ONUS, one of Vietnam’s largest cryptocurrency platforms, has reportedly fallen victim to a ransomware attack that has been traced to Apache’s remote code execution vulnerability, Log4j, via third-party payment software.
ONUS, a cryptocurrency investment application first launched in March 2020 on both Android and iOS, posted to its site on Friday that its system had been “compromised as a result of a large-scale cyberattack.” ONUS administrators say a “third party was able to gain unauthorized access to and steal certain critical ONUS data.”
Vietnamese cybersecurity firm CyStack, which partners with ONUS and was involved with the investigation, said in a post to its site on Tuesday that the security incident “started with a Log4Shell vulnerability in their payment software provided by Cyclos.”
A spokesperson for Cyclos tells Information Security Media Group that the vendor was “quite shocked and disappointed by this event” and has been in contact with ONUS’ security partner, CyStack. ONUS and CyStack did not immediately respond to Information Security Media Group’s request for comment.
The CyStack researchers say, “Attackers took advantage of the vulnerability in the Cyclos software to attack even before the vendor could inform and provide patch instructions for its clients.” The firm says ONUS patched the vulnerability when it was warned, but that the attackers had likely already infiltrated the system. The security unit says some 2 million ONUS users then had information leaked – including name, email and phone number, address, E-KYC [Know Your Customer] data, hashed passwords, transaction history and “other encrypted information.”
