FBI Alert Issued As Time Traveling Hackers Attack—Act Now

FBI Alert Issued As Time Traveling Hackers Attack—Act Now

Enable 2FA as time-traveling hackers strike. Update, March 31, 2025: This story, originally published March 29, has been updated with further Medusa mitigation advice from the FBI as well as additional insight into another “as a service” threat, this time from the Morphing Meerkat threat which uses DNS over HTTPS to escape detection.

One that I didn’t see coming, let alone think I would be writing myself, was a warning about time-traveling hackers on the back of the FBI warning. But here we are. How Time Travel And The FBI Are Mixed Up In Medusa Attacks

MEDUSA, which is known to have impacted at least 300 critical infrastructure targets, uses social engineering and unpatched software vulnerabilities as part of its exploit campaign. As we are about to discover, that’s not all it uses. For the FBI's outline of tactics, techniques and procedures, indicators of compromise, and detection methods associated with the Medusa attacks, refer to FBI cybersecurity advisory AA25-071A.

Quite a lot of technical information regarding the Medusa malware has come to light since that FBI alert was raised, however, including methods used to disable anti-malware protections as I reported March 22. Now, that technical detail has taken an unexpected twist: time travel.

Boris Cipot, a security expert, stated that time-traveling hackers can use Medusa malware to attack systems from the past. This means that if your system is not up-to-date with the latest patches and software updates, it could be vulnerable to attacks from 2012 or even earlier.

This highlights the importance of keeping all operating systems, software, and firmware up-to-date alongside patching when it comes to those internet-facing systems where a known vulnerability is concerned. Patching should always be prioritized over frequent password changes, as these can do more harm than good.

Mitigating The Time Travel Hackers According To The FBI

The FBI has stated that two-factor authentication for all services should be enabled where possible, but in particular for webmail such as Gmail, Outlook and others, along with virtual private networks and any accounts that can access critical systems.

They have also advised users to employ long passwords on all accounts that require them and recommended that administrators refrain from imposing a requirement for frequent password changes, as these can do more harm than good.

Morphing Meerkat: A Phishing-as-a-Service Operation

Bleeping Computer has reported that Morphing Meerkat is a phishing-as-a-service operation that leverages both DNS over HTTPS for detection evasion and DNS email exchange records to “identify victims’ email providers and to dynamically serve spoofed login pages for more than 114 brands.”

These brands include the likes of Gmail, Outlook and Yahoo, to name but a few. The level of danger this phishing-as-a-service operation poses is significant, as it provides attackers with a complete toolkit for launching effective, scalable, and evasive phishing attacks.

Mitigating Morphing Meerkat

The key to mitigating Morphing Meerkat lies in understanding how it works. By using DNS over HTTPS protocol, attackers can hide their true intent, making it difficult to detect and prevent these attacks.

Dirk Schrader, a vice-president of security research at Netwrix, explained that the DoH protocol encrypts DNS queries using the HTTPS protocol which secures communication over the web. However, this also provides a significant privacy advantage for attackers, allowing them to hide their true intent.

Mitigate The Threat

So, what can you do to mitigate both Medusa and Morphing Meerkat? Firstly, enable two-factor authentication for all services where possible, especially for webmail and critical systems. Employ long passwords on all accounts that require them and refrain from imposing frequent password changes.

Prioritize patching for all operating systems, software, and firmware updates, particularly those internet-facing systems with known vulnerabilities. And most importantly, act today to protect yourself against these time-traveling hackers.