News Heading - 1

Mexico-Based Threat Actor Targets Global Bank Users With Android Trojan

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer

New security report published by SentinelOne revealed a Mexico-based eCrime threat actor that has been linked to a series of attacks targeting major banks around the world. With a focus on Spanish and Chilean financial institutions, the campaign spanned nearly two years, from June 2021 to April 2023.

Some of their notable targets include Santander, BBVA, Deutsche Bank, ING, and CaxiBank.

The report by security researcher Pol Thill was published by SentinelOne following the first Malware Research Challenge which was done in partnership with vx-underground. According to Thill, the threat actor behind the campaign is codenamed Neo_Net and is known to use unsophisticated tools.

The Spanish speaking threat actors have become quite prominent since their discovery in early 2021. In addition to deploying cybercrime campaigns, the actor is known to engage in the sale of victims’ data on its Ankarex channel as well as advertise its Android malware, ‘’ Ankarex Smishing-as-a-Service platform’’ to select members.

In the current campaign, by using Neo_Net’s proprietary service, Ankarex, the threat actors initially employ SMS phishing tactics and deceive the victims into sharing sensitive information and credentials. The carefully crafted messages that seem to be authentic important communication from banks also contain hyperlinks to bogus landing pages. These pages help the actors exfiltrate the victims’ banking credentials, including their IP addresses and user agents.

Despite the use of basic hacking tools, the threat actors have witnessed remarkable success. Over the said period, they’ve stolen more than €350,000 from targeted bank accounts and compromised personal information of thousands of victims. The stolen information includes phone numbers, names, and national identity numbers.

‘’The success of their campaigns can be attributed to the highly targeted nature of their operations, often focusing on a single bank, and copying their communications to impersonate bank agents,’’ noted Thill.

News Heading - 2

Microsoft Denies Data Theft Claims Involving 30 Million Customer Data

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer

A self-proclaimed hacktivist group known as ‘‘Anonymous Sudan’’ has claimed to have stolen credentials for millions of Microsoft customers by breaching the company’s servers. The Redmond-based software company on the other hand has categorically denied these claims.

Earlier this week, the group announced that it had successfully breached Microsoft’s network system and extracted a massive database having credentials of more than 30 million customers. The database which is now available for a going price of $50,000 includes information on Microsoft accounts, emails, and passwords. The group announced that interested parties can use their Telegram bot to contact and arrange a purchase of the database.

In the Telegram post, the group also posted a small sample of the allegedly stolen data to prove the authenticity of their hacking claims, in addition to warning readers that the incident would be refuted by Microsoft. The sample’s authenticity cannot be verified, for the time being.

In the aftermath of the post, Microsoft released a statement to various press outlets, where the spokesperson stated that the data was probably collected from sources other than the company. ‘’At this time, our analysis of the data shows that this is not a legitimate claim and an aggregation of data. We have seen no evidence that our customer data has been accessed or compromised,’’ the spokesperson said.

In recent months, Anonymous Sudan which Microsoft tracks as ‘’Storm-1359’’ has been repeatedly targeting the company. Around a month ago, Microsoft announced having suffered DDoS attacks by the group which affected the service continuity of its Outlook, Azure cloud services, SharePoint Online, and OneDrive for Business products. At that time too, the company claimed that none of its customer data had been compromised.

For the time being, it cannot be confirmed whether Microsoft is investigating this incident any further or what would be its stance if Anonymous Sudan’s alleged claims prove to be true.