unique RC4 decryption method, showcase Mustang Panda's evolving tactics aimed at espionage within Asian and European regions.


Stay Safe, Secure and Healthy!

Edition #269 – 23rd February 2024


Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.

Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.

Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.


Ironshare is a provider of Information and Cyber Security services.

we went with; wizard pi