Data Allegedly Stolen From US Marshals Service Ransomware Attack Up for Sale

• Written by Ari Denial Cybersecurity & Tech Writer

On a hacking forum in the Russian language, a threat actor is reportedly selling hundreds of gigabytes of data that they claim to have stolen from servers of the US Marshals Service (USMS).

The threat actor is claiming to have 350 GB of confidential law enforcement data from the US Marshal Service. A newly registered account has allegedly posted the offer for sale at a price of $1,50,000.

The data being offered reportedly contains aerial footage and photographs of military installations and other highly secure areas, as well as copies of passports and identification documents. Additionally, it allegedly includes information on wiretapping and surveillance of citizens.

According to the threat actor, the files being sold also contain information on convicts, gang leaders, and cartels. The data is allegedly marked as SECRET or TOP SECRET in some cases.

Drew J. Wade, a spokesperson for USMS, has confirmed that a major ransomware attack took place on February 17th, and that sensitive data was stolen. The stolen data reportedly included returns from legal processes, administrative information, and information pertaining to USMS investigations.

Although the hacker selling the data has claimed that they possess details of individuals under the witness protection program, the US Marshal Service has stated that the threat actor was unable to access this information.

USMS spokesperson Drew Wade has confirmed that the stolen data in this incident, which has been categorized as a “major incident,” contains personally identifiable information of USMS employees.

Sources close to the incident have informed NBC News that the attackers were unable to access the Witness Security Files Information System (WITSEC), also known as the witness protection program, database belonging to USMS.

USMS had reported another data breach in May 2020, where details of over 3,87,000 current and former inmates were exposed. The incident, which took place in December 2019, reportedly disclosed their names, home addresses, dates of birth, and social security numbers.

Chrome Extension Impersonating ChatGPT Found to be Stealing Facebook Accounts

• Written by Ari Denial Cybersecurity & Tech Writer

A harmful Chrome extension named Chat-GPT has been found to extract sensitive information from Facebook accounts and generate unauthorized admin accounts to spread malicious software, as per Nati Tal , a researcher at Guardio Labs.

The malicious actors achieve this by utilizing two fake Facebook applications, “portal” and “msg_kig”, which serve as backdoors to gain complete control over the targeted profiles. The process of adding these applications to the victim’s Facebook accounts is automated.

Tal stated that, the threat actor builds a group of powerful Facebook bots and a malevolent paid media network by taking control of prominent business accounts on the platform. Through this tactic, the threat actor is able to promote Facebook paid ads while exploiting its victims, which in turn spreads the malware in a self-perpetuating, worm-like fashion.

After hijacking the Facebook business accounts, the threat actors utilize them to advertise the malware, thereby propagating the scheme and expanding the network of compromised accounts.

The incident shows how threat actors are exploiting the popularity of OpenAI’s ChatGPT by creating fake versions of the chatbot. Unsuspecting users are being tricked into installing these fake versions.

In a separate incident last month, Cyble uncovered a social engineering campaign that utilized an unauthorized ChatGPT social media page. The page directed users to malicious domains where they unknowingly downloaded information stealers such as RedLine, Lumma, and Aurora.

In addition to the fake ChatGPT extension for Chrome, fraudulent ChatGPT applications have been observed distributing SpyNote malware to users’ devices via the Google Play Store and other third-party Android app stores.

Google removed the “Quick access to Chat GPT” extension from the Chrome Web Store after it was reported to have gained 2,000 daily installations. This was confirmed by Nati Tal, a researcher at Guardio Labs.