Razer Investigates Hacker’s Claims of Breach and Data Theft

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

A threat actor has claimed to have breached and stolen data from the gaming hardware company, Razer Inc. On being made aware of the breach, the American-Singapore technology company in a short statement on Twitter announced investigation into the potential hacking incident.

The alleged incident came to light on July 7, 2023, when on a hacker forum, a user offered the stolen data for $100,000 in Monero cryptocurrency. The data includes encryption keys, source codes, and backend access credentials to the company’s main website and products. According to the seller’s post, there are no restrictions or exclusivity regarding a buyer. Any interested party can contact the seller for the complete data set at the stated price, which is open for negotiation.

To authenticate the data breach claims, the hacker also shared screenshots containing file trees, email addresses of users having Razer Gold accounts, API details, information associated with its reward system, and more. The seller claims to have access to 404,000 accounts. However, the claims about the stolen data are yet to be verified.

Cyber security researchers at FalconFeedsio were the first to spot this post and shared this with the company and the public (in a tweet) as well.

Although Razer has not confirmed the hacking incident, it has announced that the necessary containment measures have been adopted including securing its network, resetting member accounts, and requesting users to reset their passwords. The company also stated that the relevant authorities would be informed upon conclusion of the investigation.

Earlier in 2020, Razer experienced a third-party related security breach that exposed 100,000 customers’ data. The accidentally exposed data included names, phone numbers, billing and shipping details, email address and IDs of its customers.

With 19 offices worldwide, Razer is one of the leading gaming gear companies in the world. In 2021, the company posted a revenue of $1.62 billion.

US and Canadian Authorities in a Joint Advisory Warned of Rising Truebot Activity

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

In a joint cyber security advisory , the US and Canadian federal authorities warned about an increasing use of a newly identified Truebot malware variant. The malware also known as Silence.Downloader in recent times has garnered attention because of its usage by ransomware groups like CL0P.

The Truebot malware is known to collect and steal information from victims for financial gains by delivering phishing emails with malicious attachments. However, the variant that is currently targeting organizations across the US and Canada is exploiting CVE-2022-31199, a remote code execution (RCA) vulnerability in the Netwrix Auditor software.

The on-premises and cloud-based IT system auditing software’s vulnerability is exploited by threat actors to gain initial access and move laterally within the targeted organization’s network. The advisory further went on to say that the malware once downloaded renames itself and deploys FlawedGrace (RAT) onto the compromised network.

The remote access trojan ( RAT ) is ‘’able to modify registry and print spooler programs,’’ features it manipulates to escalate privileges and establish persistence onto the host’s network.

After a few hours of the breach, Truebot also executes Cobalt Strike (RAT) payloads for various post-exploitation attacks, including ransomware deployment and data theft. In addition to these RAT variants and tools, Truebot is also associated with the deployment of other delivery vectors and tools like Raspberry Robin and Teleport.

The joint advisory from the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing and Analysis Center (MS-ISAC), and Canadian Centre for Cyber Security (CCCS) also stressed on the need for immediate mitigation and incident response measures in case of malware detection. It also advised hunting for signs of this malware infection by using the guidelines outlined in the cyber security advisory.

The authorities also advised organizations using Netwrix’s IT system auditing software to apply vendor provided patches to CVE-2022-31199 vulnerability and update it to version 10.5. The advisory also recommended reporting the Truebot hack incident to CISA or the FBI.