CTRL + ALT + SEC

Tag: Crowdstrike

What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 8/4/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Hacker extradited to US for stealing $3.3 million from taxpayers

The article details the successful extradition of Nigerian national Chukwuemeka Victor Amachukwu from France to the U.S., where he faces charges related to a sophisticated hacking and fraud scheme. The core of his alleged criminal activity involved spearphishing attacks targeting U.S. tax preparation businesses. By gaining unauthorized access to these businesses’ computer systems, Amachukwu and his co-conspirators were able to steal the personal data of thousands of American citizens. This stolen information was then used to file fraudulent tax returns and Small Business Administration (SBA) loan applications, resulting in over $3.3 million in confirmed losses to the U.S. government. The extradition underscores the international cooperation necessary to combat cybercrime and demonstrates a commitment by law enforcement to pursue and prosecute individuals who exploit digital vulnerabilities for financial gain, regardless of their physical location.

Beyond the tax and loan fraud, the article highlights Amachukwu’s alleged involvement in a separate, parallel scam. This second scheme involved a fake investment opportunity where victims were convinced to invest millions in non-existent standby letters of credit. This dual-pronged criminal activity paints a picture of a perpetrator who engaged in multiple forms of financial deception, exploiting both technological vulnerabilities and human trust. The indictment against Amachukwu reflects the seriousness of his alleged crimes, with charges including conspiracy to commit computer intrusions, wire fraud, and aggravated identity theft. The potential penalties, including a mandatory two-year consecutive sentence for aggravated identity theft and up to 20 years for each wire fraud count, illustrate the severe legal consequences for such offenses.

The extradition and subsequent court appearance of Amachukwu serve as a significant development in the case, moving it from international pursuit to domestic prosecution. The fact that he was apprehended and extradited from France, where he was presumably located after the alleged crimes took place, showcases the global reach of U.S. law enforcement and its ability to work with international partners to bring suspects to justice. While a trial date has yet to be scheduled, the article makes it clear that the U.S. government is not only seeking a conviction but also the forfeiture of all proceeds from his criminal activities. This aggressive legal approach aims to both punish the perpetrator and recover the stolen funds, providing a comprehensive response to the financial and personal damage caused by his fraudulent schemes.

Projects
- TryHackMe – JavaScript Essentials – In Progress
Whitepapers
- CrowdStrike 2025 Threat Hunting Report
Articles
- CL-STA-0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaign – Telecommunications organizations in Southeast Asia have been targeted by a state-sponsored threat actor known as CL-STA-0969 to facilitate remote control over compromised networks.
- Python-powered malware snags hundreds of credit cards, 200K passwords, and 4M cookies – PXA Stealer pilfers data from nearly 40 browsers, including Chrome
- North Korea sent me abroad to be a secret IT worker. My wages funded the regime – Jin-su says over the years he used hundreds of fake IDs to apply for remote IT work with Western companies. It was part of a vast undercover scheme to raise funds for North Korea.
- Cisco Says User Data Stolen in CRM Hack – Cisco has disclosed a data breach affecting Cisco.com user accounts, including names, email address, and phone numbers.
- What the Coinbase Breach Says About Insider Risk – The lesson from the breach is not just about what went wrong — but what could have gone right.
- PBS confirms data breach after employee info leaked on Discord servers – PBS has suffered a data breach exposing the corporate contact information of its employees and those of its affiliates, BleepingComputer has learned.
- Hacker extradited to US for stealing $3.3 million from taxpayers – Nigerian national Chukwuemeka Victor Amachukwu has been extradited from France to the U.S. to face charges of hacking, fraud, and identity theft for suspected spearphishing attacks on U.S. tax preparation businesses.
- Hacker used a voice phishing attack to steal Cisco customers’ personal information – A cybercriminal tricked a Cisco representative into granting them access to steal the personal information of Cisco.com users, the company said on Tuesday.
- Air France and KLM disclose data breaches impacting customers – Air France and KLM announced on Wednesday that attackers had breached a customer service platform and stolen the data of an undisclosed number of customers.
- Hacker extradited to US for stealing $3.3 million from taxpayers – Nigerian national Chukwuemeka Victor Amachukwu has been extradited from France to the U.S. to face charges of hacking, fraud, and identity theft for suspected spearphishing attacks on U.S. tax preparation businesses.
Podcasts
- Smashing Security – 428: Red flags, leaked chats, and a final farewell
- The 404 Media Podcast – How AI is being used by hackers and criminals
August 11, 2025
Crowdstrike Global Threat Report 2025
CrowdStrike’s 2025 Global Threat Report details the evolving cybersecurity landscape, emphasizing the increasing sophistication and business-like approach of cyber adversaries. The report underscores the rise of “enterprising adversaries” leveraging genAI for social engineering and malicious activities.

TLDR:
- The average breakout time has decreased to 48 minutes, with the fastest recorded breakout time being only 51 seconds.
- Voice phishing (vishing) attacks saw a significant increase of 442% between the first and second half of 2024.
- Attacks related to initial access accounted for 52% of the vulnerabilities observed by CrowdStrike in 2024.
- Advertisements for access brokers increased by 50% year-over-year, indicating a thriving business in providing access as a service.
- China-nexus activity surged by 150% overall, with some targeted industries experiencing a 200% to 300% increase in attacks compared to the previous year.
- 79% of detections in 2024 were malware-free, a significant increase from 40% in 2019, indicating a shift towards hands-on-keyboard techniques.
- 26 new adversaries were tracked by CrowdStrike in 2024, bringing the total to 257.
- Interactive intrusion campaigns increased by 35% year-over-year.
- Valid account abuse was responsible for 35% of cloud-related incidents.
- FAMOUS CHOLLIMA had 304 incidents, with nearly 40% representing insider threat operations.
- LLM-generated phishing messages had a 54% click-through rate, significantly higher than human-written phishing messages at 12%.
- New cloud intrusions increased 26% compared to 2023, indicating more threat actors are targeting cloud services.
- China-nexus intrusions increased 150% across all sectors on average compared to 2023
March 4, 2025
Weekly Cybersecurity Wrap-up 7/15/24
Every week I publish interesting articles and ways to improve your understanding of cybersecurity. This week was a doozy!

Projects
- TryHackMe – John The Ripper – Complete
Whitepapers
- Verizon 2019 Insider Threat Report
- DTEX 2024 Insider Risk Investigations Report
Videos

Articles
- CISA broke into a US federal agency, and no one noticed for a full 5 months – Red team exercise revealed a score of security fails
- Disney’s Internal Slack Breached? NullBulge Leaks 1.1 TiB of Data – Hacktivist group NullBulge claims to have breached Disney, leaking 1.1 TiB of internal Slack data. The leak allegedly includes messages, files, code, and more. This comes amidst breaches affecting AT&T and Ticketmaster.
- AT&T Breach Linked to American Hacker, Telecom Giant Paid $370k Ransom: Reports – The massive AT&T breach has been linked to an American hacker living in Turkey and reports say the telecom giant paid a $370,000 ransom.
- Rite Aid Becomes RansomHub’s Latest Victim After Data Breach – The breach affects older customer information involved in purchases made from June 6, 2017, up until July 30, 2018.
- Email addresses of 15 million Trello users leaked on hacking forum – A threat actor has released over 15 million email addresses associated with Trello accounts that were collected using an unsecured API in January.
- Over 400,000 Life360 user phone numbers leaked via unsecured API – A threat actor has leaked a database containing the personal information of 442,519 Life360 customers collected by abusing a flaw in the login API.
- CrowdStrike update crashes Windows systems, causes outages worldwide – A faulty component in the latest CrowdStrike Falcon update is crashing Windows systems, impacting various organizations and services across the world, including airports, TV stations, and hospitals.
- US Data Breach Victim Numbers Increase by 1,000%, Literally – Though the number of victims has risen, the actual number of breaches has gone down, as fewer, bigger breaches affect more individuals.
Podcasts
- Smashing Security 380: Teachers TikTok targeted, and fraud in the doctors’ waiting room
July 22, 2024