Here are this week’s highlights in cybersecurity:

  • The FBI confirmed that North Korean cyber actors Lazarus/APT38 were responsible for the theft of $100 million in cryptocurrency assets from Harmony Bridge in June 2022. On Friday, January 13, 2023, the group used RAILGUN, a privacy protocol, to launder over $60 million worth of Ethereum stolen during the heist. More
  • LastPass owner GoTo (formerly known as LogMeIn) disclosed that unknown threat actors stole encrypted backups of some customers’ data along with an encryption key for some of those backups in a November 2022 incident. More
  • Hackers breached Riot Games and stole code for League of Legends, Teamfight Tactics and Packman (anticheat) and requested $10 million ransom to prevent leaking. The company said they won’t pay the ransom. More
  • A sophisticated ad fraud operation called ‘VASTFLUX’ that spoofed more than 1,700 applications from 120 publishers, mostly for iOS, has been disrupted by security researchers at HUMAN. At its peak, VASTFLUX accounted for more than 12 billion bid requests a day. More
  • Hackers breached Zacks Investment Research last year and gained access to personal information belonging to 820,000 customers. More
  • A torrent file with source code belonging to Yandex was leaked on a popular hacking forum. The leak contains source code for all major services. More

Don’t have time to check this page? You can get the news summary every week in your email inbox by subscribing to my newsletter.