Tag: hacker

  • 11 million game accounts stolen — and APAC is at the heart of it

    11 million game accounts stolen — and APAC is at the heart of it

    A speaker presenting data on compromised gaming accounts in 2024, with a graph showing the number of accounts affected, including Steam and other gaming platforms.

    If you play games online in Asia Pacific, there’s a chance your login is already in a cybercriminal’s shopping cart.

    Kaspersky’s Digital Footprint Intelligence team says 11 million gaming accounts leaked in 2024 alone. Steam took the biggest hit, with 5.7 million accounts stolen via “infostealer” malware — malicious code often hidden inside cracked games, cheats, or shady mods. Another 6.2 million accounts from Epic Games Store, Battle.net, Ubisoft Connect, GOG, and EA also ended up exposed.

    In APAC, the numbers sting: Thailand tops the list with 163,000 compromised Steam logins, followed by the Philippines (93,000) and Vietnam (88,000). At the low end, Singapore had 4,000. The region’s massive player base — 1.8 billion and counting — makes it a natural target for cyberthieves.

    The trouble doesn’t stop at personal losses. Kaspersky found that 7% of leaked Netflix, Roblox, and Discord accounts were registered with corporate email addresses. That means a gaming breach could be the first step toward infiltrating a business network. A weak or predictable password like Word2025!? In a hacker’s hands, it could be cracked in under an hour.

    Once stolen, credentials, credit card info, and even crypto wallet keys are sold or given away on dark web markets — often long after the initial infection. “Even years-old stolen data can come back to haunt you,” warns Kaspersky analyst Polina Tretyak.

    Her advice: scan devices immediately if you suspect a breach, change passwords, and avoid reusing them. For companies, proactive dark web monitoring can catch leaks before they turn into full-blown incidents.

    In short: your next big boss fight might not be in a dungeon — it could be against malware hiding in your game library.

  • Chinese Hacker Bags COVID Research, Emails, and Probably a Bonus—Now Faces Extradition Vacation

    Chinese Hacker Bags COVID Research, Emails, and Probably a Bonus—Now Faces Extradition Vacation

    The U.S. Justice Department has finally confirmed what every cybersecurity expert has been screaming into the void since 2020: that the mass theft of COVID-19 research and a historic email server breach weren’t just the handiwork of anonymous gremlins in a basement, but the work of state-backed hackers—specifically, Chinese nationals allegedly acting on behalf of Beijing.

    On Monday, U.S. officials revealed the arrest of Xu Zewei, a Chinese national and alleged mercenary hacker-for-hire, who was apprehended in Italy at the request of U.S. prosecutors. His crime? Just a casual spree of cyber espionage, including the theft of vital COVID-19 research during a global pandemic and compromising tens of thousands of Microsoft Exchange email servers. You know—just typical Tuesday stuff.

    Xu, along with alleged co-conspirator Zhang Yu, was named in a nine-count indictment that paints a very public and very damning portrait of China’s digital offensive. While Zhang is still at large—presumably somewhere far away from countries with extradition treaties—Xu now finds himself facing the very real prospect of standing trial in the United States.

    According to the indictment, Xu worked for Shanghai Powerock Network Technology Company, which, surprise, has ties to China’s Ministry of State Security. The DOJ claims the firm was essentially a front for state-sanctioned cyber operations, making Xu not just a rogue actor, but a paid foot soldier in an international campaign of intellectual property theft.

    Among the most infuriating charges? The alleged theft of COVID-19 research from U.S. universities in February 2020, a time when the world was scrambling for answers in the face of a mysterious and deadly virus. While researchers toiled around the clock to find a vaccine, hackers like Xu allegedly swooped in to pilfer data that took months—and countless taxpayer dollars—to develop.

    But Xu and Zhang didn’t stop there. According to the Justice Department, they were also behind the infamous 2021 Microsoft Exchange hack, a sprawling digital raid that compromised more than 60,000 servers across small businesses, municipalities, and nonprofits. The hacking group, dubbed “Hafnium” by Microsoft, exploited zero-day vulnerabilities to infiltrate systems, loot private emails, and scrape contact books.

    At the time, Microsoft described the attack as “limited and targeted,” which turned out to be a bit of a corporate understatement. The attack not only disrupted businesses across America but also forced an unprecedented emergency response from the federal government and private cybersecurity firms.

    As if to stay on-brand, Hafnium has reportedly evolved into a new cyber-threat group now known as “Silk Typhoon,” which researchers say has been targeting large corporations and government institutions. So yes, the cyber party is far from over.

    “Today’s announcement sends a clear message: the United States will not tolerate nation-state cyberattacks,” said a Justice Department official, in a statement that feels a little like bolting the door after the hackers have already ransacked the house, stolen the blueprints, and emailed them to Beijing.

    Cybersecurity experts have long warned about the expanding role of state-sponsored hacking groups in China’s geopolitical toolkit. According to a 2023 report by cybersecurity firm Mandiant, Chinese government-linked hackers were responsible for more than 50 percent of all state-backed cyber operations detected worldwide between 2020 and 2022.

    But the arrest of Xu Zewei marks a rare moment of accountability in a cyberwar where the lines between government espionage and freelance criminality are increasingly blurry.

    Whether the U.S. can secure his extradition and actually bring him to trial is still uncertain. What’s clear is that the digital battlefield is now just as important—if not more—than the physical one. And while the Justice Department’s statement is full of bravado, the reality is that for every hacker arrested, a dozen more are booting up their laptops.

    In a world where stealing vaccine research is just another bullet point on a cybercriminal’s resume, maybe it’s time to stop pretending this is just “cybercrime” and start calling it what it is: digital warfare.

  • ICC Systems Breached Again – Maybe Try Not Saving Everything in ‘Important_Files.zip’

    ICC Systems Breached Again – Maybe Try Not Saving Everything in ‘Important_Files.zip’

    The International Criminal Court confirmed a targeted cyberattack on its systems last week, calling it a “sophisticated” incident while offering no real details.

    The Hague-based court claims its response systems immediately detected and contained the breach, though it remains unclear what data may have been compromised.

    A court-wide impact assessment is underway, with mitigation efforts already in motion, as officials scramble to keep their crumbling digital fortress from collapsing.

    This marks the second major breach in two years, following a 2023 attack attributed to espionage, which forced the ICC to sever its internet connection like it was 1999.

    The latest cyber strike conveniently coincided with a NATO summit in The Hague and ongoing ICC proceedings against global political heavyweights including Vladimir Putin, Benjamin Netanyahu, and Hamas leader Ibrahim Al-Masri.

    Tensions had already escalated in June when U.S. Secretary of State Marco Rubio imposed sanctions on four ICC judges over investigations into American actions in Afghanistan and war crimes allegations against Netanyahu.

    The ICC continues to play defense both in court and in cyberspace, as global powers appear increasingly allergic to accountability.

  • Hackers Now Boarding: Scattered Spider Graduates From Casinos to Crashing Airlines

    Hackers Now Boarding: Scattered Spider Graduates From Casinos to Crashing Airlines

    The FBI and cybersecurity firms have issued a joint warning that the hacker group Scattered Spider is now targeting airlines and the transportation sector.

    Cybersecurity experts at Google’s Mandiant and Palo Alto Networks’ Unit 42 confirmed the group’s increased activity in the aviation industry.

    Scattered Spider, made up mostly of young English-speaking hackers, is infamous for stealing sensitive data and extorting companies using phishing and threats.

    The group’s tactics include impersonating employees, manipulating IT help desks, and in some cases, deploying ransomware.

    The FBI said the group’s new targets may include large airlines as well as third-party IT vendors and contractors in the transportation supply chain.

    At least two airlines have been affected this month, with WestJet reporting an unresolved cyberattack linked to the group.

    Hawaiian Airlines also disclosed it is responding to a cyber intrusion and working to secure its systems.

    The airline hacks follow the group’s recent attacks on the U.K. retail sector and insurance industry.

    Scattered Spider has previously breached major hotel chains, casinos, and tech companies, proving once again that no sector is off-limits when there’s ransom money on the table.

  • Congratulations, Your TikTok App Just Robbed You: New Spyware SparkKitty Prowls App Store and Google Play

    Congratulations, Your TikTok App Just Robbed You: New Spyware SparkKitty Prowls App Store and Google Play

    Kaspersky has uncovered a new mobile spyware threat called SparkKitty that targets both iOS and Android users through crypto, gambling, and fake TikTok apps.

    The Trojan was found embedded in apps distributed not just via shady websites but also through the supposedly safe havens of Google Play and the App Store.

    SparkKitty quietly sends photos and device data from infected phones to cybercriminals who appear to be focused on stealing cryptocurrency, especially from users in Southeast Asia, including the Philippines.

    The malware campaign uses developer tools to sneak past Apple’s gatekeeping, with one Trojan posing as a crypto app named 币coin and others masquerading as TikTok or gambling platforms.

    On Android, a fake messenger app with crypto exchange features, SOEX, racked up over 10,000 downloads from Google Play before its true nature was discovered.

    Scam websites and social media platforms like YouTube were used to promote infected apps, pushing unsuspecting users to hand over their digital lives wrapped in a sleek crypto-themed user interface.

    Once installed, the apps behaved like the real deal while secretly scraping photo galleries for screenshots that might contain crypto wallet recovery phrases.

    SparkKitty appears to be the malicious offspring of the earlier SparkCat malware, which had similar crypto-stealing functionality and holds the honor of being the first known iOS Trojan with built-in OCR.

    This marks the second time in a year that Kaspersky has identified full-fledged spyware sneaking into the App Store, further eroding any illusions of Apple’s walled garden.

    Security experts advise users to delete infected apps, avoid storing sensitive screenshots, and be suspicious of any app that wants access to photo galleries just to trade coins or watch videos.

    And yes, Kaspersky recommends using their own security software to fend off the very threats they just uncovered — how convenient.