- Exzec Cyber Newsletter
- Posts
- HIT squad turned hackers, Trickbot's kingpin unmasked, and hackin' casinos
HIT squad turned hackers, Trickbot's kingpin unmasked, and hackin' casinos
Another week in the cyber-verse
🧠 CyberFact of the Day:
In 2000, a 15-year-old hacker known as “Mafiaboy” launched a series of DDoS attacks that took down major websites like CNN, eBay, and Yahoo (then the #1 search engine). The attacks caused an estimated $1.7 billion in damages and helped spark early cybercrime legislation in the U.S.
📬 This Week’s Clickables
📌 Big News — Russia’s HIT squad turned hackers, and Tickbot’s Kingpin unmasked
🚨 Can’t Miss: Zero-days and zero-earnings
🤖 AI in Cyber: Vibe hackin’ and detecting deepfakes
🛸 Strange Cyber Story: A oldie, but a goodie - casino hacked via a fish tank
🚨 Big Stories This Week
🕵️ GRU’s Unit 29155 Exposed via Unsecured Server
Intro: Russia's covert cyber operations (known as a HIT squad before) suffer a significant setback as journalists uncover sensitive data from an unsecured server belonging to GRU's Unit 29155.
What Happened: Investigative journalists from The Insider accessed an unprotected server linked to Russia's military intelligence unit, GRU's Unit 29155. The server contained internal documents revealing the unit's cyber activities, including a successful 2016 breach of Qatar National Bank. Notably, many operatives lacked formal IT training, and the unit's operations were marred by low morale and corruption.
Why It’s Important: This exposure provides rare insight into the inner workings of a secretive Russian cyber unit, highlighting vulnerabilities within their operational security and the potential risks posed by undertrained personnel.
The Other Side: While the breach underscores operational weaknesses, it also raises concerns about the potential for misattribution and the challenges in securing sensitive information within intelligence agencies.
The Takeaway: The incident serves as a cautionary tale about the importance of robust cybersecurity practices, even within state-sponsored operations, and the potential consequences of neglecting basic security measures.
TL;DR: Journalists uncover sensitive data from GRU's Unit 29155 due to an unsecured server, revealing operational flaws and a significant breach in Russian cyber operations.
Related reading:
🎭 Trickbot Kingpin 'Stern' Unmasked in Germany
Intro: German authorities identify the elusive leader of the notorious Trickbot cybercrime group, marking a significant milestone in global cybercrime investigations.
What Happened: German federal police (BKA) have identified Vitaly Nikolaevich Kovalev, a 36-year-old Russian national, as "Stern," the leader of the Trickbot ransomware group. Over six years, Trickbot targeted thousands of institutions, generating hundreds of millions in illicit profits. The identification is part of Operation Endgame, a multinational effort to combat cybercrime.
Why It’s Important: Unmasking a key figure in a major cybercrime syndicate disrupts ongoing operations and provides valuable intelligence for preventing future attacks.
The Other Side: While the identification is a breakthrough, it remains to be seen how this will impact the broader network and whether it will lead to further arrests or dismantling of the group.
The Takeaway: The successful identification of "Stern" underscores the effectiveness of international collaboration in tackling complex cybercrime networks.
TL;DR: German police identify Trickbot leader "Stern" as Vitaly Kovalev, marking a significant achievement in global efforts against cybercrime.
Related reads:
🔥 Can’t Miss This Week
Google Patches Chrome zero-day: A critical update includes fixes for a zero-day in the Chrome browser being exploited in the wild.
Victoria’s Secret is still a secret: The retailer has delayed it’s earnings call following a major cyber incident.
CISA Urges Action on Exposed Critical Infrastructure: Guidance to help organizations address overlooked risks related to misconfigured systems, default credentials, and outdated software.
Operation ENDGAME 2025: 300 ransomware servers, 650 domains taken down in global police raid.
🤖 AI in Cyber
The Rise of 'Vibe Hacking': Exploration of AI-assisted hacking and its implications.
AI PCs and Cybersecurity Strategies: Experts discuss the need for updated security measures with AI-integrated PCs.
Detecting Deepfakes: MIT’s take on spotting deepfakes and countering misinformation
Google Cloud's AI Protection Framework: Introduction of tools to safeguard AI assets and manage associated risks.
Start learning AI in 2025
Keeping up with AI is hard – we get it!
That’s why over 1M professionals read Superhuman AI to stay ahead.
Get daily AI news, tools, and tutorials
Learn new AI skills you can use at work in 3 mins a day
Become 10X more productive
🧟♂️ Strange Cyber Story of the Week
🎰 Hackers Breach Casino Through Smart Fish Tank Thermometer
Intro: In 2017, a North American casino's high-roller database was compromised via an unexpected entry point: a smart aquarium. While an older story, it’s lesson’s aren’t.
What Happened: Hackers exploited a vulnerability in an internet-connected thermometer within a casino's lobby aquarium. This device, connected to the casino's network, served as a gateway for the attackers to access and extract sensitive data, including information about wealthy patrons.
Why It’s Important: The incident highlights the security risks posed by Internet of Things (IoT) devices, which can serve as weak links in otherwise secure networks.
The Other Side: While IoT devices offer convenience and efficiency, they often lack robust security measures, making them attractive targets for cybercriminals.
The Takeaway: Organizations must assess and secure all network-connected devices, regardless of their perceived importance, to prevent unconventional
TL;DR: A casino's smart fish tank thermometer was exploited by hackers to access sensitive data, underscoring the cybersecurity vulnerabilities of IoT devices.
Further Reading:
Thanks for reading this week’s edition. Like what you see? Forward it!
Hate everything you see or have other feedback? Reply back to this email!