InfoSecBulletin Cybersecurity for mankind
Hudson Researchers reported that on December 20th, ‘irleaks’ claimed to have 160 million records from 23 top insurance companies in Iran for sale.
The hacker says they have stolen data like names, birth dates, phone numbers, national codes, and more. They have shared a sample of the data and want $60,000 for it.
GitLab Patches Critical Authentication Bypass flaw
Ransomware hit Bangladeshi Globe Pharmaceuticals Ltd
Joint cybersecurity advisory
Botnet infects 260,000 SOHO routers, IP cameras with malware
Chrome 129 Released Fix with multiple Security Flaws
Broadcom fixed RCE bug in VMware vCenter Server
Cybercriminal now misuse Microsoft Azure tool to steal data
Apple warns users to install iOS 18 to Fix 33 iPhone Vulnerabilities
CISA adds windows and whatsUp Gold vuls to its KEV
Petroleum and Fuel Industry
FleetPanda exposes Nearly One Million Documents
DESCO faces cyber attack: Customers Data Breach
The data contains personal information like names, phone numbers, ID numbers, addresses, passport numbers, and other sensitive details.
Researchers from Hudson Rock confirm that the data seems to be authentic and mention that carrying out an attack on this scale against numerous insurance companies is extremely challenging.
However, the breach wasn’t sufficient for “irleaks”. On December 30th, the threat actor posted another message claiming to have hacked SnappFood, Iran’s biggest online food ordering company.
The data that was apparently exfiltrated from the company amounts to a staggering 3 Terabytes, and includes incredibly sensitive details such as:
*20,000,000 users data (emails, passwords, phone numbers)
* 51,000,000 user addresses
* 600,000 credit cards data
* 180,000,000 device related information
SnappFood noticed the breach and quickly stated that they are investigating the attack.
It is worth noting that although the origin of the breach is unknown, Hudson Rock researchers identified a recently compromised employee of SnappFood who had their computer infected with a StealC infostealer.
The infection of this employee’s computer resulted in many sensitive credentials of the organization being accessible to some hackers and may have been used as an initial attack vector against the company.
Some of the data includes login details to the company’s Confluence server, Jira server, and other development related URLs.
The combination of sophisticated attacks launched by a single threat actor against industry leading companies in Iran raises the question if this was a state-sponsored attack.
