Hacker Group TheDarkOverlord Targets LA Investment Bank
A Los Angeles-based investment bank appears to be the latest victim of the hacker group that goes by the name TheDarkOverlord.
The hacker group leaked corporate files of WestPark Capital via Pastebin after the hacker group claimed that Richard Rappaport, CEO of WestPark Capital, refused to pay ransom or as the group calls it “handsome, business proposal.”
WestPark Capital is an investment banking and securities brokerage firm that caters to private and public companies as well as institutional and individual investors.
The LA Times reported that the CEO of a company referred to in two files released by the hacker group said that those documents appear legitimate.
To date, WestPark Capital has not commented on the apparent hacking incident.
In a comment posted on Information Security Buzz, Jamie Moles, security consultant at cyber security firm Lastline, said:
TheDarkOverlord have reported themselves that they managed to hack Westpark Capital and others not through the common technique of phishing emails and malware attacks but by taking advantage of a bug in the Microsoft Remote Desktop Protocol (RDP) – this is traditional hacking and not something we see reported so much nowadays.
The security consultant at Lastline added: “There is the outstanding issue of their system being broken into via the RDP protocol – this is a standard technical tool for remote management of server devices and frankly their network perimeter security must have been lax for this to have ever worked. It’s normal security practice to limit the RDP protocol on firewalls to allow only certain IP addresses to access your systems and it looks likely that Westpark failed to implement this basic step.”
According to health data security company Protenus, TheDarkOverlord was also responsible for the hacking incident in July this year involving the breached of 23,565 patient records.
Security researcher Dissent Doe reported in June this year that the hacker group TheDarkOverlord tried to sell on the deep web 9.3 million patient records from an unspecified U.S. health insurance company for 750 Bitcoin.
Featured image from Shutterstock.