Amidst the holiday season, cybercriminals were moderately active in the last week of December. From the Akira Gang claiming responsibility for the Nissan Australia cyberattack to the leak of the GTA V source code online, this post will review the top cybersecurity events from the last week of December.

1. Akira Gang Claims Responsibility for Nissan Australia Cyberattack

On December 23, the Akira ransomware gang updated its “date leak blog” with a new entry claiming they successfully breached Nissan Australia‘s network and stole around 100GB of documents.

The attackers have threatened to leak sensitive business and client data online, as ransom negotiations with Nissan failed after the company either refused to engage or pay the ransom.

“They seem not to be very interested in the data, so we will upload it for you within a few days,” the ransomware group says. “You will find docs with personal information of their employees in the archives and much other interested stuff like NDAs, projects, information about clients and partners etc.”

Read More:

2. GTA 5 Source Code Reportedly Leaked Online

Recent reports indicate that the source code for Grand Theft Auto 5 was purportedly leaked on Christmas Eve, marking just over a year since the Lapsus$ threat actors targeted Rockstar Games, resulting in the compromise of corporate data.

Links to download the source code were shared on numerous channels, including Discord, a dark web website, and a Telegram channel that the hackers previously used to leak stolen Rockstar data.

Understanding Spear Phishing: The Personalized Cyber Threat

The channel owner, identified as ‘Phil,’ shared links to the stolen source code along with a screenshot showcasing one of the compromised folders in a post to a Grand Theft Auto leak channel on Telegram.

Read More:

Buy Me A Coffee

3. New Android Malware Infects 330k Devices via Malicious Apps on Google Play

Researchers have identified an Android backdoor named ‘Xamalicious’, which has infected approximately 338,300 devices via malicious apps on Google Play.

Computer security software company McAfee discovered 14 infected apps on Google Play, with three having 100,000 installs each, reports Bleeping Computer.

Although the apps have been removed from Google Play, users who installed them since mid-2020 may still have active Xamalicious infections on their phones, which require manual cleanup and scanning.

Read More:

4. Microsoft Disables ‘App Installer’ Used by Hackers to Spread Malware

Microsoft has disabled its ms-appinstaller URI scheme (App Installer) after observing that threat actors are using it to distribute malware.

According to a blog from Microsoft Threat Intelligence, the tech giant has been observing threat actors since mid-November 2023.

“Since mid-November 2023, Microsoft Threat Intelligence has observed threat actors, including financially motivated actors like Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674, utilizing the ms-appinstaller URI scheme (App Installer) to distribute malware,” Microsoft said.

Read More:

Besides this, Hackers stole around $2 billion in cryptocurrencies in 2023, a substantial decrease from a record of around $3.8 billion in 2022. Among the major hacks this year was Hong Kong-based crypto company Mixin which saw $200 million stolen in a data breach that occurred in September.

USB Color Code: Unlocking the Secrets Behind the Different USB Port Colors

Some of the most active ransomware groups are deliberately switching on remote encryption for their cyber attacks, infiltrating deeper into companies and crippling their operations. In remote encryption attacks, also known as remote ransomware, adversaries leverage a compromised and often under-protected endpoint to encrypt data on other devices connected to the same network.

Sophos, a global leader in delivering cybersecurity as a service, has detected a 62 percent (year-over-year) increase in intentional remote encryption attacks since 2022.

Some of the most prolific and active ransomware groups, including Akira, ALPHV/BlackCat, LockBit, Royal, and Black Basta, are deliberately switching on remote encryption for their attacks, the report mentioned.