Posts Tagged: tied
Anonymous claims responsibility for Moscow traffic jam tied to app exploit
On Thursday morning, Moscow’s busy Fili district became the site of a traffic jam unlike any before it. Motherboard (via The Verge) reports hackers used Russia’s Yandex Taxi ride-hailing app to order dozens of drivers to coverage on Kutuzovsky Prospekt, one of the city’s main thoroughfares. The act caused traffic on part of the already congested street to come to a standstill for about 40 minutes while Yandex worked to address the situation.
“On the morning of September 1st, Yandex Taxi encountered an attempt by attackers to disrupt the service — several dozen drivers received bulk orders to the Fili district of Moscow,” a Yandex spokesperson told Motherboard. In a separate statement shared with Russia’s state-owned TASS news agency, Yandex said it reworked its routing algorithm following the attack to prevent similar incidents from occurring in the future. The event is one of the first known instances of hackers exploiting a ride-hailing app to create a traffic jam.
Someone hacked #YandexTaxi and ordered all available taxis to Kutuzov Prospect in Moscow
Now there is a huge traffic jam with taxis.
It‘s like James Bond movie. pic.twitter.com/IatuAEtA2i
— Russian Market (@runews) September 1, 2022
Several Twitter accounts claiming affiliation with Anonymous say the hacktivist collective is behind the incident. On Friday, one Anonymous account said the group worked with the IT Army of Ukraine, a volunteer organization formed at the start of the war, to carry out the attack.
Anonymous previously claimed responsibility for a cyberattack that took down multiple Russian government websites, including those belonging to the Kremlin and the Ministry of Defence. “Faced with this series of attacks that Ukraine has been suffering from the Russian dictator Vladimir Putin, we could not help but support the Ukrainian people,” the group said at the time.
Elaborate hack of ‘Axie Infinity’ tied to fake LinkedIn job offer
Axie Infinity was the prime example of crypto gaming last year, when its play-to-earn formula helped it reach up to 2.7 million daily active users last November. But that all came crashing down in March, when hackers stole $ 625 million from the Ethereum-linked Ronin sidechain powering the game. Now, it turns out, the source of that hack came from an unlikely source: A fake job offer from LinkedIn.
As The Block reports (via The Verge) based on two sources, the hackers infiltrated Axie Infinity owner Sky Mavin's network by sending a spyware-filled PDF to one employee. That person thought they were accepting a high-paying job from another firm, but it turns out that company never existed. According to the US government, North Korean hacker group Lazarus was behind the attack.
“Employees are under constant advanced spear-phishing attacks on various social channels and one employee was compromised," Sky Mavis noted in a post-mortem blog post following the hack. "This employee no longer works at Sky Mavis. The attacker managed to leverage that access to penetrate Sky Mavis IT infrastructure and gain access to the validator nodes.”
Axie Infinityspun back up last week, and it's still relying on the Ronin sidechain, albeit with stricter security measures. The company raised its validator nodes to 11 in April, up from 9 previously, which makes it more difficult for attackers to gain control of the network. (Lazarus gained access to 5 nodes to achieve its hack, including one from the Axie DAO [Decentralized Autonomous Organization].) And it's also implementing a "circuit-breaker" system to flag large withdrawals.
While this hack was clearly meticulously planned and required a significant amount of technical skill, it ultimately hung on a classic vulnerability: social engineering.