Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Germany. Show all posts
Russia
Cyber Attacks Cyberattack Cybersecurity Threats Germany Russia

A New Twist on Old Cyber Tricks

 


Germany’s domestic intelligence and cybersecurity agencies have warned of a covert espionage campaign that turns secure messaging apps into tools of surveillance without exploiting any technical flaws. The Federal Office for the Protection of the Constitution and the Federal Office for Information Security said the operation relies instead on social engineering carried out through the Signal messaging service. In a joint advisory, the agencies said the campaign targets senior figures in politics, the military and diplomacy, as well as investigative journalists in Germany and elsewhere in Europe. 

By hijacking messenger accounts, attackers can gain access not only to private conversations but also to contact networks and group chats, potentially widening the scope of compromise. The operation does not involve malware or the exploitation of vulnerabilities in Signal. Instead, attackers impersonate official support channels, posing as “Signal Support” or a so-called security chatbot. 

Targets are urged to share a PIN or verification code sent by text message, often under the pretext that their account will otherwise be lost. Once the victim complies, the attackers can register the account on a device they control and monitor incoming messages while impersonating the user. In an alternative approach, victims are tricked into scanning a QR code linked to Signal’s device-linking feature. 

This grants attackers access to recent messages and contact lists while allowing the victim to continue using the app, unaware that their communications are being mirrored elsewhere. German authorities warned that similar tactics could be applied to WhatsApp, which uses comparable features for account linking and two-step verification. 

They urged users not to engage with unsolicited support messages and to enable registration locks and regularly review linked devices. Although the perpetrators have not been formally identified, the agencies noted that comparable campaigns have previously been attributed to Russia-aligned threat groups. Reports last year from Microsoft and the Google Threat Intelligence Group documented similar methods used against diplomatic and political targets. 

The warning comes amid a flurry of state-linked cyber activity across Europe. Norway’s security services recently accused Chinese-backed groups of penetrating multiple organisations by exploiting vulnerable network equipment, while also citing Russian monitoring of military targets and Iranian cyber operations against dissidents. 

Separately, CERT Polska said a Russian-linked group was likely behind attacks on energy facilities that relied on exposed network devices lacking multi-factor authentication. 

Taken together, the incidents highlight a shift in cyber espionage away from technical exploits towards psychological manipulation. As secure messaging becomes ubiquitous among officials and journalists, the weakest link increasingly lies not in encryption, but in the trust users place in what appears to be help.
Read more »
Spain
Black Axe Gang Cyber Crime Europe Europol Germany Spain

Europol Cracks Down Gang Responsible for Cyber Crime Worth Billions


Europol’s joint operation to crackdown international gang

Europol recently arrested 34 people in Spain who are alleged to have a role in a global criminal gang called Black Axe. The operation was conducted by Spanish National Police and Bavarian State Criminal Police Office and Europol. 

Twenty eight individuals were arrested in Seville, three in Madrid and two in Malaga, and the last one in Barcelona. Among the 34 suspects, 10 individuals are from Nigeria. 

“The action resulted in 34 arrests and significant disruptions to the group's activities. Black Axe is a highly structured, hierarchical group with its origins in Nigeria and a global presence in dozens of countries,” Europol said in a press release on its website. 

About Black Axe 

Black Axe is infamous for its role in various cyber crimes like frauds, human trafficking, prostitution, drug trafficking, armed robbery, kidnapping, and malicious spiritual activities. The gang annually earns roughly billions of euros via these operations that have a massive impact. 

Officials suspect that Black Axe is responsible for fraud worth over 5.94 million euros. During the operation, the investigating agencies froze 119352 euros in bank accounts and seized 66403 euros in cash during home searches. 

The crackdown 

Germany and Spain's cross-border cooperation includes the deployment of two German officers on the scene on the day of action, the exchange of intelligence, and the provision of analytical support to Spanish investigators. 

The core group of the organized crime network, which recruits money mules in underprivileged communities with high unemployment rates, was the objective of the operation. The majority of these susceptible people are of Spanish nationality and are used to support the illegal activities of the network.

Europol's key role

Europol provided a variety of services to help this operation, such as intelligence analysis, a data sprint in Madrid, and on-the-spot assistance. Mapping the organization's structure across nations, centralizing data, exchanging important intelligence packages, and assisting with coordinated national investigations have all been made possible by Europol. 

In order to solve the problems caused by the group's scattered little cases, cross-border activities, and the blurring of crimes into "ordinary" local offenses, this strategy seeks to disrupt the group's operations and recover assets.



Read more »
threats
Automation Cyber Security Cybersecurity Germany Recruitment Shortage threats

Germany’s Cyber Skills Shortage Leaves Companies Exposed to Record Cyberattacks

 

Germany faces a critical shortage of cybersecurity specialists amid a surge in cyberattacks that caused record damages of €202.4 billion in 2024, according to a study by Strategy&, a unit of PwC. The study found that nine out of 10 organizations surveyed reported a shortage of cybersecurity experts, a sharp increase from two-thirds in 2023. 

Key institutions such as German air traffic control, the Federal Statistical Office, and the Society for Eastern European Studies were targeted by foreign cyberattacks, highlighting the nation’s digital vulnerability. Russia and China were specifically identified as significant cyber threats.

The overall damage to German organizations from cyber-related incidents in 2024 reached €267 billion, with cyberattacks themselves accounting for about €179 billion. Other forms of damage included theft of data, IT equipment, and various acts of espionage and sabotage. Despite the growing threat, the recruitment landscape for cybersecurity roles is bleak.

Only half of the public sector's job ads for cybersecurity specialists attracted more than 10 applicants, and a decline in applications has been noted. Over two-thirds of organizations reported that applicants either partially met or failed to meet the qualifications, with notable gaps in knowledge about cybersecurity standards and data protection.

The most acute shortage exists in critical roles such as risk management, where 57% of respondents identified major gaps in positions responsible for recognizing and responding to cyber threats. Financial constraints pose another barrier to hiring, especially in the public sector, where 78% cited budget issues as a reason for not filling positions, compared to 48% in the private sector. 

Low pay contributes significantly to high staff turnover. Many experts in urgent demand in the public sector are moving to tech companies offering better salaries, exacerbating the problem. The study also revealed that only about 20% of organizations have strategically employed AI to alleviate staff shortages. Experts recommend using bonuses, allowances, outsourcing, and automation to retain talent and improve efficiency. 

Without these interventions, the study warns that bottlenecks in security-critical roles will persist, potentially crippling the ability of institutions to operate and jeopardizing Germany’s overall digital resilience. Strengthening cyber expertise through targeted incentives and international recruitment is urgent to counter these growing challenges. This situation poses a serious risk to the country's cybersecurity defenses and operational readiness .
Read more »
insurance
Akira Bitcoin Customer Data Cyber Attacks Germany insurance

German Mobile Insurance Giant Falls After Devastating Ransomware Attack

 



A cyberattack has brought down one of Germany’s largest phone insurance and repair networks, forcing the once-thriving Einhaus Group into insolvency. The company, which at its peak generated around €70 million in annual revenue and partnered with big names such as Deutsche Telekom, Cyberport, and 1&1, has been unable to recover from the financial and operational chaos that followed the attack.


The Day Everything Stopped

In March 2023, founder Wilhelm Einhaus arrived at the company’s offices to an unsettling sight. Every printer had churned out the same note: “We’ve hacked you. All further information can be found on the dark web.” Investigations revealed the work of the hacking group known as “Royal.” They had infiltrated the company’s network, encrypting all of its core systems, the very tools needed to process claims, manage customer data, and run daily operations.

Without these systems, business ground to a halt. The hackers demanded around $230,000 in Bitcoin to unlock the computers. Facing immediate and heavy losses, and with no way to operate manually at the same scale, Einhaus Group reportedly agreed to pay. The financial damage, however, was already severe, estimated in the multi-million-euro range. Police were brought in early, but the payment decision was made to avoid even greater harm.


Desperate Measures to Stay Afloat

Before the attack, the company employed roughly 170 people. Within months, more than 100 positions were cut, leaving only eight employees to handle all ongoing work. With so few staff, much of the processing had to be done by hand, slowing operations dramatically.

To raise funds, the company sold its headquarters and liquidated various investments. These moves bought time but did not restore the business to its former state.


Seized Ransom, But No Relief

In a twist, German authorities later apprehended three suspects believed to be linked to the “Royal” group. They also seized cryptocurrency valued in the high six-figure euro range, suspected to be connected to the ransom payments.

However, Einhaus Group has not received its money back. Prosecutors have refused to release the seized funds until investigations are complete — a process that could take years. Other ransomware victims in Germany are in the same position, with no guarantee they will ever recover the full amount.


Final Stages of the Collapse

Three separate companies tied to the Einhaus Group have now formally entered insolvency proceedings. While liquidation is a strong possibility, founder Wilhelm Einhaus, now 72, insists he has no plans to retire. If the business is dissolved, he says he will start again from scratch.

The Einhaus case is not unique. Just recently, the UK’s 158-year-old transport company Knights of Old collapsed after a ransomware attack by a group known as “Akira,” leaving 700 people jobless. Cyberattacks are increasingly proving fatal to established businesses not just through stolen data, but by dismantling the very infrastructure needed to survive.


Read more »
malware
Backdoor Badbox BSI Germany malware

Germany Warns of Pre-Installed Malware on 30,000 Devices

 

Earlier this week, Germany's cybersecurity office issued a warning about at least 30,000 internet-connected devices across the nation being compromised by pre-installed malware known as BadBox.

The Federal Office for Information Security (BSI) announced that it had successfully halted communication between the infected devices and the hackers' control servers, preventing further damage. However, devices with outdated software remain at significant risk.

BadBox: A Threat to Low-Cost Devices

The hacker group behind BadBox primarily targets Android devices by embedding malicious code into their firmware. Affected devices include:

  • Smartphones
  • Tablets
  • Connected TV streaming boxes

BadBox’s operators focus on low-cost devices distributed through online merchants or resale platforms. These devices come pre-installed with Triada malware, which opens a backdoor, enabling attackers to:

  • Remotely control the device
  • Inject new software
  • Perform illegal actions

Capabilities of the BadBox Malware

BSI discovered that the malware on compromised devices, such as digital photo frames and streaming gadgets, can discreetly:

  • Generate email and messenger accounts
  • Propagate fake news
  • Commit advertising fraud
  • Act as a proxy for cyberattacks or illegal content distribution

BSI’s Countermeasures

German cyber officials employed a technique known as sinkholing to redirect traffic from infected devices to secure servers, effectively limiting hackers' access. Additionally, the BSI mandated that all German internet service providers (ISPs) with over 100,000 subscribers reroute BadBox traffic to its sinkhole.

The BSI refrained from naming the manufacturers of the compromised devices but advised consumers who received warnings from authorities to disconnect or cease usage of the affected products immediately.

BSI President Claudia Plattner reassured consumers, stating: "There is no immediate danger for these devices as long as the BSI maintains the sinkholing measure. Malware on internet-enabled products is unfortunately not a rare phenomenon. Outdated firmware versions, in particular, pose a huge risk."

Plattner also stressed the need for collective action: "We all have a duty here: manufacturers and retailers have a responsibility to ensure that such devices do not come onto the market."

Takeaways for Consumers

To protect against threats like BadBox, consumers should:

  • Ensure devices are updated with the latest firmware
  • Purchase devices only from reputable manufacturers
  • Stay vigilant about warnings from cybersecurity authorities

As malware threats continue to evolve, proactive measures and industry accountability remain essential in safeguarding digital ecosystems.

Read more »
Germany
botnet Golang C2 Server Cyber Security Cyber Threats DDOS Attack DNS Germany

New Golang-Based Botnet 'Zergeca' Discovered


 

Researchers at QiAnXin XLab have found a new and dangerous botnet called Zergeca. This botnet, written in the Go programming language (Golang), can launch powerful distributed denial-of-service (DDoS) attacks, which can overwhelm and shut down targeted websites or services.

How Zergeca Was Discovered

In May 2024, researchers came across a suspicious file uploaded from Russia to a security website called VirusTotal. This file, located at /usr/bin/geomi, had a unique identifier but wasn't marked as harmful. Another similar file was uploaded from Germany on the same day. This led experts to discover that these files were part of a new botnet, which they named Zergeca, inspired by a string in its code that reminded them of the Zerg creatures from the video game StarCraft.

Zergeca is capable of six different types of DDoS attacks. It also has additional features, such as acting as a proxy, scanning networks, upgrading itself, staying persistent on infected devices, transferring files, providing remote access, and collecting sensitive information from compromised devices. One unique aspect of Zergeca is its use of multiple DNS resolution methods, preferring DNS over HTTPS (DoH) for communicating with its command and control (C2) server. It also uses an uncommon library called Smux for encrypted communication.

The C2 server used by Zergeca has been linked to at least two other botnets named Mirai since September 2023. This suggests that the creator of Zergeca has prior experience with running botnets.

Between early and mid-June 2024, Zergeca was used to carry out DDoS attacks on organisations in Canada, the United States, and Germany. The primary attack method used was known as ackFlood. Victims of these attacks were spread across multiple countries and different internet networks.

Zergeca operates through four main modules: persistence, proxy, silivaccine, and zombie. The persistence module ensures the botnet stays active on infected devices, while the proxy module manages proxying tasks. The silivaccine module removes any competing malware, ensuring that Zergeca has full control of the device. The zombie module is the most critical, as it carries out the botnet's main functions, including DDoS attacks, scanning, and reporting information back to the C2 server.

To stay active, Zergeca adds a system service called geomi.service on infected devices. This service ensures that the botnet process restarts automatically if the device reboots or the process is stopped.

Researchers have gained insights into the skills of Zergeca’s creator. The use of techniques like modified file packing, XOR encryption, and DoH for C2 communication shows a deep understanding of how to evade detection. The implementation of the Smux protocol demonstrates advanced development skills. Given these abilities, researchers expect to see more sophisticated threats from this author in the future.

The discovery of Zergeca highlights the increasing intricacy of cyber threats. Organisations must remain vigilant and adopt strong security measures to protect against such advanced attacks. The detailed analysis of Zergeca provides valuable information on the capabilities and tactics of modern botnets, emphasising the need for continuous monitoring and proactive defence strategies in cybersecurity.


Read more »
Worldcoin project
Biometric data Data Protection Supervision Germany Iris scan OpenAI Privacy Worldcoin Worldcoin project

Germany Admits Investigating Worldcoin’s Eye-Scanning Orb

Privacy issues with the Worldcoin cryptocurrency project, a venture by OpenAI CEO Sam Altman has been in talks since the announcement of its official launch. Several countries have now started considering its potential threats and are looking into the issue with much significance. 

Adding to this, Germany became the third European country ato admit investigating Worldcoin, after France and the US. Thereby, it seems like it would be tough regulatory road ahead for the venture.

The head of Bavarian State Office for Data Protection Supervision, Germany's data watchdog, recently noted that that they have been investigating Worldcoin since November 2022 over suspicion of the venture’s potential of accessing "sensitive data at a very large scale."

Despite being officially launched just last week, Worldcoin continues collecting iris scans from individuals all over the world for the past two years to add to its database. The company claims that this will enable users to verify their identity as humans in the developing age of artificial intelligence by connecting human identity to specific biometric data. While there is hint of intrigue in the project’s idea, it has raised concerns of the critiques. 

For instance, when reporters were dispatched to the project to have their irises scanned, Gizmodo and Futurism both reported that Orb operators did not ask for any prior identification or confirmation that participants are who they claim to be. In the underdeveloped world, participants in the project's pilot program have expressed feeling duped by the trade. Furthermore, since a blockchain is involved, it is unclear whether an individual can ask to have their data removed from the company's database.

However, neither these European data watchdogs nor Ethereum co-founder Vitalik Buterin, whose blockchain Worldcoin relies on, are persuaded that this type of "proof-of-personhood" venture is ready for a widespread adoption.

In a blog post regarding Worldcoin, Buterin claimed that "if even one Orb manufacturer is malicious or hacked, it can generate an unlimited number of fake iris scan hashes, and give them World IDs."

This only leads us to one conclusion, we will not be convinced until Worldcoin reveals what exactly they do with the collected data.

Read more »
Illegal spying
COP27 Cyber Security Egypt Germany Human rights Illegal spying

Germany Accuses Egypt of Spying at COP27

 

German officials have lodged a complaint with the Egyptian government over covert surveillance by the country’s security agents at the COP27 World Climate Conference. 

According to the German Press Agency (DPA), the host country’s security agents have secretly monitored, photographed, and filmed events held at the German pavilion inside the summit venue in the Red Sea resort of Sharm el Sheikh. 

Prior to the incident on November 12, German police warned its speakers of potential security threats that could arise from their participation at the conference. 

"We expect all participants in the U.N. climate conference to be able to work and negotiate under safe conditions. This is not just true for the German but for all delegations, as well as representatives of civil society and the media," Germany's Foreign Ministry issued a statement following the security breach incident. 

Egypt Thwarts Spying Accusations 

Egyptian security sources thwarted the claims, telling DPA that personnel was only present for the safeguarding of foreign seminars and activities for the UN team, and their role as Egyptians was limited to security outside the halls and in the city. 

However, delegations from multiple nations told DPA that Egyptian security personnel had been forced on being a part of closed sessions as well. 

"It is very obvious that the Egyptian authorities are monitoring human rights activities. The only reason they haven't used physical violence yet is that we're in an UN-controlled area," Hossam Bahgat, founder of the Egyptian human rights organization EIPR, stated. 

The UN also acknowledged that some security agents were from the national police and said it was investigating the complaints.

Egypt's shady history 

The issue of Human rights has always been a matter of discussion in Egypt, with President Abdel Fattah al-Sisi's government accused of holding a tight grip on the Middle East nation. 

According to multiple media reports, thousands of individuals, including human rights activists, journalists, students, opposition politicians, businesspeople, and peaceful protesters have been arbitrarily detained. 

Many dissenters are subjected to unfair trials and mistreatment or torture by the Egyptian government. Due to deplorable prison conditions, many have fallen sick and even died. To safeguard the rights of these individuals, neither Human Rights Watch (HRW) nor Amnesty has offices in Egypt. However, a ban on the HRW website, in place for years, was only lifted a few days ago.
Read more »
Phishing and Spam
Arrests Cyber Fraud Cyber Phishing Germany hacker arrested Mobile Phishing phishing Phishing and Spam

Germany: Individual Hacker Arrested for Stealing € 4 Million via Phishing Attacks

 

Germany’s federal criminal police, Bundeskriminalamt (BKA) carried out home raids on three suspects for executing a large-scale phishing campaign, defrauding internet users of €4 million. The phishing campaign was carried out by the charged suspects between October 3, 2020, and May 29, 2021, as per the evidence gathered by the German Computer Crime Office. 

One of the three suspects, a 24-year-old, has been arrested and charged by the BKA, the second, a 40-year-old, has also been charged with 124 acts of computer fraud, while the investigation for the third suspect is still ongoing.  

The hackers allegedly defrauded their victims by imitating as legitimate German banks and sending them phishing e-mails that were clones of messages from some real banks.  

“These e-mails were visually and linguistically believable based on real bank e-mails. The victims were informed in these letters that their house bank would change their security system – and their own account would be affected [...] The e-mail recipients were thus tricked into clicking on a link, which in turn led to a deceptively real-looking bank page. There, the phishing victims were asked to enter their login data and a current TAN, which in turn enabled the fraudsters to see all the data in the account of the respective victim – including the amount of credit and availability. The perpetrators then contacted the victims and tricked them into revealing further TAN numbers as alleged bank employees. With the TAN, they were then able to withdraw funds from the accounts of the victims.” reads the statement issued by BKA. 

The phishing emails reportedly informed the internet users of the changes in their respective bank’s security systems, beseeching the victims to click on an embedded link to continue using the bank’s services. The links redirected victims to a landing page, asking them to enter their credentials and Transaction Authentication Number (TAN), allowing the hackers access to their online banking accounts and withdrawal funds.  

According to the BKA, the hackers even used DDoS against the banks to conceal their fraudulent transactions. "In order to carry out their crimes, the accused are said to have resorted to offers from other cybercriminals who worked on the dark net, selling various forms of cyber-attacks as crime-as-a-service." BKA stated in an announcement. 

In regard to the active cases of phishing attacks and online fraud, the police urged internet users to take certain cautionary measures, such as never clicking a link or opening file attachments in emails that appear to be from a legitimate bank. If in doubt, the users are recommended to contact their banks personally or obtain information from the bank’s respective websites.
Read more »
Investigation
Bitcoin Crypto Cyber Security Germany Hydra Investigation

Germany Shuts Down World's Largest Illegal Marketplace on Darknet

 

The German authorities have confiscated the servers of Hydra Market, the most well-known Russian darknet network for drug sales and money laundering. The authorities were also able to seize 543 bitcoins worth a little more than $25 million from the earnings of Hydra. 

The money seized reflects the scale of the Hydra market, which had over 19,000 registered vendor accounts serving at least 17 million clients worldwide. Hydra Market had a turnover of $1.35 billion in 2020, according to the Central Office for Combating Cybercrime (ZIT) and Germany's Federal Criminal Police Office (BKA), making it the world's largest darknet market. 

Elliptic, a blockchain analytics firm, confirmed the authorities' confiscation of digital assets today, charting the action as 88 transactions totalling 543.3 bitcoin. Hydra also provided stolen databases, falsified documents, and hacking for hire services, in addition to the core focus of narcotics and money laundering. 

An investigation into a shady area 

The BKA, operating on behalf of the Attorney General's Office in Frankfurt am Main, confiscated the market's infrastructure following a coordinated international law enforcement action, according to Hydra's homepage. This move was made possible following a lengthy examination of the platform's previously unknown operators and administrators. 

 Hydra Market had a Bitcoin Bank Mixer, which disguised all bitcoin transactions done on the platform, making it difficult for law enforcement organisations to track money gained through illicit activity, according to the BKA announcement. 

According to a BKA spokesperson, no arrests have been made in this operation, and they are unable to give any other information on the evaluation of the confiscated infrastructure owing to ongoing investigations.
Read more »
Threat actor
Credential stealing Cyber Attacks Germany Phishing Campaign Threat actor

A Phishing Campaign in Germany is Attempting to Steal Banking Credentials

 

Credential phishing attacks aimed at obtaining German banking credentials have become more widespread, according to Proofpoint researchers. Proofpoint analysts have identified multiple high-volume operations imitating large German institutions, such as Volksbank and Sparkasse, employing customized, actor-owned landing sites, since August 2021. Hundreds of organizations are affected by the activity, which is still ongoing.

The commercials were aimed at a variety of industries, with a focus on German companies and foreign workers in Germany. Each campaign, which included tens of thousands of letters, had an influence on hundreds of organizations. Account administration information is included in the phishing emails, but they also contain links or QR codes that lead to a geo-fenced credential harvesting website. Targeted information includes banking branch details, login identity, and PIN. The threat actor used a number of URL redirection tactics to spread the infected URLs. In various efforts, the threat actor used hacked WordPress websites to redirect users to phishing landing pages. 

To spread malicious URLs for phishing and malware assaults, threat actors regularly use WordPress plugins and websites built using WordPress software. Feedproxy URLs and QR codes were also identified being exploited to redirect to phishing pages. Only German visitors are directed to the phishing website. The threat actor's employment of geofencing measures is to blame. Threat actors are utilising IP geolocation checks to determine the location of a target, according to Proofpoint. If the user is not in Germany, they are directed to a website clone ostensibly providing tourist information for Dusseldorf's Rhine Tower. If the user is in Germany, they will be directed to a website that resembles a bank's website. 

Using identical domain naming conventions, the actor hosts these pages on their own actor-controlled infrastructure. Sparkasse credential phishing URLs, for example, frequently begin with "spk-," whereas Volksbank clones begin with "vr-." Some samples of the domains used by this threat actor are, vr-mailormular[.]com/Q20EBD6QLJ, vr-umstellungssystem-de[.]com/FLBSEKZ9S3, spk-security-spk[.]com/P84OZ3OIS2, spk-systemerneuerung-spk[.]com/CJ4F6UFR0T. 

This campaign cannot be linked to a known threat group, according to Proofpoint. However, registrant information linked to several domains found in some of this activity has been linked to over 800 phoney websites, the majority of which imitate banks or financial institutions. This perpetrator may have been targeting users of Spanish banks early this year, according to domain registration. Banking credential theft and fraudulent financial activity cybercriminal threat actors are opportunistic and target huge numbers of victims.
Read more »
Vulnerabilities and Exploits
API Bug Data Exposure Germany Scoolio Vulnerabilities and Exploits

400,000 German Students Data Exposed due to API Flaw

 

A newly found API issue in Scoolio, a school software used by 400,000 German students, has exposed the personal information of those kids. Lilith Wittmann of the IT security collective Zerforchung discovered the issue and notified the applications team immediately. 

Scoolio employs targeted advertising based on data collected from users, the majority of whom are students, without their knowledge or permission. It does, however, assert that it does not collect any user information. 

Scoolio's API shortcomings, as per Wittmann's report, facilitate information extraction based on the user ID. Anyone who uses this technique can obtain the user's username, email address, GPS history, school name and class, interests, UUID data, and personal information such as origin, religion, gender, and so on. 

Furthermore, the researcher also gave a fake representation of the data types affected by the issue. 

The researcher also noted that the API patch to avoid data leak was relatively straightforward and that it arrived in 30 days, on October 25, 2021, after they were notified of the issue on September 21, 2021. She goes on to say that it is impossible to say how many students were affected as Scoolio inflates user statistics. The app's creators have produced an official paper outlining the patch and have confirmed it. 

Scoolio provides users with tools for managing time, homework planning, staying in touch with friends, and even contacting firms for job vacancies or internship options. The business behind this one collaborated with several German schools and marketed it as a remote teaching support software. It was created with funding from three state-owned investment groups: SIB Innovations und Beteiligungsgesellschaft mbH, Technologiegründerfonds Sachsen, and Kreissparkasse Bautzen, so many students are compelled to use the software as a result of collaborations and government initiatives endorsing the same. 

The fundamental issue is that no security flaws are being audited. An initiative dubbed "EduCheck Digital" (EDCD) that began in August is attempting to evaluate which instructional media fulfills German data protection requirements and have the green signal for usage in schools. 

"I would like to thank Ms. Wittmann for the information and the SDS for the exchange and thank you for your feedback on our security measures," Danny Roller, CEO, and founder of the Scoolio app shared in a statement. 

"Fortunately, after extensive testing, we can confirm that No user data was intercepted by third parties before the investigation by Ms. Wittmann and we have successfully closed the gaps found."
Read more »
Russian Hackers
Berlin German Cyber Security Germany Russia Russian Hackers

Berlin accused Russian hackers of preparing cyberattacks before the elections

Andrea Sasse, a spokesman for the German Foreign Ministry, said that German intelligence agencies are recording the growing activity of hackers allegedly connected with Russia.

"The German government calls on the Russian government to immediately stop this illegal cyber activity," she said.

According to the publication Suddeutsche Zeitung, the Federal Office for the Protection of the Constitution (which performs counterintelligence functions in Germany) and the Federal Office for Information Security also warn about the threat of hacker attacks. According to them, hackers have recently been increasingly attacking the personal and official email addresses of members of parliament.

The intelligence service warns that hackers can use the data obtained "to publish personal and intimate information or even fabricated fake news."

"The federal government has reliable information that [the hacker group] Ghostwriter, cybercriminals of the Russian state and, in particular, the Russian military intelligence of the GRU are behind the attacks," Sasse said. According to her, Berlin considers what is happening "as a heavy burden for bilateral relations."

According to U.S. cybersecurity company FireEye, Ghostwriter has existed since at least 2017, it acts "in accordance with the security interests of Russia." The group specializes in spreading disinformation, primarily among residents of Lithuania, Latvia and Poland, mainly about the attitude to the presence of NATO forces in Eastern Europe.

In May 2020, German Chancellor Angela Merkel announced that there was evidence of Russia's involvement in a cyberattack on the systems of the German parliament in 2015. Then a Trojan program was launched into the Bundestag computer system, the attackers managed to gain access to internal documents. The German prosecutor's office issued an arrest warrant for Russian Dmitry Baden, accusing him of working for the Russian secret services. According to German intelligence agencies, Sofacy and APT28 groups were behind the attack, which were "financed by the Russian government."

Read more »
WhatsApp
German Germany Google Ads malware supply chain attacks WhatsApp

German Company Hit By Supply Chain Attack, Only Few Device Affected

Gigaset, a German device maker, was recently hit with a supply chain attack, the hackers breached a minimum of one company server to attach the malware. Earlier known as Siemens Home and Office Communication Devices, Gigaset is Germany based MNC. The company holds expertise in communication technology area, it also manufactures DECT telephones. Gigaset had around 800 employees, had operations across 70 countries and a revenue of 280 Million euros in the year 2018. 

The attack happened earlier this month, the malware was deployed in the android devices of the German company. According to experts, various users reported cases of malware infections, complaining the devices were attacked with adwares that showed unwanted and intrusive ads. Most of the users reported their complaints on Google support forums. A German website published a list of these package names (unwanted popups) which were installed on the android devices. 

Earlier complaints from the users are suggesting that data might've also been stolen from these devices. The foremost issue that these users faced was SMS texting and sending Whatsapp messages, the latter suspended few accounts on suspicion of malicious activity. The company has confirmed about the breach and said that the only the users who installed latest firmware updates from the infected devices were affected. The company is already set on providing immediate solutions to the affected customers. "It is also important to mention at this point that, according to current knowledge, the incident only affects older devices," said the company. 

The company during its routine investigation found that few of the old devices had malware problems. It was further confirmed by the customer complaints. Gigaset says it has taken the issue very seriously and is working continuously to provide short term solution to its customers. "In doing so, we are working closely with IT forensic experts and the relevant authorities. We will inform the affected users as quickly as possible and provide information on how to resolve the problem. We expect to be able to provide further information and a solution within 48 hours," said Gigaset.
Read more »
Russian Cyber Security
Cyber Attacks Germany National Cyber Security Russia Russian Cyber Security

Number of Cyber Attacks from Germany Increased, says Russian Foreign Minister

In the period from 2019 to 2020, Russia registered a sufficient number of cyberattacks from Germany to Russian facilities and organizations. This was stated by Russian Foreign Minister Sergey Lavrov after talks with his German counterpart Heiko Maas. 

Moscow is concerned about the situation with cooperation with Berlin on cybersecurity. "We expressed concern to the German side about the situation in our interaction on cybersecurity,” said Lavrov.

"We noted that last year and this year a significant number of cyberattacks were registered against objects and organizations in Russia, coming from the German segment of the Internet,” said the Russian Minister said.

Recall that at the end of May, the German Foreign Ministry summoned the Russian Ambassador in Berlin, Sergei Nechaev. He was informed that the Prosecutor General's Office of Germany had put on the wanted list a Russian Dmitry Badin on suspicion of participating in a hacker attack on the Bundestag in April-May 2015. 

In addition, the Department reported that Berlin plans to activate the cyber sanctions regime against Russia because of this case. The EU cyber sanctions regime came into force in May and has not yet been applied. Restrictive measures under this regime may include asset freezes, as well as travel bans to EU countries. The imposition of sanctions requires the unanimous approval of all member countries.

The Russian Foreign Ministry said that Berlin did not provide evidence of Russia's involvement in the hacker attack, and strongly rejected the charges. As Andrei Krutskikh, Director of the Department of International Information Security of the Russian Foreign Ministry, said earlier, Moscow offers Berlin to hold consultations on cybersecurity, this would help to settle many claims.

Read more »
U.S
Cybersecurity Germany IT Networks Russia U.S

German Intelligence Warns Companies of Potential Hacking Threats from Russia


According to German intelligence agencies, a group of hackers from the Kremlin are targeting German infrastructures like energy, water, and power resources for a long time. The information came out the first time at the start of this year when investigating officers found evidence of cyberattacks on German companies. The names of the target companies are yet to be known. Still, a cyberattack has compromised them, says statements of German intelligence agencies that were sent to head of these infrastructures.


The group of hackers has been identified as "Berserk Bear." According to the investigation, the hackers are likely to be state-sponsored by the Russian FSB intelligence agency. The hackers are suspected of using the supply chain to infiltrate into German IT infrastructures, says various investigation agencies. According to the investigation, these hackers use openly available malware to permanently infiltrate the company's I.T. network and access sensitive information, along with having complete control over the company's server. The agencies didn't find any damaging evidence against the companies and have refused to offer any comment for the current situation.

The group Berserk Bear is infamous for stealing the U.S. energy companies' data in the year 2018. U.S. President Donald Trump had blamed Russia for the attack. According to cybersecurity experts, Berserk Bear is the group that Moscow is most likely to contact if there is a need to hack the industrial networks. Another hacking team called "Sandworm" was famous for the attack that shut down Ukraine's power supply in 2016 and 2018.

According to Cyberscoop, a cybersecurity website, "Sven Herpig, a cybersecurity expert with the German think tank SNV, welcomed the advisory and urged German companies to heed the warning. The memo has "concrete recommendations of how to spot and protect against an intrusion" from Berserk Bear, he said. The Russian Embassy in Washington, D.C., did not respond to a request for comment on the German agencies' report." Berserk Bear is responsible for various cyberattacks on American and German electrical utilities since 2018, say the cybersecurity experts. The group has been aggressive and attacked several companies.
Read more »
Wall Street Market
Dark Web European Union FBI Germany Valhalla Wall Street Market

World’s largest dark web marketplace shut down by authorities








In a joint operation between European and U.S. authorities servers of the major dark web marketplaces Wall Street Market and Valhalla has been seized in Germany and Finland, and its operators have been arrested from Germany, the U.S. and Brazil.

Both platforms were highly popular for peddling unlawful goods with over 1 150 000 and 5 400 vendors.  The Wall Street market was the second largest dark web marketplace that could be accessed via the Tor network.

The German authorities have arrested three suspects and have “seized over €550 000 in cash, alongside cryptocurrencies Bitcoin and Monero in 6-digit amounts, several vehicles and other evidence, such as computers and data storage.” 

“These two investigations show the importance of law enforcement cooperation at an international level and demonstrate that illegal activity on the dark web is not as anonymous as criminals may think,” said Europol’s Executive Director, Catherine De Bolle.

“Europol has established a dedicated Dark Web Team to work together with EU partners and law enforcement across the globe to reduce the size of this underground illegal economy.”


On dark web vendors could sell almost anything, from drugs to malware. You can also find out forged documents and cryptocurrencies. 
Read more »
Subscribe to: Comments (Atom)