Credit Suisse, a global investment bank and financial services firm, has reportedly fallen victim to a cyberattack. The Credit Suisse data breach was allegedly masterminded by a threat actor (TA), operating under the alias “888,” on the data hack site BreachForums. The TA claims to have accessed highly sensitive data of the bank and posted it on the dark web marketplace. According to the the threat actor, the data breach contains personal information of about 19,000 of the bank’s Indian employees.

Credit Suisse Data Breach Details

Credit Suisse was founded in 1856 and has approximately $15.21 Billion in revenue. It is one of the leading institutions in private banking and asset management, with strong expertise in investment banking. On June 25, 2024, the threat actor claimed to have carried out a cyberattack on the bank and exfiltrated details on 19,000 of its users. [caption id="attachment_79024" align="alignnone" width="1622"] Source: X[/caption] The breached data purportedly includes names of employees, 6,623 unique email addresses, their codes, date of birth, gender, policy name, relationships, dates of joining, effective dates, statuses, and entities. To substantiate the claim, the threat actor 888 provided a sample of the data breach, which contains details of Credit Suisse employees in India. [caption id="attachment_79025" align="alignnone" width="1362"] Source: X[/caption] The TA, however, did not provide a specific price for the sale of data and has requested potential buyers to quote a figure. The hacker commented that they are only accepting cryptocurrency as the mode of payment. More specifically, the hacker was open to payment on Monero (XMR), a digital currency renowned for its privacy and anonymity attributes. This method of payment is often utilized in illegal transactions to evade detection. Despite these claims by the threat actor, a closer inspection reveals that the bank’s website is currently functioning normally, showing no signs of a security breach. The Cyber Express has reached out to the bank to verify the alleged cyberattack. As of now, no official statements or responses have been received, leaving the claims unverified.

Not the First Credit Suisse Data Breach

This is not the first time that Credit Suisse has been involved in a security breach. According to a report published in The Economic Times, in 2023, the bank warned its staff that a former employee stole personal data of its employees, including salaries and bonuses. The information included salary and "variable compensation" for a period between 2013 and 2015. Another Bloomberg report said that a data breach in 2023 impacted numerous former Credit Suisse clients who collectively held a staggering $100 billion in accounts.

Credit Suisse Hacker Targeted Big Multinationals Recently

There are many concerns over the potential misuse of sensitive information found in the data breach, which includes customer names, dates of birth, and relationships. Credit Suisse should investigate the data breach claims considering the history of the threat actor. Earlier this month, the TA 888 claimed to have stolen data of over 32,000 current and former employees of Accenture. The company, however, denied the claims and said that the data set published by the hacker had only three employee names and email addresses. The hacker also claimed responsibility for leaking details about 8,174 employees of Heineken across several countries. Prior to this, 888 also staked claims for an attack on oil and gas multinational Shell.  The TA posted sample information sharing personal details of Australian customers. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.  

Notorious ransomware group BianLian has claimed to have added two new organizations as its latest cyberattack victims. The BianLian ransomware attack was allegedly carried out on two US-based firms, namely, Better Business Bureau Inc and U.S. Dermatology Partners. The infamous actor has claimed to have accessed sensitive data including financial, contract, and employee profiles from both its victims.

BianLian Ransomware Attack: Critical Details  

The first organization targeted by hackers was Better Business Bureau (BBB), which is a private, nonprofit organization founded in 1912 in Arlington, Virginia. The firm maintains a massive database of accredited and non-accredited businesses, providing ratings based on several factors. The Better Business Bureau has a revenue of $430.6 Million. [caption id="attachment_79001" align="alignnone" width="1259"] Source: X[/caption] The threat actor claims to have accessed 1.2 TB of organization data, including accounting, budget, and financial data; contract data and NDAs; files from the CFO's computer; operational and business files; and email and PST archives. The group has also disclosed sensitive information such as the names, personal email addresses, and phone numbers of BBB’s CEO, vice president, chief accreditation officer, and chief activation officer. The other organization that has allegedly fallen victim to the ransomware group is US Dermatology Partners. The organization, with a revenue of $213.7 Million, is one of the premier dermatology practitioners in the USA, caring for over two million patients annually. [caption id="attachment_79002" align="alignnone" width="1259"] Source: X[/caption] The hackers claimed to have accessed 300 GB of organization data, including personal data, accounting and budget information, financial data, contract data and NDAs, and employee profiles.

Potential Impact of BianLian Ransomware Attack

If proven, the potential consequences of this ransomware attack could be critical as the accounting and financial details of both these firms could be leaked. The organizations should take appropriate measures to protect the privacy and security of the stakeholders involved. Financial data breaches can lead to identity theft, financial fraud, and a loss of trust among clients, potentially jeopardizing the company’s standing in the industry. Currently, details regarding the extent of the BianLian ransomware attack, data compromise, and the motive behind the cyber assault remain undisclosed. Despite the claims made by BianLian, the official websites of the targeted companies remain fully functional. This discrepancy has raised doubts about the authenticity of the BianLian group’s assertion. To ascertain the veracity of the claims, The Cyber Express has reached out to the officials of the affected organizations. As of the writing of this news report, no response has been received, leaving the ransomware attack claim unverified.

History of BianLian Ransomware Group Attacks

BianLian, a ransomware group, has been targeting critical infrastructure sectors in the U.S. and Australia since June 2022. They exploit RDP credentials, use open-source tools for discovery, and extort data via FTP or Rclone. FBI, CISA, and ACSC advise implementing mitigation strategies to prevent ransomware attacks. Initially employing a double-extortion model, they shifted to exfiltration-based extortion by 2023. According to a report by  BlackBerry, BianLian ransomware showcases exceptional encryption speed and is coded in the Go programming language (Golang). This sophisticated approach has enabled the group to strike multiple organizations, leaving a trail of unverified claims in its wake. Earlier in 2024, the group targeted companies such as North Star Tax and Accounting, KC Pharmaceuticals, Martinaire. In its attack on MOOver, the group claimed to have accessed a staggering 1.1 terabytes of the firm’s data. Subsequently, Northeast Spine and Sports Medicine also found themselves on the list of victims. All these claims, similar to the recent attack, remain unverified. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

India’s largest government-owned-telecommunications service provider, Bharat Sanchar Nigam Ltd (BSNL), has allegedly suffered a massive data breach, the second such instance in less than six months. The BSNL data breach reportedly involves critical data including international Mobile Subscriber Identity (IMSI) numbers, SIM card information, Home Location Register (HLR) specifics, DP Card Data, and even snapshots of BSNL's SOLARIS servers which can be misused for SIM cloning.

Exploring Claims of BSNL Data Breach

The BSNL data leak was first disclosed by an Indian firm, Athenian Tech, in its threat intelligence report. According to the report, a threat actor, operating under the alias “kiberphant0m”, leaked a significant amount of sensitive data affecting millions of users. The threat actor posted this information on the data hack site BreachForums and shared samples of the breach to legitimize the claim. Overall, around 278GB of sensitive information could be compromised. The hacker also posted details of call log samples which leaked sensitive information like mobile numbers of users, the date and duration of calls, and the amount charged for the call in Indian Rupees. The call log samples were being leaked in two sets: one for the month of May 2024 and another from 2020. This indicates that the data breach was a recent attack raising questions over the security checks in place at BSNL. The threat actor was selling the alleged stolen data for $5,000. The steep price tag could indicate the significant value of the stolen data which is sensitive. The Cyber Express has yet to verify the authenticity of the recent BSNL data breach and has contacted the organization for an official response.  This article will be updated based on their response.

Potential Implications of BSNL Data Breach

1. SIM Cloning and Identity Theft: Cloning a SIM involves creating a duplicate card that has the same IMSI and authentication keys, thus making it easy for the attackers to intercept messages/ calls, gain access to people’s bank accounts, and embezzle their finances.
2. Privacy Violations: Identity theft means that one can gain unauthorized access to the individuals’ communication and breaches.
3. Financial and Identity Theft: Illegal operations can defeat protective procedures in the financial portfolios, which entail substantial monetary losses and cases of identity theft.
4. Targeted Attacks and Scams: The user could be exposed to major security risks and could be vulnerable to phishing schemes and other social engineering attacks, exploiting their trust in BSNL.

The threat is not just limited to the consumers, but also to BSNL’s operations and security. Illegal access to servers can result in service disruptions, slow performance, and unauthorized access to telecom operations. Leaking of such information poses a severe threat to critical infrastructures and paves the way for future attacks on complex systems interconnectivity. BSNL users should remain vigilant and monitor any unusual activity on their phones and bank accounts and enable two-factor authentication (2FA) for added security on all accounts. BSNL too should take immediate action if the breach is confirmed, secure network endpoints, and audit access logs. They should enhance security measures, conduct frequent security audits, and adopt advanced threat detection technologies.

Second BSNL Data Breach in Less Than Six Months

If the data theft claims are proven, it would be the second instance of a cyberattack on BSNL in less than six months. In December 2023, a threat actor known as “Perell” claimed access to critical information about fiber and landline users of BSNL. The dataset contained about 32,000 lines of data allegedly impacting over 2.9 million users. However, BSNL did not validate the claims back then. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

The notorious BlackBasta ransomware group is claiming credit for carrying out cyberattacks on major multinationals in the U.S. The ransomware gang claims it has access to sensitive data of financial services firm Key Benefit Administrators and healthcare apparel retailer Scrubs & Beyond. BlackBasta was recently suspected to have exploited a Microsoft zero-day prior to Microsoft’s release of a patch for the vulnerability back in March.

Decoding BlackBasta Ransomware's Alleged Attack

The first organization targeted by BlackBasta is Key Benefit Administrators, Inc., which offers financial services. The company provides employment benefit services that manages pension, retirement, health, and welfare funds. BlackBasta claims to have access to 2.5TB of sensitive data of the firm, including client, executive, and employee info. [caption id="attachment_78852" align="alignnone" width="1247"] Source: Ransomware.live[/caption] The other organization targeted by the ransomware group is Scrubs & Beyond, which is the largest retailer of healthcare apparel and accessories in the U.S. The ransomware crew claims to have accessed 600GB of the organization’s sensitive data, including HR, employee, and departmental files. [caption id="attachment_78853" align="alignnone" width="1238"] Source: Ransomware.live[/caption] Until an official statement is released by the two firms, the facts behind the BlackBasta ransomware attack claim will likely remain elusive. If BlackBasta's claims are proven true, the implications could be significant. The compromise of sensitive legal information and client data could have broad consequences, not only for the firms concerned but also for its clients and partners.

How Does BlackBasta Group Operate?

BlackBasta is a highly active ransomware group that has quickly gained a reputation for targeting high-value organizations across various industries. BlackBasta typically uses sophisticated phishing campaigns, and exploits known vulnerabilities in software to obtain access to their targets' systems. After gaining access, the group encrypts critical data and demands hefty ransoms for its release.

Previous Attacks By BlackBasta

A recent joint security advisory from the U.S. Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Department of Health and Human Services (HHS), and Multi-State Information Sharing and Analysis Center (MS-ISAC) stated that Black Basta has, through its affiliates, compromised more than 500 organizations all over the world. The victims include organizations that span 12 of 16 critical infrastructure sectors, including the Healthcare and Public Health (HPH) sector. A few of BlackBasta’s victims include Microsoft, Hyundai Europe, Capita, The American Dental Association, Yellow Pages Canada, and Dish, among others.

How to Protect Against Ransomware

The ever-present threat of ransomware requires vigilant cybersecurity practices by consumers and organizations alike. Keeping software and operating systems up-to-date: Many ransomware attacks exploit vulnerabilities in outdated software and operating systems. By keeping software and operating systems up-to-date, you can minimize the possibility of a ransomware attack. Backing up important data: If your files are encrypted by ransomware, you may be able to restore them from a backup. By regularly backing up important data, you can increase the chances that you can recover your files if they are encrypted by ransomware. However, those backups should be immutable and ransomware-resistant - a good backup service provider may be your surest bet. Using antivirus software: Antivirus software can detect and remove various types of malware, including ransomware. By using antivirus or endpoint security software, you can reduce the risk of a ransomware attack. Being cautious of suspicious emails: Many ransomware attacks are spread via phishing emails. You can lower the risk of a ransomware attack by being wary of suspicious emails and refraining from clicking on links or opening attachments from unknown sources. Educating employees about cybersecurity: Employees play a critical role in defending against cyberattacks. It is of utmost importance that they understand the best practices and know how to identify and report suspicious activities. Isolating critical workloads and data: Isolating your most important data and applications with technologies such as microsegmentation, VLANs, firewalls and strict access and permission controls will create an extra layer of security that will make it that much harder for ransomware to infect your most critical systems. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

The infamous cybercrime marketplace BreachForums faced an awkward scenario on June 25, 2024, when a threat actor leaked unverified information about "Aegis”, one of the forum moderators. The doxxing incident of BreachForums moderator was first reported by a LinkedIn user on a cybersecurity forum named “CISO2CISO”.

BreachForums Moderator Doxxing Details

On Tuesday, Bhavesh Mohinani, an SOC analyst and a member of "CISO2CISO,"  shared screenshots of a BreachForums post by an anonymous threat actor that allegedly contained sensitive Personally Identifiable Information (PII) of BreachForums moderator "Aegis". [caption id="attachment_78802" align="alignnone" width="1069"] Source: LinkedIn[/caption] The threat actor claimed that he obtained “bits and pieces” information about Aegis through his friend. “One thing I was given was a first name and an IP. Looking into it, you find out his information is very much out there! So much OPSEC, am I right,” the TA wrote in his post. OPSEC or Operational Security, is a process that identifies seemingly innocuous actions that could inadvertently reveal critical or sensitive data to a cybercriminal. Elaborating the details of Aegis, the threat actor claimed, “Aegis is a 17-year-old Egyptian resident living with his mother. His father seems not to have been found. Aegis started off being a skid, stealing code, claiming to be harmful and so on...he is a loser. “Aegis will most likely deny this being his information but if this post gets taken down, you will know the truth/ love everyone! Expect this loser,” the TA wrote. The user also shared details claiming to be the moderator’s phone number, IP address, residential address and telegram account. [caption id="attachment_78803" align="alignnone" width="1091"] Source: LinkedIn[/caption] While there is no confirmation or credibility to the claims shared by the anonymous actor, the post was deleted as soon as it was shared. However, the post has raised concerns about the security and trustworthiness of online communities.

What is Doxxing?

Doxxing, or doxing for short, is when someone puts your personal information out there on the internet. This can include information like where you work, your home address, your credit card numbers, and other private details. Usually, the intention of the threat actor is to harass the victims. The word "doxxing" first came about in the 1990s, starting from the word "documents," which got shortened to "docs," and then finally became "dox." When people talk about "dropping dox," they mean cybercriminals revealing the true identities of their rivals, taking away their anonymity, and making them vulnerable to the authorities. A doxxing attack begins with the threat actor gathering extensive information about their target, searching online and checking social media for clues. Social media can reveal workplace details, which can be exploited for attacks. Skilled threat actors might also trace a target’s IP address to determine their location. The more data a threat actor collects, the more harm they can inflict. While some doxxing incidents are minor, like sending unwanted pizza deliveries, others can lead to severe consequences such as online harassment, swatting, identity theft, reputational damage, physical assault, job loss, or stalking. The alleged doxxing of the BreachForums moderator has raised questions about whether it would lead to the arrest of another threat actor and if it signals the decline of the forums. For example, in California, doxing is considered a serious offense, and individuals engaging in this activity could face legal consequences. Individuals arrested and charged with cyber harassment (doxing) under Penal Code §653.2 face up to one year in jail and a fine of up to $1,000. In April 2023, Hong Kong’s privacy watchdog, Office of the Privacy Commissioner for Personal Data, arrested a 27-year-old woman on suspicion of doxxing after she allegedly posted the personal details of her friend’s ex-boyfriend on social media.

Prevention Against Doxxing

To protect users against doxxing, one must use strong, unique passwords for each account and enable Multi-Factor Authentication (MFA). Cleaning the digital footprint by removing personal information from online sites, deactivating old accounts, and adjusting privacy settings is regarded as a healthy practice. Using a VPN is recommended to hide the user’s IP address and prevent location tracking. Users must also be vigilant against phishing scams by recognizing poor spelling, mismatched email addresses, and unsolicited links. Finally, avoiding oversharing personal information online and keeping social media profiles private is a healthy digital practice to enhance security. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Jollibee Foods Corporation (JFC), which is the largest fast-food chain operator in Philippines, has launched an investigation for an alleged data breach in its system that may have affected millions of its customers across the globe. The Jollibee probe was initiated after a threat actor claimed responsibility for breaching the systems of the Jollibee Foods Corporation. On June 21, The Cyber Express reported that a notorious attacker, operating under the alias “Sp1d3r”, claimed to have access to the sensitive data of 32 million customers of the fast food chain and offered to sell the database for $40,000 on the dark web. [caption id="attachment_78479" align="alignnone" width="1950"] Source: X[/caption]

Details of Jollibee Probe into Cyberattack

The Philippines National Privacy Commission (NPC) regulations make it mandatory for organizations in the country to report and inform stakeholders of cybersecurity incidents within 72 hours of discovery. A statement was released on June 22 by Richard Shin, Chief Financial Officer and Corporate Information Officer of JFC, which said that it was addressing “a cybersecurity incident” that reportedly affected the company, “in addition to other subsidiaries”. “The Company is addressing the incident and has implemented its response protocols and deployed enhanced security measures to further protect the Company’s and its subsidiaries’ data against threats. The Company has also launched its investigation on the matter to understand the scope of this incident, and is currently working with the relevant authorities and experts in its investigation,” the statement said. JFC, however, added that its e-commerce platforms and those of its subsidiaries’ brands remained unaffected by the cyberattack and continued to be operational. It added that the safety of data from stakeholders was paramount for the company. “JFC recognizes the value and importance of the confidentiality of personal information of its stakeholders. The Company assures the public of its commitment to prioritize the protection and confidentiality of such personal information, including customer data, by continuously fortifying its defenses against future threats,” the company said. “The Company further assures the public that it continues to monitor and update its security measurements as appropriate under the circumstances, and as may be required by the results of its investigation into this matter,” it added. The fast-food delivery group urged the public to be vigilant and exercise good information security practices, including keeping passwords secure and changing them often.

Jollibee’s Cybersecurity Concerns  

The alleged data breach of the fast-food chain took place on popular data hack site BreachForums on June 20. The threat actor, “Sp1d3r”, claimed to have carried out a cyberattack and had gained access to the data of 32 million Jollibee customers, including their names, addresses, phone numbers, email addresses and hashed passwords. The hacker also allegedly exfiltrated 600 million rows of data related to food delivery, sales orders, transactions and service details. JFC, meanwhile, is investigating this alleged cyberattack on its brands and subsidiaries, including Greenwich, Red Ribbon, Burger King Philippines, and Highlands Coffee. This is not the first time that Jollibee has faced flak for its cybersecurity measures. In December 2017, JFC had informed of a data breach of its delivery website. The NPC had then warned that the data of 18 million customers was at “a very high risk” of being exposed. After an investigation, the NPC in May 2018 suspended Jollibee’s delivery website due to “serious vulnerabilities.” JFC also took down the delivery websites of its other brands. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Jollibee, the Philippines’ largest fast-food chain, has allegedly been hit by a massive data breach. The Jollibee cyberattack came to light on June 20, 2024, when a threat actor claimed responsibility for breaching the systems of Jollibee Foods Corporation. The notorious attacker, operating under the alias “Sp1d3r“, claimed to have access to the sensitive data of 32 million customers of the fast food chain and offered to sell the database for $40,000.

Details of Jollibee Cyberattack

The data breach of the fast-food chain was posted by the threat actor on popular data hack site BreachForums. The threat actor stated that “Jollibee is a Filipino chain of fast-food restaurants owned by Jollibee Foods Corporation. As of September 2023, there were over 1,500 Jollibee outlets worldwide, with restaurants in Southeast Asia, East Asia, the Middle East, North America, and Europe.” [caption id="attachment_78479" align="alignnone" width="1950"] Source: X[/caption] The threat actor claimed to have carried out a cyberattack and had gained access to the data of 32 million Jollibee customers, including their names, addresses, phone numbers, email addresses and hashed passwords. The hacker also allegedly exfiltrated 600 million rows of data related to food delivery, sales orders, transactions and service details. To support these claims, the TA included a sample in tabular data format accessible through spreadsheet programs like Microsoft Excel and Google Sheets. While the exact details of the alleged data breach remains unclear, the potential impact on millions of customers is cause for concern.

Jollibee Yet to React to Cyberattack Claims

The motive behind the Jollibee cyberattack remains unknown. So far, Jollibee Foods Corporation has not reacted or issued any official statement regarding the alleged data breach. The Cyber Express has reached out to the corporation to verify the claims. This article will be updated once the company responds to the allegations and shares any preventive measures in place to prevent critical data from being misused. The Philippines National Privacy Commission (NPC) has yet to receive any notification from Jollibee Foods Corporation regarding the breach. The NPC regulations require organizations to inform affected individuals and report such incidents within 72 hours of discovery.

Jollibee Cyberattack Threat Actor Responsible for Snowflake Breach

While Jollibee investigates the claims made by “Sp1d3r”, the threat actor has been responsible for several recent breaches, which includes many customers of third-party cloud data storage vendor Snowflake. On June 1, “Sp1d3r” posted on the cybercriminal platform BreachForums that they had stolen the sensitive information of over 190 million people from QuoteWizard. The alleged database included customer details, partial credit card numbers, insurance quotes, and other information. The same threat actor was responsible for the data breach at American automobile aftermarket component supplier Advance Auto Parts, Inc. The attacker “Sp1d3r” claimed to have stolen three terabytes of customer data from the company’s Snowflake cloud storage and was selling the data for US$1.5 million. In its report, the company stated that the cyberattack could create damages up to $3 million. The Jollibee Cyberattack is a stark reminder of the vulnerabilities of the digital world, where even the largest and most established companies could become victims of notorious data hackers. Customers should stay vigilant and follow any further guidance provided by Jollibee and cybersecurity professionals. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Advance Auto Parts, Inc., one of the big suppliers of automobile aftermarket components in America, has reported a data breach to the US Securities and Exchange Commission (SEC).  Advance Auto Parts data breach was first reported by The Cyber Express on June 6, 2024. In its report to the SEC, the company said that a data breach from its third-party cloud storage had resulted in unauthorized access to consumer and policyholder information. In a June 14 filing to the SEC, the company said, “On May 23, 2024, Advance Auto Parts, Inc. identified unauthorized activity within a third-party cloud database environment containing Company data and launched an investigation with industry-leading experts. On June 4, 2024, a criminal threat actor offered what it alleged to be Company data for sale. The Company has notified law enforcement.” A threat actor going by the handle “Sp1d3r” had claimed to have stolen three terabytes of data from the company’s Snowflake cloud storage. The stolen information was allegedly being sold for US$1.5 million on dark web. [caption id="attachment_78143" align="alignnone" width="815"] (Source: X)[/caption] According to the threat actor, the stolen data included 380 million customer profiles, containing names, emails, mobile numbers, phone numbers, addresses; information on 358,000 employees, 44 million Loyalty/Gas card numbers, the company’s sales history, among other details.

Details of Advance Auto Parts SEC Filing

In its declaration to the SEC, auto parts seller said that “There has been no material interruption to the Company's business operations due to the incident. “Based on the review of files determined to have been impacted, the Company believes that some files contain personal information, including but not limited to social security numbers or other government identification numbers of current and former job applicants and employees of the Company,” the filing said. Advance Auto Parts said that the company would share information about the data breach and would offer free credit monitoring and identity restoration services to the impact parties. The company noted that though it was covered by insurance, the cyberattack could cost damages up to $3 million. “The Company has insurance for cyber incidents and currently expects its costs related to response and remediation to be generally limited to its retention under such policy. The Company currently plans to record an expense of approximately $3 million for the quarter ending July 13, 2024, for such costs,” it said to the SEC. Advance Auto Parts currently operates 4,777 stores and 320 Worldpac branches primarily within the United States, with added locations in Canada, Puerto Rico, and the U.S. Virgin Islands. The Advance Auto Parts data breach is part of a recent series of attacks targeting customers of the cloud storage company Snowflake. These attacks have been taking place since at least mid-April 2024. Snowflake acknowledged the issue in a statement, informing a limited number of customers who they believe may have been impacted by the attacks. Snowflake is a prominent U.S.-based cloud data storage and analytics company, with over 9,800 global customers.  Many of Snowlflakes’ clients had reportedly taken down their databases after the series of cyberattacks. Infact, a comprehensive report revealed that 165 customers were impacted by the Snowflake data breach. It was on July 26, 2023 that the US Securities and Exchange Commission directed companies to mandatorily declare material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance.

Threat actor IntelBroker, notorious for a series of daring cyberattacks, has resurfaced with claims of orchestrating a data breach of Apple’s website. The TA allegedly has gained access to internal source code of three popular tools of Apple.com. This claim comes just a day after IntelBroker claimed to have orchestrated a data breach of another tech giant, Advanced Micro Devices (AMD).

Decoding Apple Data Breach Claims

Per the available information, IntelBroker allegedly breached Apple’s security in June 2024 and has managed to lay hands on the internal source code of three commonly used Apple tools, namely, AppleConnect-SSO, Apple-HWE-Confluence-Advanced and AppleMacroPlugin. The information was posted by the threat actor on BreachForums, a high-profile platform for trading stolen data and hacking tools. “I'm releasing the internal source code to three of Apple's commonly used tools for their internal site, thanks for reading and enjoy!” the TA posted. AppleConnect is the Apple-Specific Single Sign-On (SSO) and authentication system that allows a user to access certain applications inside Apple's network. Apple-HWE-Confluence-Advanced might be used for team projects or to share some information inside the company, and AppleMacroPlugin is presumably an application that facilitates certain processes in the company. Apple has not yet responded to the alleged data breach by IntelBroker or the leaked code. However, if the data breach occurred as claimed, it may lead to the exposure of important information that could be sensitive to the workings and operations of Apple. If legitimate, this breach could compromise Apple's internal operations and workflow. Leaked source code could expose vulnerabilities and inner workings of these tools. The Cyber Express has reached out to Apple to learn more about the potential data breach. However, at the time of publication, no official statement or response has been received, leaving the claims for the Apple data leak unconfirmed for now. The article will be updated as soon as we receive a response from the tech giant.

Previous Attacks by IntelBroker

The alleged data breach at Apple could prove significant considering the history of the threat actor. IntelBroker is believed to be a mature threat actor and is known to have been responsible for high-profile intrusions in the past. On June 18th, 2024, chipmaker AMD acknowledged that they were investigating a potential data breach by IntelBroker. The attacker claimed to be selling stolen AMD data, including employee information, financial documents, and confidential information. Last month, the threat actor is believed to have breached data of European Union’s law enforcement agency, Europol’s Platform for Experts (EPE). Some of the other organizations that the attacker is believed to have breached data include Panda Buy, Home Depot, and General Electric. The hacker also claimed to have targeted US Citizenship and Immigration Services (USCIS) and Facebook Marketplace.

Apple's Security Posture

Apple prides itself on its robust security measures and user privacy. However, the company has faced security threats in the past. In December 2023, Apple released security updates to address vulnerabilities in various Apple products, including iOS, iPadOS, macOS, tvOS, watchOS, and Safari. One critical vulnerability patched allowed attackers to potentially inject keystrokes by mimicking a keyboard. This incident highlights the importance of keeping software updated to mitigate security risks. In November 2023, there were reports of a state-sponsored attack targeting Apple iOS devices used in India. While details about this attack remain scarce, it serves as a reminder that even Apple devices are susceptible to cyberattacks.

Looking Ahead

The situation with IntelBroker's claims is ongoing. If the leak is verified, Apple will likely need to take steps to mitigate the potential damage. This could involve patching vulnerabilities in the leaked code and improving internal security measures. It is important to note that these are unconfirmed reports at this stage. However, they serve as a stark reminder of the ever-evolving cyber threat landscape. Apple, and all tech companies for that matter, must constantly work to stay ahead of determined attackers like IntelBroker. For users, it is a reminder to be vigilant about potential phishing attempts or malware that could exploit these alleged vulnerabilities. Keeping software updated and practicing good cyber hygiene are crucial steps for protecting yourself online.

An Irish hacker, who was involved in cyberattacks at the age of 13, has now walked free from court after his sentence was suspended. Aaron Sterritt, now 24, of Brookfield Gardens in Ahoghill, was part of an international computer hacking gang in 2016 and became notoriously famous for attacking multinational companies. Aaron walked free on Tuesday after the Antrim Crown Court suspended his 26-month jail sentence for three years.

Why Was Irish Hacker Arrested?

Aaron was charged for carrying out a Distributed Denial of Service (DDoS) attacks that occurred between December 2, 2016 and December 21, 2016. He was part of a gang known as “starpatrol” whose DDoS cyberattacks targeted Flowplay Incorporated, Microsoft Corporation (XBox live), Ottawa Catholic School Board, Rockstar Games Incorporated and Tumblr Incorporated.  Aaron was using the pseudonyms ‘Victor’ and ‘Vamp’ while being part of the gang. [caption id="attachment_77746" align="alignnone" width="960"] Aaron Sterritt walks out of court. Source: Belfast Telegraph[/caption] The first company targeted by the gang was Flowplay Inc., who had 75 million online gamers across the world in 2016, according to a report by the Northern Ireland World. The attack by “starpatrol” gang between December 3 and 11 in that year caused their servers to “lock up” for the entire duration of the attack. Customers were unable to access their accounts or play online due to the attack and thus, Flowplay had to refund tens of thousands of dollars of purchases and subscription fees. The company was also forced to shell out “hundreds of thousands of dollars” to migrate their services to a new server. Similarly, there was a series of similar attacks on Microsoft’s Xbox live and Rockstar games between December 3 and 21 while in the offences relating to Ottawa Catholic School Board, a school in Ontario experienced many DDoS attacks between 2015 and 2016. While suspending the sentence, Justice Roseanne McCormick warned Aaron that any repeat of such acts would attract imprisonment.

Irish Hacker’s Cyberattack Cost Millions

According to a BBC report, Aaron was also charged for not disclosing the passwords for his laptop, hard drives and iPhone between December 2017 and June 2020. He was tied to the charges through association, communication, device activity, and by a forensic speech investigator who could connect him to YouTube videos. The self-confessed criminal, now a reformed computer expert, was sentenced by Judge Roseanne McCormick KC. She observed that most of the offences were committed while Aaron was on bail for a similar offence in 2015 that targeted telecom behemoth TalkTalk, costing £77m. While working on a pre-sentencing report, the court noted that Aaron was diagnosed with ADHD, required assessment for autism as a child, and used to face issues at home. Hearing that he is low-risk to reoffend and has undergone a cyber-awareness program, the court decided to suspend his sentence. Judge McCormick KC said that considering the above factors, the length of Aaron’s trial and his attempts at starting to change for the better allowed her to suspend the sentence even given the gravity of the offenses. After the trial, the Police Service of Northern Ireland (PSNI) said the case warranted two investigations, one by the PSNI and the other by the National Crime Agency. Detective Chief Inspector Paul Woods shared that the cyberattacks involving Aaron in 2016 were massive and affected websites and services in the US. “Aaron was 16 years old during the incident and was one of the suspects, being the only individual from Northern Ireland in the group. PSNI’s investigation focused on Aaron’s role in the creation of malicious software for global network attacks and Ethereum cryptocurrency mining work. Steve Laval of The National Cyber Crime Unit underlined grave consequences of DDoS attacks that are easy to conduct, pointing out that basic degree of technical skill is sufficient.

Several pro-Russia hacker groups have allegedly carried out a massive Distributed Denial-of-Service (DDoS) attack in Romania on June 18, 2024. The Romania Cyberattack has affected critical websites, including the official site of Romania and portals of the country’s stock exchange and financial institutions. The attack was allegedly conducted by NoName in collaboration with the Russian Cyber Army, HackNet, and CyberDragon and Terminus. The extent of the damage, however, remains unclear.

Details About Romania Cyberattack

According to NoName, the cyberattack was carried out on Romania for its pro-Ukraine stance in the Russia-Ukraine war. In its post on X, NoName claimed, “Together with colleagues shipped another batch of DDoS missiles to Romanian government websites.” The threat actor claimed to have attacked the following websites:

• The Government of Romania: This is not the first time that the country’s official site was hacked. In 2022, Pro-Russia hacker group Killnet claimed to have carried out cyberattacks on websites of the government and Defense Ministry. However, at that time, the Romania Government claimed that there was no compromise of data due to the attack and the websites were soon restored.
• National Bank of Romania: The National Bank of Romania is the central bank of Romania and was established in April 1880. Its headquarters are in the capital city of Bucharest.
• Aedificium Bank for Housing: A banking firm that provides residential lending, home loans, savings, and financing services. It was founded in 2004 and has branches in the European Union (EU), and Europe, Middle East, and Africa (EMEA).
• Bucharest Stock Exchange: The Bucharest Stock Exchange is the stock exchange of Romania located in Bucharest. As of 2023, there were 85 companies listed on the BVB.

Despite the bold claims made by the NoName group, the extent of the Romania cyberattack, details of compromised data, or the motive behind the attack remain undisclosed. A visual examination of the affected organizations’ websites shows that all the listed websites are experiencing accessibility issues. These issues range from “403 Forbidden” errors to prolonged loading times, indicating a probable disruption or compromise. The situation is dynamic and continues to unravel. It is imperative to approach this information cautiously, as unverified claims in the cybersecurity world are not uncommon. The alleged NoName attack highlights the persistent threat of cyberattacks on critical entities, such as government organizations and financial institutions. However, official statements from the targeted organizations have yet to be released, leaving room for skepticism regarding the severity and authenticity of the Romania cyberattack claim. Until official communication is provided by the affected organizations, the true nature and impact of the alleged NoName attack remain uncertain.

Romania Cyberattacks Are Not Uncommon

This isn’t the first instance of NoName targeting organizations in Romania. In March this year, NoName attacked the Ministry of Internal Affairs, The Service of Special Communications, and the Central Government. In February, Over a hundred Romanian healthcare facilities were affected by a ransomware attack by an unknown hacker, with some doctors forced to resort to pen and paper.

How to Mitigate NoName DDoS attacks

Mitigation against NoName’s DDoS attacks require prolonged cloud protection tools and specialized software and filtering tools to detect the flow of traffic before it can hit the servers. In some cases, certain antivirus software can be successful in detecting threats that can be used by organizations to launch DDoS attacks. A robust and essential cyber hygiene practice to avoid threats includes patching vulnerabilities and not opening phishing emails that are specially crafted to look like urgent communications from legitimate government organizations and other spoofed entities. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Threat Actors (TAs) associated with the notorious MEDUSA ransomware have escalated their activities and have allegedly targeted two institutions in the USA. In a scenario mirroring all of its previous attacks, the group has not divulged critical information, such as the type of compromised data. It has, however, demanded a bounty of US $120,000 from Fitzgerald, DePietro & Wojnas CPAs, P.C and $100,000 from Tri-City College Prep High School to stop leaking internal data of the concerned organizations.

Understanding the MEDUSA Ransomware Attack

One of the two institutions targeted by MEDUSA is Tri-Cities Preparatory High School, a public charter middle and high school located in Prescott, Arizona, USA. The threat actor claimed to have access to 1.2 GB of the school's data and has threatened to publish it within 7-8 days. The other organization that the group has claimed to have targeted is Fitzgerald, DePietro & Wojnas CPAs, P.C. It is an accounting firm based in Utica, New York, USA. The group claims to have access to 92.5 GB of the firm's data and has threatened to publish it within 8–9 days. Despite the tall claims made by the ransomware group, the official websites of the targeted companies seem to be fully functional, with no signs of any foul activity. The organizations, however, have not yet reacted to the alleged cyberattack, leaving the claims made by the ransomware group unverified.  The article would be updated once the respective organizations respond to the claims. The absence of confirmation raises the question of the authenticity of the ransomware claim. It remains to be seen if the tactic employed by MEDUSA group is to garner attention or if there are any ulterior motives attached to their actions. Only an official statement by the affected organizations can reveal the true nature of the situation. However, if the claims made by the MEDUSA ransomware group do turn out to be true, then the consequences could be sweeping. The potential leak of sensitive data could pose a significant threat to the affected organizations and their staff, students and employees.

Who is the MEDUSA Ransomware Group?

MEDUSA first came into limelight in June 2021 and has since launched attacks on organizations in many countries targeting multiple industries, including healthcare, education, manufacturing, and retail. Most of the victims, though, have established their base in the United States of America. MEDUSA carries out its attacks as a Ransomware-as-a-Service (RaaS) platform. It provides would-be target organizations with malicious software and infrastructure required to carry out disrupting ransomware attacks. The ransomware group also runs a public Telegram channel that TAs utilize to post data that might be stolen, which could be an attempt to extort organizations and demand ransom.

History of MEDUSA Ransomware Attacks

Last week, the Medusa group took ownership of the cyberattack on Australia’s Victoria Racing Club (VRC). To provide authenticity, Medusa shared thirty documents from the club and demanded a ransom of US$700,000 from anyone who wanted to either delete the data or else download it. The leaked data included financial details of gaming machines, prizes won by VRC members, customer invoices, marketing details, names, email addresses, and mobile phone numbers. The VRC confirmed the breach, with its chief executive Steve Rosich releasing a statement: "We are currently communicating with our employees, members, partners, and sponsors to inform them that the VRC recently experienced a cyber incident.” In 2024, MEDUSA had targeted four organizations across different countries, including France, Italy, and Spain. The group’s modus operandi remains constant, with announcements being made on their dark web forum accompanied by deadlines and ransom demands. As organizations grapple with the fallout of cyberattacks by groups like MEDUSA, it becomes critical to remain cautious and implement strategic security measures. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

The Chinese University of Hong Kong (CUHK) has been confronted by a massive data breach that has compromised personal information of precisely 20,870 students, staff and past graduates. The CUHK data breach was initially identified on June 3, 2024, prompting swift action by the institution. An investigation is currently underway to trace the culprits and to take corrective measures.

Understanding the CUHK Data Breach

The CUHK is one of the premier institutes in China which was established in 1963 and is the first research university in Hong Kong. The cyberattack on CUHK reportedly took place on June 1 at its School of Continuing and Professional Studies (CUSCS). In a statement put out by the school on June 13, CUSCS said that it had undertaken an investigation into the breach on June 3. An information technology security consultant was appointed by the college to assess the breach. The investigation revealed that the school’s “Moodle learning management system” was hacked. Moodle is an open-source learning management system designed. It allows educators, administrators and learners to create personalized learning environments for online projects in schools, colleges and workplaces. Moodle can be used to create custom websites with online courses and allows for community-sourced plugins. [caption id="attachment_77266" align="alignnone" width="1196"] Source: CUSCS Website[/caption] According to the CUSCS, the leaked data included the names, email addresses, and student numbers of 20,870 Moodle accounts of tutors, students, graduates, and visitors. This personal data was reportedly stolen after a server at one of the institution’s schools was hacked. Despite the university management stating that the sensitive data was not leaked on any public platforms, the breached information was found to be readily available on the dark web domain BreachForums. A Threat Actor (TA), who goes by the alias “Valerie”, put up a post on dark web stating that the hacker was willing to sell the data. The TA noted that, “75 per cent of the stolen data was sold to a private party, which financed the breach.  The rest of the data was not shared. So upon multiple offers, we decided to make a public sell.” To claim that the data was credible, the TA provided samples, which included the username, first name, last name, institution, department, mobile number and city of the victims of the data breach.

Investigation Status of CUHK Data Breach

The CUSCS stated that as soon as its investigation revealed a massive data breach, it had deactivated the relevant account and reset the password. It added that, apart from the relevant server, the online learning platform has been moved, and security measures have been strengthened to block any account after three unsuccessful login attempts. “CUHK has also been notified of the incident. The college has also established a crisis management team composed of the dean, deputy dean, information technology services director, administrative director and communications and public relations director to assess the risks,” CUSCS said. The college also had filed a complaint over the data breach to the local police. The university, too, has notified the city’s privacy watchdog-Office of the Privacy Commissioner for Personal Data (PCPD), in accordance with established procedures. The PCPD acknowledged receipt of the complaint on June 13.

CUHK Data Breach: Institutions in Hong Kong Under Scanner

In what is becoming a trend, CUHK has become the third educational institute in Hong Kong this year to fall victim to cyberattacks. In May, the Hong Kong Institute of Contemporary Culture, Lee Shau Kee School of Creativity, fell victim to a ransomware attack where the data of over 600 people was leaked. Similarly, in April, a private medical facility, Union Hospital, suffered a ransomware attack affecting its servers, which allegedly resulted in operational paralysis. The Hong Kong College of Technology too suffered a ransomware attack in February, which led to the data of around 8,100 students being breached.

A notorious Chinese hacking group has reportedly gone on a cyber offensive against South Korea and targeted most of the country’s Government and financial sites. The CyberDragon hacking group has a mixture of Chinese and Russian ties and has been critically targeting countries that have been condemning Russia for the ongoing war in Ukraine. South Korea President Yoon Suk Yeol had recently confirmed his country's participation in a Ukraine peace summit in Switzerland this weekend to rally support for the country ending its war with Russia. Last year, Seoul had increased its Ukraine Aid package to $394 Million For 2024.

Government, Financial Sites Attacked by CyberDragon Hacking Group

Irked by its support being garnered against Russia, CyberDragon launched an extensive cyberattack on key South Korean sites and criticized the country for its alleged promotion of Russophobia. In its post on darkweb, CyberDragon said, “We are joining the “South Korean Company”. This is a country that has long been promoting Russophobia by supporting the Kyiv regime.” The list of websites reportedly targetted by CyberDragon include: Shinhan Financial Group: It was founded in September 2001 and is one of South Korea's big five financial groups. Its subsidiaries provide a full range of financial services, including banking, securities, life insurance, and investment banking. State Korean Import-Export Bank KEXIM:  The Export-Import Bank of Korea, also commonly known as the Korea Eximbank (KEXIM), is the official export credit agency of South Korea. The bank was first established in 1976. Its primary purpose is to support South Korea's export-led economy by providing loans, financing mega projects and thereby facilitating economic cooperation with other countries. [caption id="attachment_77014" align="alignnone" width="1600"] Home Page of Korea Eximbank[/caption] Korea Customs Service: The Korea Customs Service was established in 1970 and is one of tax organizations in South Korea and is run under the Ministry of Economy and Finance. The headquarters is in Seo District, Daejeon. Korean National Police: The Korean National Police Agency (KNPA), also known as the Korean National Police (KNP), is one of the national police organizations in South Korea. It is run under the Ministry of the Interior and Safety and is headquartered in Seodaemun, Seoul. National Tax Service: It is the tax organization in South Korea and is run under the Ministry of Economy and Finance. Its headquarters is in Sejong City. Like many of the previous attacks carried out by the Cyberdragon hacking group, it is unclear if sensitive data of the organisations listed above was compromised. Prima Facie, it looks like the group carried out a DDoS attack meant to disrupt the platform’s services. None of the organizations have publicly responded to the alleged breach. Most of the organizations too seem to have restored the functioning of its websites, hours after the group claimed to have carried out a cyberattack.

Previous Operations by CyberDragon Hacking Group

The CyberDragon group gained popularity after it took down the website and app for almost 24 hours after a massive data breach in March 2024. CyberDragon had then posted evidence of the attack on its TOR platform but LinkedIn didn’t comment on the attack. The peculiar hacking actor has both Chinese and Russian ties. It carries out cyberattacks with many pro-Russian hackers and most of its statements are posted in Russian. Both China and Russia are global allies and the targets of CyberDragon indicate their ideological and political affiliations. This scenario is, however, not new in the cybercrime world. Organizations around the world must deal with the fallout of cyberattacks by groups like CyberDragon. Their attacks indicate why it is crucial to remain vigilant and implement stringent security measures against cyberattacks.

The MEDUSA ransomware group has reared its ugly head again and this time it has claimed to have targeted three new victims: GEMCO Constructors, Dynamo Electric and Farnell Packaging. The ransomware group’s dark web portal highlighted these additions, adding to their growing list of victims. Like many of its earlier attacks, the group has not disclosed crucial details, such as the type of compromised data. It has, however, demanded a bounty of US $900,000 from GEMCO and $100,000 each from Dynamo and Farnell Packaging to stop leaking its internal data.

MEDUSA Ransomware Attack: The Latest Victims

GEMCO Constructors is headquartered in Indianapolis, Indiana, USA. The ransomware actors have claimed to have access to 1.0 TB of the organization's data and has threatened to publish it within 6-7 days. The second company that the group has claimed to have targeted is Dynamo, which is based in Saskatchewan, Canada. Data of the company, which specializes in electrical and electronic manufacturing, has allegedly been compromised. MEDUSA has claimed to have exfiltrated 149.6 GB of the organization's data and plans to publish it within 6-7 days. Farnell Packaging, a Canadian company in the packaging and container industry, has also allegedly been attacked. The attackers claimed to have accessed 193.9 GB of the organization's data and warned the data would be published within 8–9 days. Despite the gigantic claims made by the ransomware group, the official websites of the targeted companies seem to be fully operational, with no signs of foul play. The organizations, however, have not yet responded to the alleged cyberattack, leaving the claims made by the ransomware group unverified.  The article would be updated once the respective organizations respond to the claims. The absence of confirmation raises the question of the authenticity of the ransomware claim. It remains to be seen whether it is a tactic employed by MEDUSA to garner attention or if there are ulterior motives attached to their actions. Only an official statement by the affected companies can shed light on the true nature of the situation. However, if the claims made by the MEDUSA ransomware group do turn out to be true, then the consequences could be far-reaching. The potential leak of sensitive data could pose a significant threat to the affected organizations and their employees.

Background of MEDUSA Ransomware Group

MEDUSA first burst onto the scene in June 2021 and has since targeted organizations in various countries across multiple industries, including healthcare, education, manufacturing, and retail. Most of the companies, though, have been established in the United States of America. MEDUSA functions as a Ransomware-as-a-Service (RaaS) platform. It provides would-be attackers with malicious software and infrastructure required to carry out disruptive ransomware attacks. The ransomware group also has a public Telegram channel that threat actors use to post data that might be stolen, which could be an attempt to extort organizations and demand payment.

Previous Ransomware Attacks

Less than three weeks ago, MEDUSA ransomware group claimed a cyberattack on Comwave, a Canadian communications giant renowned for providing internet, network security solutions, and customer support services.  In January 2024, a prominent non-profit organization, Water For People, was targeted by the group. The organization faced the pressure of a deadline to comply with the demands of the ransomware group. MEDUSA also targeted four organizations across different countries, including France, Italy, and Spain. The group’s modus operandi remains uniform, with announcements being made on their dark web forum accompanied by deadlines and ransom demands. As organizations deal with the fallout of cyberattacks by groups like MEDUSA, it becomes crucial to remain vigilant and implement stringent security measures. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

The NoName ransomware group has claimed responsibility for yet another cyberattack targeting government websites in Germany. The proclamation of the attack comes just 11 days after the group is said to have targeted German entities such as Energie Baden-Württemberg AG, Leistritz AG, and Aareal Bank AG. In this latest attack, the group allegedly targeted the Federal Office for Logistics and Mobility and the Federal Ministry of the Interior and Community. NoName allegedly carried out a DDos (Distributed Denial-of-Service) attack, preventing other users from accessing the websites. In the message posted on a dark web forum on Tuesday, NoName claimed that the attack on German websites was to condemn the visit of Ukrainian President Volodymyr Zelenskiy to the country to participate in a conference on Ukraine’s post-war recovery. “Ukrainian President Volodymyr Zelenskyy arrived in Germany late in the evening on Monday, June 10, to take part in an international conference on Ukraine's reconstruction. In his message in Telegram, Zelenskyy said that during his visit he had meetings with German Federal President Frank-Walter Steinmeier, Chancellor Olaf Scholz and Bundestag chairwoman Berbel Bas,” NoName said. “We decided to visit the conference too, and crush some websites,” it added. Despite the hack, NoName has not provided elaborate evidence or context of the cyberattack nor has it provided any details of how the German websites would be affected. While many experts had previously warned people not to underestimate thread actors who take out DDoS attacks, their effectiveness remains a big question, as most of the targets suffer only a few hours of downtime before returning to normal operations. As of the writing of this report, there has been no response from officials of the alleged target websites, leaving the claims unverified.

Previous Instances of NoName Ransomware Attacks

Since first emerging on dark web in March 2022, the pro-Russian hacker group NoName has been increasingly active, shortly after Russia’s invasion of Ukraine. The group has taken responsibility for a series of cyberattacks targeting government agencies, media outlets, and private companies across Ukraine, the United States, and Europe. Before making the claim of targeting German websites, NoName had a history of targeting prominent organizations in other countries. In April 2024, the group allegedly launched a cyberattack on Moldova, affecting key government websites such as the Presidency, Ministry of Foreign Affairs, Ministry of Internal Affairs, and the State Registry. These websites were rendered inaccessible, displaying the message, “This Site Can’t be Reached.” The attack hinted at a politically motivated agenda, though NoName did not explicitly disclose their motives. In March 2024, NoName targeted multiple websites in Denmark, including significant entities like Movia, Din Offentlige Transport, the Ministry of Transport, Copenhagen Airports, and Danish Shipping. Similarly, in January 2024, the group attacked high-profile websites in the Netherlands, including OV-chipkaart, the Municipality of Vlaardingen, the Dutch Tax Office (Belastingdienst), and GVB. More recently, NoName’s cyber onslaught on Finland raised further alarms. Finnish government organizations, including Traficom, the National Cyber Security Centre Finland (NCSC-FI), The Railways, and the Agency for Regulation and Development of Transport and Communications Infrastructure, faced temporary inaccessibility due to DDoS attacks. The ongoing cyberattacks by NoName across several countries serve as a reminder of the perils of the digital landscape. The operations of NoName ransomware, combined with their alleged political motives, highlight the urgent need for enhanced cybersecurity measures and international cooperation. The cybersecurity community must remain vigilant and proactive in protecting digital infrastructure from such malicious actors. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

In the first part of our series, we disclosed how an exclusive report by The Cyber Express played a pivotal role in the arrest of the hacker responsible for the Hawk Eye app data breach in India. In this second article, we highlight the methods employed by the police to track down the hacker, explore his motives, and discuss the future direction of the investigation.

Hawk Eye App Data Breach: Who is the hacker?

The breach of the Hawk Eye App, a crime reporting forum for citizens in the Indian state of Telangana, was unearthed after a threat actor, who goes by the name “Adm1nFr1end”, offered the personal data of over 200,000 citizens for sale on the BreachForums online hacker site. The hacker shared sample data containing names, email addresses, phone numbers, physical addresses, and location coordinates. Soon after The Cyber Express reported the incident on May 31, the Telangana Police registered a suo moto case just days later on June 4. In its First Information Report (FIR), a written document prepared by the police in India to detail a cognizable offense, the cops in Telangana acknowledged The Cyber Express report and confirmed that the app had been breached.  Meanwhile, the hacker “Adm1nFr1end” continued his spree of cyberattacks and on June 5, breached another app of the Telangana Police called TSCOP which had data of police officers, criminals and gun license holders. The police quickly got into the act and a team of investigators from the Telangana Cyber Security Bureau (TG-CSB) tracked down the accused hacker in Greater Noida, a prominent suburb close to the nation’s capital, New Delhi.  The accused was identified as Jatin Kumar, a 20-year-old undergraduate student pursuing BCA (Bachelor of Computer Applications). 

Hacker Planned Cyberattacks on More Indian Cities

An investigating officer from the Telangana Police, who did not wish to be named, told The Cyber Express that, “Accused Jatin had initiated comprehensive monitoring and vulnerability assessment & penetration testing (VAPT) not only from the Telangana Police but also gained access to police data in the external and internal storage networks and mobile apps in Delhi, Mumbai and other metro cities. He planned to carry out cyberattacks on those cities as well.  “As far as Telangana police data is concerned, prima facie, it looks like the accused gained access to certain data on Hawk Eye app due to weak or compromised password. Despite his best efforts to mask his identity, we tracked him down,” the police source stated.  Without revealing much, the source in the Telangana Police said that the TG-CSB traced him by “running a parallel operation using advanced software and social engineering techniques.”  The police added that Jatin used a fake identity and conducted transactions in cryptocurrency using multiple addresses.  Investigation revealed that the accused had reportedly been into hacking since 2019 and had saved the breached data in his system. Jatin had a history of alleged cybercrimes and was previously arrested in 2023 in New Delhi for leaking data on Aadhar (a biometric identity card for Indian citizens) and sensitive data related to other agencies. However, a chargesheet has yet to be filed against him.  Hawk Eye App Data Breach: A Larger Network of Hackers? Despite the arrest of Jatin, the police are now investigating the possible involvement of a larger network of hackers.  “Jatin had posted the breached data on BreachForums and was selling it for $150 USD. He then asked interested buyers to contact him through Telegram IDs ‘Adm1nfr1end’ and ‘Adm1nfr1ends’ to purchase the data for HawkEye and TSCOP apps. But we are not sure if he is the only culprit. We are now probing if the app data was sold and if so, are tracking down the purchasers through data from crypto wallets,” the police official told The Cyber Express.  The Telangana Police are still currently in New Delhi and are completing the paperwork to bring the accused on a transit remand to Hyderabad (the capital of Telangana) for custody and further investigation.

In a massive breakthrough, an exclusive news report published by The Cyber Express has led to the arrest of a hacker who threatened to sell sensitive data of 200,000 citizens in Telangana State in India. The Hawk Eye App Data Breach was reported by The Cyber Express on May 31, 2024, which stated how a hacker claimed to reveal personal information of users of Hawk Eye, a popular citizen-friendly app of the Telangana State police. [caption id="attachment_73712" align="alignnone" width="720"] Source: Hawk Eye App on Android[/caption] The Telangana Police further acknowledged that the news report on The Cyber Express gave them crucial leads that led to the arrest of the hacker. In the First Information Report (FIR), a written document prepared by the police in India to detail a cognizable offence, the Telangana Police revealed that it was based exclusively on this report by The Cyber Express, that they were also able to verify the data breach on the Hawk Eye app.

Background of Hawk Eye App Data Breach

The Hawk Eye App was launched by the Telangana Police in December 2014 for both Android and iPhone users as part of its initiative to become a citizen-friendly and responsive police force. Denizens were encouraged to use the app to report on a wide range of activities, including traffic violations, passing on information about criminals, violations by police, and crime against women, and also to pass on suggestions to the lawmen for improved policing and to credit the good work done by them. A key feature of the app is the SOS button for accessing help in case of emergencies. On May 29, 2024, a threat actor, who goes by the name “Adm1nFr1end”, revealed that he had breached the Hawk Eye app. He shared that the stolen database had sensitive data of over 200,000 citizens, including their Personally Identifiable Information (PII), names, email addresses, phone numbers, physical addresses, IMEI numbers, and location coordinates. The threat actor had posted samples of the data breach on hacking website BreachForums and was selling this compromised data for USD $150. [caption id="attachment_73714" align="alignnone" width="1123"] Source: X[/caption]

Arrest of Hawk Eye App Data Breach Hacker

In the aftermath of the news report published on this website, the Telangana Police registered a suo moto case on June 4. “We have registered a case and are investigating the hacking allegations and suspected data breach,” said Telangana Cyber Security Bureau (TGCSB) Director Shikha Goel. On June 9, the Telangana Police reported that its Cyber Security Bureau has apprehended a hacker involved in the Hawk Eye app data breach. “Acting swiftly, the TGCSB investigators travelled to Delhi, where they identified and arrested the hacker, who had claimed to have posted the compromised data on a public platform for a price,” the police said in a statement. Sharing details of the arrest, Director General of Police of Telangana Police, Ravi Gupta, who is the top cop of the state, said that the police had used advanced tools to successfully unveil the hacker's identity. He, however, refrained from elaborating on the techniques used to arrest the hacker to ensure secrecy. “The hacker had posted details of the breach on databreachforum.st, offering the compromised data for sale at $150 USD. He provided the Telegram IDs “Adm1nfr1end” and “Adm1nfr1ends” for interested buyers to contact him regarding the Hawk Eye data,” Ravi said. The alleged hacker was identified as Jatin Kumar, a 20-year-old student and a resident of Greater Noida, a prominent suburb in Delhi's National Capital Region. The police also shared that he was arrested earlier in a case for cybersecurity fraud. (This is Part 1 of the article. Click here to learn more about the hacker, why he was selling the data and how the police tracked him down)

VIT Bhopal University, a leading academic institution in India, has allegedly been hit by a significant data breach, raising concerns among 8,000+ students and faculty alike. The alleged VIT Bhopal Data Breach was first reported on June 10, 2024, on the notorious data hacking website BreachForums.The Threat Actor (TA) has claimed to have leaked valuable data, raising concerns about the security of sensitive student and faculty information.

VIT Bhopal Data Breach Decoded

VIT Bhopal was established in 2017 and is a deemed university located on the outskirts of Bhopal, the capital city of the state of Madhya Pradesh. The institution is authorized by the University Grants Commission (UGC), which is a statutory organization of the Government of India for the maintenance of standards of teaching, examination, and research in university education. VIT Bhopal ranks among the top universities in India. As per the National Institutional Ranking Framework (NIRF) Ranking, it stands in 65th position amongst all the universities in India. It offers specialized programs across various disciplines, including engineering, technology, management, and architecture. Streams like mechanical engineering, computer science and engineering, artificial intelligence and robotics are particularly popular among students pursuing higher education here. [caption id="attachment_76218" align="alignnone" width="792"] Source: FalconFeedsio on X[/caption] According to a post on BreachForums, the threat actor has shared screenshots of the hack and claims to possess the following information:. ID: Unique Identification number assigned to each student and faculty member of the university Username: Login credentials of all the stakeholders used to access university portals, maintain and share records, post newsletters, and research materials confined to the institution. Full name: First and last name of the students and faculty of VIT Bhopal. Email: This contains email addresses of stakeholders, which is the official mode of communication for announcements, course materials and student-faculty interactions. Password: If this data is compromised, it poses significant risk as it could grant unauthorized access to personal accounts and university resources. User Activation Key: This could be a unique code required for initial account activation or password resets.

VIT Bhopal Data Breach Leaves Students Anxious

The news of the alleged data breach has understandably caused anxiety among the current batch of students. They are worried over the threat of stolen passwords, emails, and information, including research material, being used for malicious purposes. The students are worried of being vulnerable to targeted phishing attacks, where hackers use stolen email addresses to send data that appears to be from legitimate sources, such as the university administration. These emails might trick students into revealing their personal data or clicking on malicious links that could infect their devices with malware. The university has yet to react to the alleged data breach. There is no clarity yet on the extent of the breach, the extent of the information compromised, or the steps taken by the university to address the situation. The article will be updated once there is any public information shared by the university. While the university investigates the situation, students and staff can take a few healthy steps to protect themselves. This includes being wary of phishing attempts by hackers, monitoring suspicious links, and keeping an eye out for any unusual activity on their accounts, such as unauthorized login attempts or changes to their profile information. They can also enhance their security measures by enabling Two-Factor Authentication (2FA) and change their passwords regularly. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

A major French telecommunications company, Corse GSM, has allegedly been hit by a massive data breach. It could have a potential impact on millions of its customers. The Corse GSM data breach claims was made by a threat actor, using the alias "ssh_xyz," on popular data hack site BreachForums. In the post, the threat actor claimed to have stolen a massive amount of data containing information on 200,000 users of the telecom company. The hacker claimed that the data was exfiltrated between May 3 and May 25, 2024. To support these claims, the TA included a sample of the data in JSON format, a common method for storing and transmitting data between servers and web applications.

Exploring the Corse GSM Data Breach

The threat actor provided a detailed sample dataset that provided a look into the kind of information that may have been compromised in the breach. The leaked data consists of: User Identification: This covers fields like ID and possibly other unique markers used by Corse GSM for tracking purposes. Personal Details: The breach reportedly involves customer information such as name, last name and phone number. Contact Info: It is said that hackers have also accessed customer email addresses. This raises concerns about targeted phishing attempts. Subscription Information: This may encompass subscription plans, internet packages, and other services subscribed to by customers of Corse GSM. Financial Information: The TA had shared details about the presence of fields like BIC (Business Identifier Code), IBAN (International Bank Account Number), and KYC (Know Your Customer) data. If the above information is true, then it could possibly leverage the risk of financial fraud or identity theft. Blacklist Status: If this data field is included in the leak, it might expose details of a customer who could be blacklisted by Corse GSM for reasons like missed payments or service violations.

Corse GSM Hacker Claims Possession of Financial Details of Customers

If the sample above seems like a precarious scenario for the privacy of customers, the hacker further alleged that the entire leaked database contains a much broader range of information, including: National Identity Card (CNI) Details: CNI or France’s National Identity Card details allegedly leaked by the threat actor could put citizens at huge security risk. The CNI contains fingerprint details, which is a major security breach if the corresponding data is compromised. SEPA Information: Single Euro Payments Area or SEPA data could include bank account details critical for financial transactions. The threat actor is seeking substantial sums for the database on the dark web, suggesting that the hacker believes the information holds significant value for malicious actors.

Corse GSM Yet to React to Data Breach Claims

Corse GSM has not reacted or issued any official statement regarding the alleged data breach. This article will be updated once the company responds to the allegations and takes action to prevent crucial data from being misused. Meanwhile, customers can take preventive steps like changing passwords and login credentials of accounts linked to Corse GSM. They should also be wary and not fall victim to phishing attempts. Fraudsters could use the leaked email addresses to send fraudulent links. They should also monitor their bank accounts linked to the subscription of Corse GSM mobile plans. They should also relay information of any suspicious activity to law enforcement authorities. The potential data breach at Corse GSM highlights the ever-present threat of cyberattacks and the importance of robust data security practices. Telecommunications companies handle a vast amount of sensitive customer information, making them prime targets for hackers. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

A massive data breach has allegedly been reported in the Indian state of Tamil Nadu, where apparently data of over 600,000 migrant employees has been leaked on dark web. A thread actor, who identified himself as Pills, claimed to have allegedly leaked the data. In a post on June 4, 2024, on the popular hacking site BreachForums, the threat actor claimed to be selling the complete database of migrant workers in Tamil Nadu.

Why Migrant Workers Flock to Tamil Nadu for Employment?

Tamil Nadu is one of the most industrialized states in India and is the country’s major hub for automobile manufacturing, textiles, agritech, and electronics parts and equipment. Owing to huge demand for workers in these sectors, which offer better salaries and continuous employment, laborers from other states tend to migrate to Tamil Nadu. Though the exact number of migrant workers currently working in the State is unknown, the number of workers registered on the Labor Department’s portal as of March 2023 is 600,000.

Portal to Track Migrant Workers in Tamil Nadu Allegedly Hacked

To keep track of the influx of migrant workers into the state and to ensure that they are provided with proper facilities, the Tamil Nadu Government launched a portal, http://labour.tn.gov.in/ism, in June 2023. Local entrepreneurs who employed these workers in shops, commercial establishments, hotels, restaurants, agriculture, schools, colleges, local bodies, and motor establishments were asked to create a login ID, submit details like a registration certificate, license number issued by the Labor Department, and fill in details about the migrant workers, such as their name, mobile number, date of birth, bank account details, address, and educational qualifications. [caption id="attachment_75460" align="alignnone" width="1920"] Source: Tamil Nadu Labor Department Website[/caption] Additionally, migrant workers in the construction sector were asked to furnish their employment certificate, age proof (to ensure no minors below the age of 18 were employed),  bank passbook, and documents for legal heir or nominee as a legal heir were to be submitted so that the kin of workers would be eligible for a claim of INR (Indian Rupees) 500,000 in case of death to the worker. Additionally, the workers were eligible for insurance coverage of up to INR 200,000.

Decoding Tamil Nadu Migrant Workers Data Breach

Thread Actor Pills on BreachForums has allegedly carried out a data breach on the above portal, which, at the time of writing this article, continues to remain inactive. According to the information posted by the threat actor, Pills is selling the full database of laborers, that includes a list of registered users and applications. The price quoted by the TA for selling the database is, however, not clear. A closer inspection on the sample data shared by the threat actor revealed that there are 2,356,430 rows of applications, 101,446 rows of contractors and 66,917 rows of registered users. The Tamil Nadu government officials are yet to react to this alleged data breach. The article would be updated based on further input. This is not the first time that a key website of the Tamil Nadu Government has been breached. In May 2024, miscreants hacked the Facial Recognition Software (FRS) portal of Tamil Nadu police.  The portal contained more than 60 lakh records of individuals, including pictures, names, FIR numbers, and details of police officers. It was being used by more than 46,000 people in the department across the state to identify and track suspects, missing people, and others through facial recognition. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

New York-based cyber risk ratings vendor SecurityScorecard has filed a lawsuit against its cyber risk management rival Safe Security for alleged involvement in unfair competition and misappropriating trade secrets. SecurityScorecard has accused its former employee, Mary Polyakova of being a key perpetrator of the embezzlement. According to the lawsuit, Polyakova retrieved SecurityScorecard’s confidential information like list of customers and prospects, before quitting the company last month and later joining Safe Security in Silicon Valley as its sales vice president. The breach of confidential information was apparently valued at $40 million at SecurityScorecard which includes details of 9,300 customers and prospects. In a 30-page complaint filed on Tuesday in the Southern District of New York, SecurityScorecard said, “While brazenly touting a 'revolutionary' approach to cybersecurity risk management, defendant Safe's only true 'revolution' is its unconstrained reliance upon unlawful skullduggery and unfair competition to build its business." Meanwhile, SafeSecurity CEO Saket Modi, refuting the allegations, said that his company’s competitors like SecurityScorecard were laying off many of its employees because of its poor business and this is resorting to legal retribution.

SecurityScorecard shares embezzlement details

According to SecurityScorecard, Polyakova allegedly misappropriated an exhaustive list of the company's customers and prospects, which included the Master East List and CISO Prospect Lists and later shared the information on her personal email. It claimed that if this customer information was misused by Safe Security, it could damage the business prospects of SecurityScorecard. [caption id="attachment_75297" align="alignnone" width="800"] Source: Linkedin[/caption] The company feared that Safe Security could unlawfully poach its customers, which could harm the business interests of SecurityScorecard. Before joining SafeSecurity, Polyakova had spent four years in SecurityScorecard’s sales organization. "SSC's customer and prospect list is the direct result of years of marketing and sales efforts and cannot be replicated through publicly available sources," the company said. "SSC therefore undertakes considerable efforts to maintain the secrecy of its confidential information, including the Master East List and the CISO Prospect Lists." The company alleged that apart from stealing the data and poaching customers, Safe Security used fake accounts to illegally access SecurityScorecard's customer platform and tried to enhance its own cybersecurity offerings. SecurityScorecard alleged that Safe Security misused this access to quality-check its products and make misleading comparisons on the company's website, "Safe has used a shell company or an entirely fake domain to impermissibly access the SSC [SecurityScorecard] platform to perform competitive intelligence gathering," the company said. "This appears to have included trying: (i) to see the SSC products and services purchased by SSC customers; and (ii) validating SAFE's own offerings to customers."

SecurityScorecard Wants End to Unlawful Practices

According to SecurityScorecard, Safe Security, through its actions, would be violating the former’s end-user SaaS agreement, including registration of IP addresses under fake domains. Safe Security had allegedly launched a webpage to compare its services with SecurityScorecard, the lawsuit alleged. "On April 9, 2024, Safe's Co-Founder and Chief Executive Officer, Saket Modi, bragged to SSC's President, Sachin Bansal, that Safe was interviewing former SSC employees with no real intention of hiring them for open positions," the company said. “As proof of these illicit fact-finding endeavors, Mr. Modi touted to Mr. Bansal confidential statistics on SSC's hiring and restructuring practices," it added. SecurityScorecard claimed that Safe Security had conducted fake job interviews with its employees to elicit confidential business information. The company sought monetary damages as well as stay order to stop Safe Security and Polyakova from using or disclosing the alleged stolen information. "Even when caught in this web of deceptive wrongdoing, Safe has simply adopted a 'deny, deny, deny' posture, effectively doubling down on their unlawful conduct," SecurityScorecard said, and added, "That’s precisely what necessitates the injunctive relief now sought here, to put an immediate end to these unlawful practices and protect SSC's trade secrets and confidential and proprietary information." SecurityScorecard said it had pumped in over $200 million to develop its customer and prospect base and had measures in place to protect its proprietary information.

Less than a week after The Cyber Express exposed the data breach of a crime reporting app in India’s Telangana State, a hacker has now claimed to have engineered yet another cyberattack on Telangana Police's data. The Thread Actor (TA) has claimed to have carried out the TSCOP App Cyberattack, which is the Telangana Police’s internal crime detection app across all its wings. The massive data breach claims to expose the personal details of police officers, criminals, and gun license holders in Telangana.

Understanding the TSCOP App Cyberattack

TSCOP app was launched on January 1, 2018, to ensure better collaboration and operational efficiency of the police at all levels across the state of Telangana. The app received a boost when it was equipped with the Facial Recognition System (FRS) whereby the police could identify criminals in a few seconds by comparing a suspect's face with lakhs of digital photographs of people, including previous offenders, wanted and those missing stored in the central database. The App was also adjudged the ‘Best IT Project’ in India, for empowering police with information technology. [caption id="attachment_74941" align="alignnone" width="1200"] Source: Telangana Police Website[/caption] The TSCOP App Cyberattack was masterminded by a threat actor who goes by the name “Adm1nFr1end.” The same thread actor was responsible for Telangana Police’s Hawk Eye app data breach last week. The claims of cyberattack on the TSCOP app emerged on June 5, 2024, when the TA posted the alleged leaked data on BreachForums site. According to the TA, the leaked data includes the names, phone numbers and email addresses of police personnel from the Anti-Corruption Bureau, the Anti-Narcotics Bureau, Intelligence, Greyhounds (counter-insurgency wing against terrorists), Home Guards, and a host of other wings of the Telangana Police.

TSCOP App Cyberattack Samples

To substantiate the claims of cyberattack, the thread actor shared a few samples which revealed the phone number, name and designation of police officers. In a few cases, the district and zone of the concerned police officer were also leaked, along with the cop’s IMEI mobile number. But what could be major concern to the police is the leak of data related to criminals who were recently booked. The TA shared samples of offenders who were recently booked, which revealed the operations carried out by the concerned police station, the names, ages, mobile numbers, and addresses of the accused, the date on which they were booked, and in a few cases, the crime for which they were booked. The hacker also shared another sample, which could be of critical concern owing to breach of privacy of citizens. This data breach revealed the names, addresses, voter ids, date of birth and license number of citizens who had applied for a gun license and the reason for holding a weapon.

Experts Site Weak System Behind TSCOP App Cyberattack

When the Telangana Police’s website was hacked last week, cybersecurity experts had warned the cops of multiple attacks in the future. India’s popular data security researcher Srinivas Kodali said, “It is easy to hack into their system as they used basic authentication and encoding.” He condemned the state police for not hiring proper developers and putting the privacy of several thousand users at risk. [caption id="attachment_74951" align="alignnone" width="687"] Source: X[/caption] The Cyber Express has reached out to the Telangana Police, seeking their response on the cyberattack. We will update this story as we get more information. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.