US spy agency hacked, claims no secrets leaked

Cybersecurity Breach at US Spy Satellite Agency

A recent cybersecurity incident has been reported involving the National Reconnaissance Office (NRO), a U.S. spy satellite agency. According to The Register, attackers managed to gain limited access to the NRO's networks. However, officials have stated that no classified secrets were compromised. Instead, the breach reportedly involved unclassified data.

The NRO confirmed to The Register that the incident is under investigation in collaboration with federal law enforcement. They did not comment on whether the attack was linked to the SharePoint vulnerability that affected other government agencies, such as the U.S. National Nuclear Security Administration.

The affected system was the NRO’s unclassified Acquisition Research Center (ARC) website, which serves as a portal for vendors to submit proposals and bid on contracts. The site is separate from the agency's classified networks, so any awarded contract details should remain secure. It also acts as a market research tool for staff to monitor available technologies.

According to the Washington Times, however, there are concerns that attackers may have accessed sensitive information related to CIA technology acquisition efforts, including data tied to the Digital Hammer program. This initiative, launched three years ago by the CIA's Open Source Enterprise director Randy Nixon, aims to accelerate the development of innovative tools for surveillance and intelligence gathering.

Despite these concerns, the CIA has not commented on the matter, and the NRO has reportedly informed any companies affected by the breach.

Data Breach in Dating App Tea

A popular dating application called Tea has suffered a major data breach, exposing 72,000 images, including 13,000 selfies and photo IDs, as well as 59,000 pictures from app posts and direct messages. The app, which allows users to share notes on potential partners and comment on their dating experiences, had over 1.6 million users.

Tea includes a feature called the Catfish Finder AI tool, which uses reverse image searches and public records to identify suspicious identities, including known aliases and criminal histories. One reviewer described the app as "Yelp for exes," highlighting its usefulness for users seeking to avoid potentially harmful relationships.

The exposed database was found in an unsecured Firebase storage bucket connected to the app. The app developers confirmed the breach and initiated an investigation. They claimed the data was collected over two years ago, possibly around the time of the app's 2023 launch, and was stored in compliance with law enforcement requirements related to cyber-bullying prevention.

Seizure of BlackSuit Ransomware Site

Visitors to the dark web site of the BlackSuit ransomware gang have likely been disappointed after a global law enforcement action seized the site. The site, which operated using an onion link, now displays a message indicating it was taken down by Homeland Security as part of Operation Checkmate. The page includes logos from various law enforcement agencies, including the U.S. Secret Service and the National Crime Agency.

However, Cisco reports that a new ransomware-as-a-service group called Chaos has emerged, possibly spun off from the BlackSuit gang. While there is already a known ransomware group with the same name, Cisco suspects this new group is attempting to mislead investigators by using a similar identity.

This tactic is not uncommon, as seen with groups like Hunters International, which often announce shutdowns when they become too notorious. These groups frequently restart under new names, continuing their operations with similar methods.

Criminal Sentenced for Phishing Activities

In London, Ollie Holman, 21, was sentenced to seven years in prison for selling over a thousand phishing kits online and providing tutorials on how to use them. At the time of his arrest, Holman was a student studying electronic and computer engineering at the University of Kent.

Police estimate that Holman made around £300,000 over his two-year criminal career, which he laundered through cryptocurrency exchanges. WMC Global first identified the phishing kits and alerted the police. After a European law enforcement investigation, Holman was arrested in October 2023 but continued offering support via Telegram, leading to a second arrest in May 2024.

The Crown Prosecution Service emphasized that Holman profited from his illegal activities, causing significant financial and emotional harm to individuals and businesses. He is still facing further legal action to seize his assets.

Drug Dealer Caught Using EncroChat

In the UK, a drug dealer was jailed for using the encrypted EncroChat service to communicate. Thomas Hooton, 30, was identified after an associate sent him a picture of his father, Peter Hooton, lead singer of the band The Farm. Messages referencing a black Audi A3 insured by his "arl fella" helped investigators link the handle to Hooton.

Hooton pleaded guilty to conspiring to supply drugs worth around £1.3 million and was sentenced to 10 years and 8 months in prison. Police continue to review EncroChat data to catch more criminals, highlighting how small details can lead to personal identification.