Cybercriminal Twins Caught After They Forgot to Turn Off Microsoft Teams Recording

网络犯罪双胞胎因忘记关闭 Microsoft Teams 录音被捕

The worst part of your iPhone getting stolen may not be the theft itself. Instead, it’s the phishing attacks waged against people in your contacts. New research this week shows that there’s a thriving ecosystem for tools that let criminals unlock iPhones and target the phone numbers they find inside.

iPhone 被盗最糟糕的部分可能并非失窃本身，而是针对你通讯录中联系人的网络钓鱼攻击。本周的一项新研究显示，目前存在一个繁荣的工具生态系统，允许犯罪分子解锁 iPhone 并针对其中发现的电话号码进行攻击。

Foxconn, the electronics manufacturing giant known for its role in building iPhones, revealed this week that it recently “suffered a cyberattack.” A ransomware group known as Nitrogen, claimed responsibility for the hack and said it had stolen 8 TB of data from the manufacturer. While the theft remains unconfirmed, the fact that Foxconn remains a valuable target is all but inevitable.

以代工 iPhone 而闻名的电子制造巨头富士康本周透露，其近期“遭受了网络攻击”。一个名为 Nitrogen 的勒索软件组织声称对此次黑客攻击负责，并表示已从该制造商处窃取了 8 TB 的数据。虽然失窃情况尚未得到证实，但富士康作为高价值目标的事实几乎是不可避免的。

The skies above the United States-Canada border are about to get a lot more crowded. The Department of Homeland Security and Defense Research and Development Canada plan to run an experiment this fall testing 5G-connected drones for collecting “real-time battlefield intelligence.”

美加边境上空即将变得更加拥挤。美国国土安全部和加拿大国防研究与发展局计划在今年秋季进行一项实验，测试用于收集“实时战场情报”的 5G 连接无人机。

In the Strait of Hormuz, meanwhile, Iran’s Revolutionary Guard Corps are successfully blocking the crucial shipping route using a “mosquito fleet” of small boats as US-Israeli combat operations continue to bombard the country.

与此同时，在霍尔木兹海峡，随着美以军事行动持续对该国进行轰炸，伊朗伊斯兰革命卫队正利用小型快艇组成的“蚊子舰队”成功封锁这一关键航运路线。

And that’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

不仅如此，我们每周都会汇总那些我们未进行深度报道的安全与隐私新闻。点击标题即可阅读完整报道。祝大家保持安全。

Cybercriminal Twins Caught After They Forgot to Turn Off Microsoft Teams Recording

网络犯罪双胞胎因忘记关闭 Microsoft Teams 录音被捕

A lesson for future criminal hackers and rogue employees: When you—and, say, your twin brother—decide to destroy your employer’s network, remember to first close out the Microsoft Teams meeting in which you were fired, so that it doesn’t record you discussing your acts of vengeance.

给未来的黑客和不法员工上一课：当你——或者说，当你和你的双胞胎兄弟——决定破坏雇主的网络时，记得先关闭你们被解雇时的 Microsoft Teams 会议，以免它录下你们讨论复仇行为的过程。

That lesson has now hopefully been driven home for Muneeb and Sohaib Akhter, two hackers who have now pleaded guilty to charges that they destroyed 96 government databases after being fired from their jobs at the federal contractor Opexus. (Muneeb has since tried to recant his guilty plea in handwritten notes to the judge.) Their employer had made the decision to terminate the two 34-year-old brothers after discovering their criminal records, which included multiple hacking and wire fraud charges for crimes as petty as stealing airline miles.

希望 Muneeb 和 Sohaib Akhter 这对双胞胎黑客已经吸取了教训。他们在被联邦承包商 Opexus 解雇后，因破坏 96 个政府数据库的指控已认罪。（Muneeb 此后曾试图通过手写给法官的便条撤回认罪。）雇主在发现这两名 34 岁兄弟的犯罪记录后决定将他们解雇，这些记录包括多项黑客攻击和电信欺诈指控，甚至涉及窃取航空里程等琐碎罪行。

The Teams meeting in which the two men were fired lasted only a few minutes. The detailed planning and execution of their revenge campaign, however, lasted hours and was all recorded by the same Teams meeting that they had failed to close—which was transcribed in a court document spotted by Ars Technica.

两人被解雇的 Teams 会议仅持续了几分钟。然而，他们复仇计划的详细策划和执行过程却持续了数小时，并且全部被那个他们忘记关闭的 Teams 会议录了下来——Ars Technica 在一份法庭文件中发现了这些录音的转录内容。

“Still connected? Still on the VPN?” Sohaib is heard saying to his brother, who lived in the same home. “Delete all their databases?” “We are doing petty shit now,” Muneeb says.

“还连着吗？还在 VPN 上吗？”Sohaib 对住在同一屋檐下的兄弟说道。“把他们的数据库全删了？”“我们现在干的都是些小打小闹的事，”Muneeb 回应道。

Instructure Reaches Deal With Ransomware Gang Following Canvas Hack

Instructure 在 Canvas 被黑后与勒索软件团伙达成协议

Instructure, the company behind the educational software Canvas, said on Monday that it had reached a deal with the hackers calling themselves ShinyHunters who had disrupted Canvas across thousands of US schools and posted ransom messages on victims’ screens. In a message on its website, the company wrote that it “reached an agreement with the unauthorized actor involved in this incident.” The statement went on to claim that the data stolen by the hackers in their breach—including records of 275 million students, according to the hackers—had been “returned” to Instructure, had been destroyed on the hackers’ own systems, and that no Instructure customers would be further extorted. Instructure didn’t explicitly say whether it had paid a ransom, or how much it paid if so.

教育软件 Canvas 的母公司 Instructure 周一表示，已与自称 ShinyHunters 的黑客达成协议。该团伙此前曾导致美国数千所学校的 Canvas 系统中断，并在受害者屏幕上发布了勒索信息。公司在其网站上发布消息称，已“与此次事件中的未经授权行为者达成协议”。声明进一步声称，黑客在入侵中窃取的数据（据黑客称包括 2.75 亿学生记录）已“归还”给 Instructure，并在黑客自己的系统中被销毁，且不会再有 Instructure 的客户受到勒索。Instructure 并未明确说明是否支付了赎金，或支付了多少金额。

Glad to have all that settled. (Until the well-incentivized ransomware industry carries out its next massive disruption.)

很高兴这一切都解决了。（直到利益驱动的勒索软件行业发起下一次大规模破坏为止。）

Alleged Boss of Dream Dark Web Market Arrested in Germany

暗网市场 Dream Market 涉嫌负责人于德国被捕

Dream Market was once the world’s biggest dark web market for drugs and other contraband until it voluntarily shut down in 2019, following a series of raids that arrested many of its sellers. Now, the alleged administrator of the market has reportedly been tracked down and charged, more than seven years after the illicit marketplace disappeared from the internet. Owe Martin Andresen was arrested during a raid on his home and two other locations earlier this month. US and German prosecutors say he made millions of dollars from Dream Market’s commissions, some of which was laundered through gold bars he allegedly bought from a company in Atlanta. Given that Dream Market was launched in 2013—the same year that the original Silk Road dark web drug market was busted—Andresen’s arrest may bring to a close the longest-running dark web drug investigation of all time.

Dream Market 曾是全球最大的毒品及其他违禁品暗网市场，直到 2019 年在一系列逮捕了多名卖家的突袭行动后主动关闭。如今，在该非法市场从互联网消失七年多后，其涉嫌管理员据称已被追踪并起诉。Owe Martin Andresen 在本月初对其住所及其他两个地点的突袭行动中被捕。美国和德国检察官称，他通过 Dream Market 的佣金获利数百万美元，其中部分资金通过他从亚特兰大一家公司购买的金条进行了洗钱。鉴于 Dream Market 成立于 2013 年（与最初的“丝绸之路”暗网毒品市场被查封同年），Andresen 的被捕可能为史上持续时间最长的暗网毒品调查画上句号。

OpenAI Confirms 2 Employees Were Victims of Open Source Hijacking

OpenAI 确认两名员工成为开源劫持受害者

OpenAI disclosed that two of its employees were impacted by a supply chain attack on an open source project called TanStack, a popular library used to build web apps. In a blog post, the company said that it investigated the incident and observed unauthorized access and “credential-focused exfiltration activity” in a limited subset of internal code repositories. The company didn’t find evidence that user data was accessed or that its production systems were compromised. However, it’s now requiring that all macOS users update their OpenAI apps by June 12.

OpenAI 披露，其两名员工受到了一起针对开源项目 TanStack 的供应链攻击的影响，该项目是一个用于构建 Web 应用的流行库。公司在博客文章中表示，已调查该事件，并观察到在有限的内部代码存储库子集中存在未经授权的访问和“针对凭据的窃取活动”。公司未发现用户数据被访问或生产系统被破坏的证据。不过，公司目前要求所有 macOS 用户在 6 月 12 日前更新其 OpenAI 应用。

The TanStack hijacking was part of a larger attack on open source packages used by developers. Hackers embedded malware designed to steal people’s private data, which BleepingComputer reported included Git credentials, GitHub Action tokens, SSH keys, and Claude Code configs.

TanStack 劫持事件是针对开发者所用开源软件包更大规模攻击的一部分。黑客植入了旨在窃取个人隐私数据的恶意软件，据 BleepingComputer 报道，这些数据包括 Git 凭据、GitHub Action 令牌、SSH 密钥和 Claude Code 配置。

Holdout Data Broker Removes Code That Hid Its Opt-Out Page for 3 Years

顽固数据经纪商移除隐藏其退出页面长达 3 年的代码

Findem, a major American data broker previously caught hiding its data-deletion page from Google, says it has taken steps to correct the problem after three years. The firm told Democrats on the Joint Economic Committee this week that a former employee had embedded a “no index” code on the company’s website, preventing consumers from f

美国主要数据经纪商 Findem 此前被发现向 Google 隐藏其数据删除页面，该公司表示在三年后已采取措施纠正该问题。该公司本周向联合经济委员会的民主党人表示，一名离职员工曾在公司网站上嵌入了“禁止索引”（no index）代码，导致消费者无法 f