Hackers: artists’ Vevo channels attacked, food delivery problems, VLC used for espionage

Several security companies have reported new hacker attacks in the past few hours, which would have involved both the Vevo channels of the artists on YouTube, and provided for the use of the VLC software: in addition, there are disruptions to well-known regional food deliveries.
Hackers: artists' Vevo channels attacked, food delivery problems, VLC used for espionage

Security problems in the digital world continue, with new emergencies involving important services, such as YouTube, the VLC playback software and some famous food delivery services.

Starting from YouTube, in the past few hours the Vevo network (participated by Sony Music Entertainment, Warner Music Group, Universal Music Group and Google which also publishes the ads of its advertising circuit), which manages the artist channels (to which it provides tools ad hoc so that their distributor or record company updates the Official Channel), confirmed that they had suffered an attack. The latter has affected the channels of different artists (eg. Michael Jackson, Eminem, Ariana Grande, Taylor Swift, Harry Styles, Harry Styles) on which some strange videos have been uploaded (eg. Of the Spanish scammer Paco Sanz) that have totaled several visits, with image damage to the owners of the Canal.

At the moment, the author of the “defacing” is not yet known, even if the Channels have been restored, with the removal of the uploaded videos, specifying that the attacker did not have access to the contents previously loaded in the Channels involved. In admitting the problem, Vevo, which had already suffered a violation 5 years ago, with 3 TB of stolen data (including videos and promotional material) then ended up on the Net, promised a revision, at this point really necessary, of its safety mechanisms.

Even the food delivery platforms Zomato and Swiggy, very active in India, have encountered, according to Downdetector, several problems, with users complaining about the inability to browse menus, place orders, track food delivery. Apparently, everything seems to be due to a simultaneous interruption of the AWS (Amazon Web Services) servers of the respective services which, in any case, returned to operation in about half an hour with Zomato and Swiggy who had immediately talked about a “problem temporary “to whose resolution they were dedicating themselves.

According to Bleeping Computer, which has collected the testimonies of several security houses (e.g. Symantec), an attack is also underway by the hacker group Cicada (also known as APT10 or Stone Panda) which usually hit Japan, while now it has expanded its horizons also involving Italy (in addition to the USA, Canada, Israel. Turkey, India, Hong Kong, and Montenegro). The targets of the attack, underway since March, are NGOs, organizations active in the legal and governmental fields and even bodies operating in “religious activities”.

The way in which the criminals, probably of Chinese origin, would operate involves the use of a clean copy of the VLC multimedia player in which it would be loaded in side-loading, via DLL, a malware still unnamed but dedicated to espionage, which – to gain initial access – would exploit a vulnerability in Microsoft Exchange servers. The recovered data, including active processes and details of the affected system, would then be exfiltrated through the Sodamaster backdoor and forwarded to a remote command and control server (WinWCN), from which hackers could also order the download of further malicious payloads .

LEAVE A REPLY

Please enter your comment!
Please enter your name here