Lockbit claim to have hacked the Federal Reserve exposed as a lie

Russia-linked hacking gang posted data stolen from elsewhere

Lockbit claim to have hacked the Federal Reserve exposed as a lie

The troubled hacking group Lockbit claimed on Sunday to have hacked the US Federal Reserve, without offering any proof. Yesterday, the threat actors posted data on the dark web stolen from a different institution.

Earlier this week, in what looks like a bid to reassert itself after the recent unmasking and sanctioning of its leader, the gang claimed to have stolen 33 terabytes of "juicy banking information containing American's banking secrets" from the Federal Reserve.

A clue that Lockbit were lying could be found in the fact that group didn't leak a ‘proof pack' or provide any other evidence that they were indeed sitting on a treasure trove of stolen federal data. Lockbit simply issued a statement threatening: "You better hire another negotiator within 48 hours, and fire this clinical idiot who values Americans' bank secrecy at $50,000".

https://twitter.com/H4ckManac/status/1805716148417433864?ref\\_src=twsrc%5Etfw

When the group began publishing data on the dark web yesterday, it became clear that it belonged to a different US financial institution – Evolve Bank & Trust,

A security company based in Dubai posted on X that the victim was Evolve, and the bank later confirmed that it had indeed been the subject of an attack.

In a statement available on its website the company said:

"Evolve is currently investigating a cybersecurity incident involving a known cybercriminal organization that appears to have illegally obtained and released on the dark web the data and personal information of some Evolve retail bank customers and financial technology partners' customers (end users). We take this matter extremely seriously and are working diligently to address the situation.

"Evolve has engaged the appropriate law enforcement authorities to aid in our investigation and response efforts. Based on what our investigation has found and what we know at this time, we are confident this incident has been contained and there is no ongoing threat."

The statement was updated a few hours ago to confirm that:

"Our investigation confirms, at this time, Evolve retail banking customers' debit cards, online, and digital banking credentials do not appear to be impacted by the cybersecurity incident. Those credentials appear to be secure."

Nonetheless, customers are advised to remain vigilant for unusual activity. Recently the Federal Reserve had found multiple deficiencies in Evolve Bank's risk management and compliance. It found that the bank had engaged in "unsafe and unsound banking practices by failing to have in place an effective risk management framework for those partnerships."

The bank was subsequently ordered to halt some of its activities and get approval before entering into any new partnerships until it brought its risk management up to an acceptable standard and could demonstrate compliance with anti-money laundering mandates.

Few analysts took this recent claim from Lockbit seriously. The group is still operating but at a significantly reduced level after being seriously disrupted law enforcement in multiple countries earlier this year.