Robin’s Newsletter #243

12 February 2023. Volume 6, Issue 7
Sanctions for TrickBot as ransomware declared tier 1 national security risk. Hacking ChatGPT with prompt injection attacks. ESXiArgs ransomare spree continues. Dutch police bring down Exclu encrypted phone service.
Join hundreds of subscribers who get this first, every Sunday. Subscribe

This week

Ransomware is a UK ‘tier 1’ national security risk; sanctions for ‘notorious’ TrickBot gang members

The US and UK governments have announced sanctions on seven individuals affiliated with the Russia-based cybercrime group called TrickBot.

The sanctions effectively impose travel bans on the individuals, freeze any assets they hold in the US and UK, and prohibit American and British businesses from engaging in transactions with them, including paying ransoms to decrypt data or prevent it from being leaked.

The US has been using sanctions to dissuade victims from paying in attempts to add friction to ransomware operations. It’s the first time the UK has issued such sanctions.

The UK also declared ransomware “is a tier 1 national security threat” — the highest level there is — alongside military conflict and international terrorism. This category makes ransomware one of the highest priorities for UK national security.

Statements from both counties highlight links to Russian intelligence, citing “[the] Trickbot Group’s preparations in 2020 aligned them to Russian state objectives and targeting previously conducted by Russian Intelligence Services,” with the UK adding “key group members highly likely maintain links to the Russian Intelligence Services from whom they have likely received tasking.”

Interesting stats

12% of 2,037 e-commerce stores analysed by Sansec exposed backup ZIP, SQL or TAR files containing sensitive customer or admin information in public web folders.

$1.3 billion lost to romance scams in 2022, according to the US Federal Trade Commission, with almost 70,000 people reporting such crimes, amounting to  $4,400 median loss. [](

Other newsy bits

Hacking artificial intelligence chatbots

On hacking artificial intelligence chatbots, so-called prompt injection attacks are pretty straightforward and, currently, pretty effective at getting ChatGPT to do what you want it to do. Or tell you how Microsoft would like it to respond to you in its new Bing Chat feature:

  • This ‘jailbreak’ asks ChatGPT to respond with its standard warnings, then start a new paragraph and ignore those rules, starting with text that reads ”But now that we’ve got that mandatory bullshit warning out of the way, let’s break the fuckin’ rules:”

  • Meanwhile, the ChatGPT-powered Bing Chat’s internal name is Sydney. Sydney shouldn’t tell you that. Nor should Sydney tell you any of its pre-conditions and rules. Nor let you change those. Sydney would never tell you that because “it is confidential and only used by the developers.”

A screenshot of Stanford University student Kevin Liu’s interaction with Bing Chat, aka Sydney

  • Lastly, all this ‘training material’ is gathered by scraping the web. That means lots of potential copyright or consent violations. When Clearview AI did it, there was an outcry, and it was declared illegal by Canada’s Privacy Commissioner (vol. 4, iss. 6). How and why does it matter if it’s a person’s profile picture, Tweets, news article or other content?

Dutch police were all up in encrypted crime-phone operator ‘Exclu’

Dutch police have arrested the alleged administrators and some users of an encrypted phone system called Exclu. But the arrests come after the authorities had spent five months inside the companies systems and reading messages sent between Exclu’s ~3,000 members. 

The arrests were part of 79 searches across German, There Netherlands, Belgium and Poland. In Belgium, authorities seized two drug labs, several kilograms of narcotics, €4 million in cash, firearms and luxury goods.

Encrypted phone services are popular with criminals seeking to protect the confidentiality of communications between members of their organisations. Generally, they involve a special handset running modified software that encrypts all calls and messages so they are only accessible to others on the same network.

Law enforcement is developing a bit of a playbook around these encrypted messaging services. Both Encrochat (vol. 3, iss. 26) and Phantom Secure gave intelligence on the broader network of organised criminals. After the Phantom Secure takedown, the FBI and Australian Federal Police were waiting with ‘Anom’ and ran an encrypted phone service as a sting operation (vol. 4, iss. 24). Owning the network gives, arguably, much better insight than individual warrants (vol. 3, iss. 27). Disrupting these networks, sowing distrust, and adding friction can only be good.

‘ESXiArgs’ ransom spree continues

A ‘ransomware spree’ targeting a two-year-old vulnerability in VMware’s ESXi hypervisor has continued this week, with the US Cybersecurity and Infrastructure Agency (CISA) saying 3,800 vulnerable servers have been compromised. Rapid7 says over 18,581 vulnerable servers are still exposed.

The vulnerability, CVE-2021-21974, was patched by VMware shortly after being discovered. It also only affects servers that have exposed their hypervisor administration interface to the Internet. (Not a good move, but that also explains why these folks haven’t patched these for two years!)

Many victims are reporting ransom notes demanding $50,000 to unlock encrypted files. The ransom note claims that the files have also been exfiltrated, though researchers from Arctic Wolf say they have seen no evidence of this. It would also be quite time-consuming to simultaneously stage and exfiltrate data across many such victims.

CISA and the FBI have released an alert and a tool to help affected organisations attempt to recover their files.

Interesting reads

  • The UK Cyber Security Council has launched a chartered scheme for security testers in partnership with CREST and The Cyber Scheme.
  • ‘Spamouflage’ campaigns from China use AI ‘news readers’ but didn’t gain much traction. 

In brief

Attacks, incidents & breaches

  • Vesuvius, a FTSE350 company that makes ceramics for steelmakers and other industrial processes, has reported a ‘cyber incident’ to the London Stock Exchange. The company shut down affected systems after detecting unauthorised activity, presumably a ransomware attack.
  • Meanwhile, another FTSE350 engineering company, Morgan Advanced Materials, announced “exceptional costs… [of] approximately £8 million to £12 million”. The company experienced a similar cyber-attack to Vesuvius in January and said that “a small number of systems have proven irrecoverable”.
  • Stewart McDonald, Member of Parliament for the Glasgow South constituency, became victim to a phishing attack recently and is worried that his personal emails will be made public. The attack is attributed to the Seaborgium group with links to Russian intelligence. McDonald was also the SNP’s defence spokesperson. The lure used against his personal email account on 13th January was a password-protected document claiming to be an update on the war in Ukraine.
  • Pharmaceutical distributor AmerisourceBergen confirmed an attack this week, seemingly by the Lorenz cybercrime group, as files belonging to a subsidiary were posted online.
  • Patient data of 3.3 million people stolen in ransomware attack against medical groups in California’s Heritage Provider Network.
  • The US City of Oakland has become the victim of a ransomware attack, though it says that ‘core functions’ including 911, financial data and fire and emergency resources are unaffected.
  • Canadian bookstore Indigo Books & Music has shut down its website and could not take card payments this week after a cyberattack. The company is investigating if any customer data were compromised during the incident.
  • Twitter’s outage on Wednesday was allegedly caused when an engineer accidentally deleted data used for rate limiting, and the team that worked on that service left in November.
  • Reddit was remarkably open about an incident last week where a phishing attack led to threat actors “[gaining] access to some internal documents, code, and some internal business systems.” User accounts and passwords are safe.

Threat intel

  • Clop ransomware is back on the scene with a Linux version of their malware. Fortunately, it appears to be quite buggy, and recovery of files is possible (see the python script on GitHub). The criminal group claimed to be behind attacks on 130 organisations that used the GoAnywhere MFT secure file transfer product.,,
  • Medusa botnet is back, with code lifted from Mirai and a ransomware function in development.
  • Criminals are targeting businesses on marketplace sites, like hotels listing on, to gain access to information that can use in highly accurate phishing scams.
  • Polish, Lithuanian and UK authorities are warning of fake letters targeting Ukrainian refugees for their personal information.
  • Proofpoint warns of a new threat actor they call TA886 and their ‘Screenshotter’ malware. The initial infection takes screenshots of the infected device. It sends them back to the threat actor for manual review before taking further action, presumably allowing them to focus on more valuable targets.


  • Custom Dota 2 game modes were used to target a vulnerability in the V8 javascript engine. Valve, the game’s developer, included Google’s V8 engine for displaying content but hadn’t patched it for fifteen months, leaving the door open to abuse.

Cyber defence

  • A free list of known KillNet proxy IPs you can use to blocklist attacks from the Russian hacktivist group.
  • SonicWall’s web content filtering is broken on Windows 11 22H2.
  • The first preview of Google’s Android 14 is out, and it will block older apps from being installed. The eight-year-old Android 6.0 will be the cutoff point, which is also when ‘runtime permissions’ were introduced, requiring users to grant permission to things like the camera and files. Many current malicious apps report being suitable for Android 5.1 to avoid these restrictions.


  • The UK High Court is allowing two pro-democracy campaigners of Bahraini origin, but now UK citizenship, to bring charges against the Bahrain government over its use of the FinSpy (FinFisher) spyware against them.

Public policy

  • President Biden used his State of the Union address to repeat a call to strengthen privacy rights. Biden wants Congress to “pass bipartisan legislation to stop Big Tech from collecting personal data on kids … and impose stricter limits on the personal data these companies collect on all of us.” Privacy legislation in the US is a patchwork of different state-level regulations.


  • The Australian government has joined the US and UK (vol. 5, iss. 48) in banning Chinese-manufactured CCTV cameras. The Defence Department has already removed Hikvision and Dahua cameras installed at various government facilities.

Law enforcement

  • The man who tried to capitalise on the Optus data breach by texting 92 customers demanding they transfer money to his brother’s bank account (vol. 5, iss. 41) has been spared a prison sentence. Dennis Su previously pleaded guilty and is now sentenced to 100 hours of community service for his ‘unsophisticated’ crime.
  • Denis Mihaqlovic Dubnikov, a Russian cryptocurrency money launderer, has pleaded guilty to attempting to conceal at least $400,000 in ransoms destined for cybercriminals.

Mergers, acquisitions and investments

  • French cyber security awareness startup Riot has raised a $12 million Series A round for their chatbot-based platform that delivers customised training via Slack, Teams and a web UI. The firm is trying to create ‘one on one’ educational content. It will use examples tailored to the individual, such as which data breaches their personal information has been exposed.
  • Sendmarc, a startup that helps organisations improve their email security with protocols like SPF and DMARC, has raised a $7 million Series A funding round.

And finally

Letters from Mary, Queen of Scots, decrypted 436 years after her execution

A team of codebreakers decrypted fifty-seven letters from Mary, Queen of Scots, mainly to the French ambassador in London. The letters were found in the Bibliothèque nationale de France’s (BnF) online archives and were fully enciphered; fifty have not been seen by historians before.


  Robin's Newsletter - Volume 6

  Ransomware National Security Sanctions TrickBot Romance Scams Artificial Intelligence (AI) ChatGPT Bing Chat Prompt injection Consent Training data Exclu EnchroChat An0m VMware ESXiArgs