Cyber Security Headlines: Tornado Cash indictment, UN cybercrime treaty, Lazarus crypto cashout

Tornado Cash developers face indictment

The court for the Southern District of New York announced it charged Tornado Cash developers Roman Semenov and Roman Storm with three conspiracy counts related to their cryptocurrency mixer. Authorities arrested Storm on the charges. An indictment alleges the men knew their service added cybercriminals in violation of US sanctions. It also claims Tornado Cash laundered over $1 billion in criminal funds. The Treasury Department’s Office of Foreign Asset Control also imposed sanctions on Semenov the same day. 

(The Verge)

UN begins final cybercrime treaty talks

Recorded Future’s sources say this treaty will not radically change law enforcement’s approach to cybercrime, instead aiming for more modest proposals that will pass a General Assembly vote. The first UN convention on cybercrime came in 2001 in Budapest, but wasn’t signed by Brazil, China, India, or Russia. The treaty will reportedly act as a political document to increase law enforcement coordination with nations that didn’t sign the Budapest agreement. Sources say initial negotiations focus on points of consensus, signaling a workable treaty will come out of the talks.  

(The Record)

FBI warns of North Korean crypto cash out

The Federal Bureau of Investigation warned crypto exchange operators to look out for actors connected to the North Korean-back Lazarus Group. The FBI believes the group may seek to cash out over $40 million dollars in bitcoin. Investigators found over 1500 stolen bitcoins moved into six crypto wallets, indicating the group plans to cash out. This may represent a small fraction of the funds stolen by Lazarus. Bleeping Computer highlighted a recent TRM Labs report that estimates over the last five years, the group orchestrated over 30 attacks, stealing over $2 billion in crypto assets. 

(The Block, Bleeping Computer)

Court convicts Lapsus$ teens

A Southwark Crown Court in London convicted two teens on charges related to activities by the Lapsus$ group. This included an unnamed 17-year-old as well as 18-year old Arion Kurtaj, who met online back in July 2021. The court found Kurtaj accessed data at the telcos BT and EE, eventually demanding a $4 million ransom to not leak data. Authorities initially arrested the two teens in early 2022, before releasing them for further investigation. After this initial arrest, the two aided in a breach of Nvidia, and leaked game footage from Rockstar Games.  


Thanks to our sponsor, HyperProof

It’s more critical than ever to focus on strategically addressing risk, but how can you do it when working with limited resources? That’s where Hyperproof comes in: Hyperproof is a risk and compliance operations platform that helps you automate evidence collection, task management, and collaboration within your organization so you can focus on what matters most: keeping your company secure by prioritizing strategy, not manual processes. Get a demo at

Hosting firm loses customer data after ransomware attack

A ransomware attack hit the Danish hosting firms CloudNordic and AzeroCloud last week. The two firms belong to the same parent company. A statement from the two firms said ”the majority of our customers have consequently lost all their data with us.” The ransomware attack hit during a data center migration, allowing attackers access to all data silos, backups, and admin systems.  The firms say they will not pay a ransom and began working with security experts and law enforcement on next steps. The notices recommend customers attempt to recover data from local backups or the Internet Archive’s Wayback Machine. 

(Bleeping Computer)

Meta expands Messenger encryption 

Meta’s popular Messenger app began offering end-to-end encryption as an option years ago. But this came as an opt-in “secret conversation” feature that required turning it on or each chat. These chats also didn’t offer feature parity with unsecured chats. Now Meta began rolling out more robust end-to-end default encryption to Messenger, with plans to make it standard to all users by the end of the year.  Meta also began testing on-device recovery options for encrypted chats. The company will also enable end-to-end encryption for Instagram Direct Messages by the end of the year. 


Malicious npm packages target Roblox devs

ReversingLabs released details on an ongoing campaign using dozen of npm packages to deploy infostealers on developers for the popular game Roblox. Since at least August 1st, attackers use a spoofed module that appears like the noblox.js package. This provides the same API wrapper functionality, but deploys the open-source infostealer Luna Token Grabber. The researchers note a similar campaign operated on npm two years ago. But it noted this most recent attempt shows sophistication, with cleverly hidden functionality, and a rapidly iteration second stage. 

(The Hacker News)

IBM puts LLM to work translating COBOL

COBOL remains one of the oldest programming languages with surprising staying power. A survey by The Stack estimated that in 2022, over 800 million lines of COBOL were used in daily production environments, possibly increasing over the last 5 years. This comes as the pool of COBOL programmers continues to shrink. With that in mind, IBM announced Code Assistant for IBM Z, a large language model designed to translate COBOL to Java. IBM expects general availability by Q4. The system offers enough nuance to recommend if a sub-service should stay written in COBOL. IBM recommends company use vulnerability scanners to help ensure translated code doesn’t introduce new security issues. 


Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.