Czech Republic

Country

Czech Railways Website and App Hacked

January 3, 2023

The website and application of the state railway carrier České dráhy were attacked by hackers. The website and the booking application may therefore be unavailable according to the carrier. Passengers will be checked in without surcharge. The spokeswoman did not want to give details about the beginning of the attack and the type of attack for security reasons. [machine translated].

read more

Cyberattack at Czech Institute of Nuclear Research Did Not Threaten Reactor Operations

December 12, 2022

The Institute of Nuclear Research Řež was attacked by a hacker group. It only attacked economic systems, which caused, for example, a delay in sending wages. The technological systems remained intact, the operation of the reactors was not threatened by the attack.

Hackers penetrated the institute’s internal system using the Ransomware program, which blocks the computer system and encrypts the data stored in it. It demands a ransom from the user for data recovery.
Zdroj: https://www.idnes.cz/zpravy/domaci/ustav-jaderneho-vyzkumu-kyberutok-hackeri.A221207_135851_domaci_vajo

read more

Bitcoin ATM Manufacturer Suffers Attack

March 17, 2023

General Bytes, a manufacturer of Bitcoin ATMs, disclosed a security incident that resulted in the theft of millions of dollars’ worth of funds. Attackers were able to steal cryptocurrency from the company and its customers using a Zero Day in its BATM management platform.
In terms of the March 17-18 incident, here is what General Bytes said what happened:
The attacker identified a security vulnerability in the master service interface used by Bitcoin ATMs to upload videos to server.
The attacker scanned the Digital Ocean cloud hosting IP address space and identified running Crypto Application Server (CAS) services on ports 7741, including the General Bytes Cloud service and other GB ATM operators running their servers on Digital Ocean (our recommended cloud hosting provider).
Using this security vulnerability, attacker uploaded his own application directly to application server used by admin interface. Application server was by default configured to start applications in its deployment folder.

read more