2016, Cybercrime, Hacking and Information Security

DoJ charged 19 individuals in a transnational cybercrime investigation xDedic Marketplace

Security Affairs

JANUARY 8, 2024

19 individuals worldwide were charged in a transnational cybercrime investigation of the now defunct xDedic marketplace. The black marketplace has been active since 2014, it was first analyzed by experts at Kaspersky Lab in 2016. At the time, the domain (xdedic[.]biz) The website quickly reappeared in the Tor network.

Cybercrime

Cybercrime Identity Theft Government Hacking

Married couple pleaded guilty to laundering billions in cryptocurrency stolen from Bitfinex in 2016

Security Affairs

AUGUST 4, 2023

A married couple from New York pleaded guilty this week to laundering billions of dollars stolen from Bitfinex in 2016. The couple pleaded guilty to money laundering charges in connection with the hack of the cryptocurrency stock exchange Bitfinex that took place in 2016. Law enforcement also seized over $3.6

Cryptocurrency

Cryptocurrency Hacking Accountability Banking

Personal health information of 42M Americans leaked between 2016 and 2021

Security Affairs

DECEMBER 31, 2022

Crooks have had access to the medical records of 42 million Americans since 2016 as the number of hacks on healthcare organizations doubled. Medical records of 42 million Americans are being sold on the dark web since 2016, this information comes from cyberattacks on healthcare providers. million in 2016 to close to 16.5

Healthcare

Healthcare Ransomware Backups Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

US seizes $3.6 billion worth of cryptocurrency stolen in 2016 Bitfinex hack

Security Affairs

FEBRUARY 8, 2022

billion worth of cryptocurrency linked to the 2016 Bitfinex cryptocurrency exchange hack. Billion in stolen cryptocurrency stolen during the 2016 hack of Bitfinex. billion in cryptocurrency linked to that hack. SecurityAffairs – hacking, Bitfinex ). The law enforcement seized $3.6 Pierluigi Paganini.

Cryptocurrency

Cryptocurrency Hacking Accountability Marketing

Uber hacked, internal systems and confidential documents were allegedly compromised

Security Affairs

SEPTEMBER 16, 2022

According to the New York Times , the threat actors hacked an employee’s Slack account and used it to inform internal personnel that the company had “suffered a data breach” and provided a list of allegedly hacked internal databases. “I SecurityAffairs – hacking, Uber). states the message.

Hacking

Hacking Data breaches Engineering Information Security

TrickGate, a packer used by malware to evade detection since 2016

Security Affairs

JANUARY 31, 2023

TrickGate is a shellcode-based packer offered as a service, which is used at least since July 2016, to hide malware from defense programs. TrickGate is a shellcode-based packer offered as a service to malware authors to avoid detection, CheckPoint researchers reported.

Malware

Malware Antivirus Manufacturing Healthcare

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] LeakedSource was advertised on a number of popular cybercrime forums as a service that could help hackers break into valuable or high-profile accounts. Abusewith[.]us

Hacking

Hacking Accountability Data breaches Marketing

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

last week said they dismantled the “ RSOCKS ” botnet, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer. ” In 2016, Deniskloster.com featured a post celebrating three years in operation.

Advertising

Advertising Cybercrime System Administration Hacking

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Krebs on Security

JANUARY 24, 2023

The plea comes just months after Emelyantsev was extradited from Bulgaria, where he told investigators, “America is looking for me because I have enormous information and they need it.” “Thanks to you, we are now developing in the field of information security and anonymity! RSOCKS, circa 2016. Image: archive.org.

Cybercrime

Cybercrime Advertising IoT Malware

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The infamous Locky ransomware was first spotted in the wild in February 2016. CryptXXX, another major family discovered in April 2016 and later rebranded as UltraCrypter, relied on exploit kits that used software vulnerabilities to infiltrate systems. The first viable Mac ransomware called KeRanger was spotted in the spring of 2016.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Security Affairs

JULY 11, 2020

A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen data on cybercrime black marketplaces. The Russian criminal was arrested in Prague in October 2016 in an international joint operation with the FBI. Source: US Defense Watch.com.

Hacking

Hacking Cybercrime Data breaches Advertising

Source code of Dharma ransomware now surfacing on public hacking forums

Security Affairs

MARCH 29, 2020

The source code of the infamous Dharma ransomware is now available for sale on two Russian-language hacking forums. The source code of one of the most profitable ransomware families, the Dharma ransomware , is up for sale on two Russian-language hacking forums. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware Hacking Advertising Malware

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Security Affairs

MAY 13, 2024

Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Phorpiex botnet) In December 2021, experts at Check Point Research observed the resurgence of the Phorpiex botnet. The new variant, dubbed “Twizt,” could operate without active C2 servers in peer-to-peer mode.

Phishing

Phishing Ransomware Security Awareness Authentication

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

Krebs on Security

SEPTEMBER 24, 2022

Denis Emelyantsev , as the apparent owner of RSOCKS, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer. “Thanks to you, we are now developing in the field of information security and anonymity!

Cybercrime

Cybercrime Data breaches Malware Ransomware

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Security Affairs

DECEMBER 4, 2021

The Hancitor downloader has been active since at least 2016 for dropping Pony and Vawtrak. SecurityAffairs – hacking, ransomware). The post Cuba ransomware gang hacked 49 US critical infrastructure organizations appeared first on Security Affairs. The alert includes indicators of compromise and mitigations.

Ransomware

Ransomware Hacking Malware Encryption

Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

Security Affairs

APRIL 22, 2024

The threat actors shared a portion of the stolen data with TechCrunch as proof of the hack, it includes records on current and former government officials, diplomats, and politically exposed people. In June 2016, security researcher Chris Vickery found a copy of the World-Check database dated 2014 that was accidentally exposed online.

Risk

Risk Spyware Hacking Accountability

Operation TOURNIQUET: Authorities shut down dark web marketplace RaidForums

Security Affairs

APRIL 12, 2022

The illegal dark web marketplace RaidForums has been shut down and its infrastructure seized as a result of the international law enforcement Operation TOURNIQUET coordinated by Europol’s European Cybercrime Centre. Europol will continue working with its international partners to make cybercrime harder – and riskier –to commit.

Cybercrime

Cybercrime Banking Accountability Hacking

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs

OCTOBER 15, 2019

Chinese-speaking cybercrime gang Rocke that carried out several large-scale cryptomining campaigns, has now using news tactics to evade detection. Chinese-speaking cybercrime gang Rocke, that carried out several large-scale cryptomining campaigns in past , has now using news tactics to evade detection. Pierluigi Paganini.

Cybercrime

Cybercrime DNS Malware Advertising

A Ukrainian man is the third FIN7 member sentenced in the United States

Security Affairs

APRIL 8, 2022

A Ukrainian man was sentenced in the US to 5 years in prison for his criminal activity in the cybercrime group FIN7. for high-level hacking activity in the cybercrime group FIN7 (aka Carbanak Group and the Navigator Group). Iarmak was involved in FIN7 criminal activities from approximately November 2016 through November 2018.

Cybercrime

Cybercrime Hacking Software Phishing

North Korea-linked hackers stole $626 million in virtual assets in 2022

Security Affairs

DECEMBER 22, 2022

The Government of Pyongyang focuses on crypto hacking to fund its military program following harsh U.N. “South Korea’s main spy agency, the National Intelligence Service, said North Korea’s capacity to steal digital assets is considered among the best in the world because of the country’s focus on cybercrimes since U.N.

Cryptocurrency

Cryptocurrency Cybercrime Media Government

Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering

Security Affairs

MAY 6, 2024

.” In July 2018, a Greek lower court agreed to extradite Vinnik to France to face charges of hacking, money laundering , extortion, and involvement in organized crime. French authorities accused Vinnik of defrauding more than 100 people in six French cities between 2016 and 2018.

Cryptocurrency

Cryptocurrency Computers and Electronics Identity Theft Hacking

UK and US sanctioned 11 members of the Russia-based TrickBot gang

Security Affairs

SEPTEMBER 11, 2023

governments sanctioned 11 more individuals who were alleged members of the Russia-based TrickBot cybercrime gang. The United States, in coordination with the United Kingdom, sanctioned eleven more individuals who are members of the Russia-based Trickbot cybercrime group. The sanctions were provided by the U.S. Government and U.S.

Cybercrime

Cybercrime Government Ransomware Banking

Trickbot spreads malware through new distribution channels

Security Affairs

OCTOBER 16, 2021

TrickBot operators are back and expand the distribution channels with partnership with cybercrime affiliates. The gang support other cybercrime groups such as known Hive0105, Hive0106 (aka TA551 or Shathak), and Hive0107, supporting them in expanding their malware campaigns. SecurityAffairs – hacking, cyber security).

Malware

Malware Cybercrime DDOS Social Engineering

‘A uniquely bad idea’? Senators propose hack back study, but most experts’ minds are made up

SC Magazine

JULY 6, 2021

Daines co-sponsored a bill for DHS to research using hacking as a response to an incident. A bipartisan bill introduced last week would have the Department of Homeland Security research what most in cybersecurity refer to as “hacking back”: the use of offensive hacking as part of network defense or incident response.

Hacking

Hacking Government CISO Ransomware

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Security Affairs

OCTOBER 29, 2020

The government agencies receive information about imminent attacks, threat actors are using the TrickBot botnet to deliver the infamous ransomware to the infected systems. “CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to U.S. SecurityAffairs – hacking, ransomware).

Healthcare

Healthcare Ransomware Cybercrime Advertising

Russia-linked APT28 and crooks are still using the Moobot botnet

Security Affairs

MAY 3, 2024

The Moobot botnet has been active since at least 2016, it also includes other routers and virtual private servers (VPS). ” Follow me on Twitter: @securityaffairs and Facebook Pierluigi Paganini ( SecurityAffairs – hacking, APT28) ” concludes the report.

Phishing

Phishing Cryptocurrency Internet Internet

A member of the FIN7 group was sentenced to 10 years in prison

Security Affairs

APRIL 18, 2021

CARBANAK cybercrime gang was first uncovered in 2014 by Kaspersky Lab that dated its activity back to 2013 when the group leveraged the Anunak malware in targeted attacks on financial institutions and ATM networks. Between 2014 and 2016 the group used a new custom malware dubbed Carbanak that is considered a newer version of Anunak.

System Administration

System Administration Penetration Testing Malware Banking

No More Ransom helped ransomware victims to save almost €1B

Security Affairs

JULY 26, 2021

The “No More Ransom” website is an initiative launched in 2016 by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre, Kaspersky and McAfee to help victims of ransomware retrieve their encrypted data without having to pay the criminals. SecurityAffairs – hacking, No More Ransomware).

Ransomware

Ransomware Encryption Cybercrime Hacking

Caketap, a new Unix rootkit used to siphon ATM banking data

Security Affairs

MARCH 18, 2022

Mandiant researchers discovered a new Unix rootkit named Caketap, which is used to steal ATM banking data, while investigating the activity of the LightBasin cybercrime group (aka UNC1945 ). The China-linked hacking group has been active since at least 2016, according to the CrowdStrike researchers it is using a very sophisticated toolset.

Banking

Banking Telecommunications System Administration Hacking

A TrickBot malware developer sentenced to 64 months in prison

Security Affairs

JANUARY 26, 2024

The Seoul High Court Criminal Division 20 (Chief Judge Jeong Seon-jae Baek Suk-jong Lee Jun-hyun) charged Mr. A for being a developer for the TrickBot gang since 2016. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Trickbot)

Malware

Malware Identity Theft Banking Ransomware

Russia-linked APT29 relies on Google Drive, Dropbox to evade detection

Security Affairs

JULY 19, 2022

The Russia-linked APT29 group (aka SVR , Cozy Bear , and The Dukes ) has been active since at least 2014, along with APT28 cyber espionage group was involved in the Democratic National Committee hack and the wave of attacks aimed at the 2016 US Presidential Elections. SecurityAffairs – hacking, APT29). Pierluigi Paganini.

Phishing

Phishing Cybercrime Malware Hacking

Security Affairs newsletter Round 431 by Pierluigi Paganini – International edition

Security Affairs

AUGUST 6, 2023

Reptile Rootkit employed in attacks against Linux systems in South Korea New PaperCut flaw in print management software exposes servers to RCE attacks A cyberattack impacted operations of multiple hospitals in several US states Married couple pleaded guilty to laundering billions in cryptocurrency stolen from Bitfinex in 2016 Malicious packages in (..)

Malware

Malware Cybercrime Cryptocurrency Social Engineering

Alexander Vinnik, the popular cyber criminal goes on trial in Paris

Security Affairs

OCTOBER 19, 2020

Alexander Vinnik allegedly headed the Bitcoin exchange BTC-e, he is charged with different hacking crimes in Russia, France, and the United States. In July 2018 there was a twist, a Greek lower court agreed to extradite Vinnik to France to face with charges with hacking, money laundering , extortion and involvement in organized crime.

Advertising

Advertising Cybercrime Hacking Cryptocurrency

German BKA arrested the alleged operator of Deutschland im Deep Web darknet market

Security Affairs

OCTOBER 30, 2022

The Darknet marketplace was a crucial service for drug trafficking in the cybercrime underground for several years. . In 2016, the perpetrator of the shooting spree in Munich claimed to have bought the murder weapon and ammunition on the platform. SecurityAffairs – hacking, Deutschland im Deep Web). Pierluigi Paganini.

Marketing

Marketing Cybercrime Mobile Internet

The Emotet botnet is back and hits 100K recipients per day

Security Affairs

DECEMBER 26, 2020

Emotet is back on Christmas Eve, cybercrime operators are sending out spam messages to deliver the infamous Trickbot Trojan. Emotet is back on Christmas Eve, after two months of silence, cybercrime operators are sending out spam messages to deliver the infamous Trickbot Trojan. SecurityAffairs – hacking, Emotet).

Cybercrime

Cybercrime Malware Banking Ransomware

FIN8 Group spotted delivering the BlackCat Ransomware

Security Affairs

JULY 18, 2023

The cybercrime group FIN8 is using a revamped version of the Sardonic backdoor to deliver the BlackCat ransomware. The FIN8 group has been active since 2016, it leverages known malware such as PUNCHTRACK and BADHATCH to infect PoS systems and steal payment card data.

Ransomware

Ransomware Cybercrime Malware Hacking

FBI links the Diavol ransomware to the TrickBot gang

Security Affairs

JANUARY 20, 2022

. “The FBI has not yet observed Diavol leak victim data, despite ransom notes including threats to leak stolen information.” ” TrickBot is a popular banking Trojan that has been around since October 2016, its authors have continuously upgraded it by implementing new features. Pierluigi Paganini.

Ransomware

Ransomware Banking Malware Encryption

QQAAZZ crime gang charged for laundering money stolen by malware gangs

Security Affairs

OCTOBER 18, 2020

QQAAZZ attempted to launder tens of millions stolen from victims starting with 2016 by the world’s foremost cybercriminals. SecurityAffairs – hacking, QQAAZZ cybercrime gang). The post QQAAZZ crime gang charged for laundering money stolen by malware gangs appeared first on Security Affairs. Pierluigi Paganini.

Malware

Malware Banking Cryptocurrency Cybercrime

Security Affairs newsletter Round 400 by Pierluigi Paganini

Security Affairs

JANUARY 1, 2023

Personal health information of 42M Americans leaked between 2016 and 2021 Malvertising campaign MasquerAds abuses Google Ads New Linux malware targets WordPress sites by exploiting 30 bugs NETGEAR fixes a severe bug in its routers. SecurityAffairs – hacking, Moshen Dragon). Patch it asap! Pierluigi Paganini.

Cyber Attacks

Cyber Attacks Advertising Cryptocurrency Hacking

CISA and FBI warn of ongoing TrickBot attacks

Security Affairs

MARCH 19, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) warn of ongoing Trickbot attacks despite in October multiple security firms dismantled its C2 infrastructure in a joint operation. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Phishing

Phishing Cybercrime Malware Ransomware

Linux variant of Cerber ransomware targets Atlassian servers

Security Affairs

APRIL 17, 2024

Cado Security Labs recently became aware that Cerber ransomware is being deployed into Confluence servers via the CVE-2023-22518 exploit. Cerber has been active since at least 2016, most recently it was involved in attacks against Confluence servers. ” concludes the report that also includes Indicators of compromise (IoCs).

Ransomware

Ransomware Encryption Malware Accountability

Russian Alexander Vinnik sentenced in Paris to five years in prison for money laundering

Security Affairs

DECEMBER 8, 2020

Alexander Vinnik allegedly headed the Bitcoin exchange BTC-e, he is charged with different hacking crimes in Russia, France, and the United States. The French court acquitted Vinnik of charges of extortion and association with a cybercrime organization. SecurityAffairs – hacking, Alexander Vinnik). Pierluigi Paganini.

Cryptocurrency

Cryptocurrency Hacking Ransomware Cybercrime

New ZLoader malware campaign hit more than 2000 victims across 111 countries

Security Affairs

JANUARY 10, 2022

Zloader is a banking malware that has been active at least since 2016, it borrows some functions from the notorious Zeus 2.0.8.9 Experts attribute this campaign to MalSmoke cybercrime group due to similarities with past attacks. SecurityAffairs – hacking, Zloader). Zeus OpenSSL). Pierluigi Paganini.

Malware

Malware Banking Software Cybercrime

Enemybot, a new DDoS botnet appears in the threat landscape

Security Affairs

APRIL 17, 2022

The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion. SecurityAffairs – hacking, Enemybot). The post Enemybot, a new DDoS botnet appears in the threat landscape appeared first on Security Affairs. The botnet targets multiple architectures, including arm, bsd, x64, and x86.

DDOS

DDOS Architecture Malware Cybercrime

DoJ charged 19 individuals in a transnational cybercrime investigation xDedic Marketplace

Married couple pleaded guilty to laundering billions in cryptocurrency stolen from Bitfinex in 2016

Webinars

Trending Sources

Personal health information of 42M Americans leaked between 2016 and 2021

Webinars

US seizes $3.6 billion worth of cryptocurrency stolen in 2016 Bitfinex hack

Uber hacked, internal systems and confidential documents were allegedly compromised

TrickGate, a packer used by malware to evade detection since 2016

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Meet the Administrators of the RSOCKS Proxy Botnet

Administrator of RSOCKS Proxy Botnet Pleads Guilty

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Source code of Dharma ransomware now surfacing on public hacking forums

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

Operation TOURNIQUET: Authorities shut down dark web marketplace RaidForums

Chinese-speaking cybercrime gang Rocke changes tactics

A Ukrainian man is the third FIN7 member sentenced in the United States

North Korea-linked hackers stole $626 million in virtual assets in 2022

Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering

UK and US sanctioned 11 members of the Russia-based TrickBot gang

Trickbot spreads malware through new distribution channels

‘A uniquely bad idea’? Senators propose hack back study, but most experts’ minds are made up

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Russia-linked APT28 and crooks are still using the Moobot botnet

A member of the FIN7 group was sentenced to 10 years in prison

No More Ransom helped ransomware victims to save almost €1B

Caketap, a new Unix rootkit used to siphon ATM banking data

A TrickBot malware developer sentenced to 64 months in prison

Russia-linked APT29 relies on Google Drive, Dropbox to evade detection

Security Affairs newsletter Round 431 by Pierluigi Paganini – International edition

Alexander Vinnik, the popular cyber criminal goes on trial in Paris

German BKA arrested the alleged operator of Deutschland im Deep Web darknet market

The Emotet botnet is back and hits 100K recipients per day

FIN8 Group spotted delivering the BlackCat Ransomware

FBI links the Diavol ransomware to the TrickBot gang

QQAAZZ crime gang charged for laundering money stolen by malware gangs

Security Affairs newsletter Round 400 by Pierluigi Paganini

CISA and FBI warn of ongoing TrickBot attacks

Linux variant of Cerber ransomware targets Atlassian servers

Russian Alexander Vinnik sentenced in Paris to five years in prison for money laundering

New ZLoader malware campaign hit more than 2000 victims across 111 countries

Enemybot, a new DDoS botnet appears in the threat landscape

Stay Connected