2017, Cybercrime and Information Security

Law enforcement seized the Genesis Market cybercrime marketplace

Security Affairs

APRIL 5, 2023

The FBI seized the Genesis Market , a black marketplace for stolen credentials that was launched in 2017. Law enforcement seized the Genesis Market black marketplace, a platform focused on the sale of stolen credentials, as part of Operation Cookie Monster.

Marketing

Marketing Cybercrime Accountability Education

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. Crooks obtain the information by conducting spear-phishing and ransomware attacks, or other means. ” reads the alert published by the FBI. Pierluigi Paganini.

Cybercrime

Cybercrime Education Accountability Phishing

Who Wants to Fuel Independent and High Quality OSINT/Cybercrime and Threat Intelligence Research? Accepting BitCoin Donations

Security Boulevard

MARCH 18, 2023

Dear blog readers, Did you already grab a copy of my 2019-2023 " Dancho Danchev's Blog - Mind Streams of Information Security Knowledge " Ebook which is 1.7GB compilation for free? Did you already grab a copy of my Twitter 2017-2023 Ebook compilation for free? Accepting BitCoin Donations appeared first on Security Boulevard.

Cybercrime

Cybercrime Cyber threats Information Security

Russian cybercrime group likely behind ongoing exploitation of PaperCut flaws

Security Affairs

APRIL 24, 2023

Truebot has been active since 2017 and some researchers linked it to the Russian Silence Group , while a recent investigation linked it to threat actor TA505 (aka Evil Corp). .” The researchers noticed that the domain hosting the tools employed in the attack, windowservicecemter[.]com, com, was registered on April 12, 2023.

Cybercrime

Cybercrime Software Education Ransomware

A man faces up to 25 years in prison for his role in operating unlicensed crypto exchange BTC-e

Security Affairs

FEBRUARY 6, 2024

“According to the indictment, between 2011 and July 2017, Aliaksandr Klimenka, 42, allegedly controlled BTC-e, a digital currency exchange, with Alexander Vinnik and others.” BTC-e was popular in the cybercrime ecosystem, it was an illegal platform because it was not registered as a money services business with the U.S.

Cryptocurrency

Cryptocurrency Spyware Cybercrime Hacking

TheMoon bot infected 40,000 devices in January and February

Security Affairs

MARCH 26, 2024

The activity of the TheMoon botnet was first spotted in 2014, and since 2017 its operators added to the code of the bot at least 6 IoT device exploits. The new version of the bot has been spotted infecting thousands of outdated devices in 88 countries.

IoT

IoT Cybercrime Internet Internet

A Ukrainian man is the third FIN7 member sentenced in the United States

Security Affairs

APRIL 8, 2022

A Ukrainian man was sentenced in the US to 5 years in prison for his criminal activity in the cybercrime group FIN7. for high-level hacking activity in the cybercrime group FIN7 (aka Carbanak Group and the Navigator Group). Iarmak is the third member of the FIN7 cybercrime group to be sentenced in the U.S. in May 2020.

Cybercrime

Cybercrime Hacking Software Phishing

Nissan Oceania data breach impacted roughly 100,000 people

Security Affairs

MARCH 14, 2024

The company did not share details about the attack or its scope, but a few weeks later the Akira ransomware group claimed to have stolen 100 GB of information from the company. Stolen data included corporate files and personal information Nissan refused to pay the ransom and the cybercrime group published the alleged stolen files.

Data breaches

Data breaches Identity Theft Financial Services Cybercrime

TA505 Cybercrime targets system integrator companies

Security Affairs

NOVEMBER 12, 2019

The analysis of a malicious email revealed a possible raising interest of the TA505 cybercrime gang in system integrator companies. The domain validtree.com is registered through namecheap.com on 2017-12-07T15:55:27Z but recently renewed on 2019-10-16T05:35:18Z. I am a computer security scientist with an intensive hacking background.

Cybercrime

Cybercrime Computers and Electronics Penetration Testing Malware

DarkGate malware campaign abuses Skype and Teams

Security Affairs

OCTOBER 16, 2023

The researchers speculate the originating accounts of the instant messaging applications were compromised through the leaked credentials available on cybercrime forums.

Malware

Malware Cryptocurrency Accountability Cybercrime

Gafgyt botnet is targeting EoL Zyxel routers

Security Affairs

AUGUST 11, 2023

A variant of the Gafgyt botnet is actively attempting to exploit a vulnerability, tracked as CVE-2017-18368 (CVSS v3: 9.8), impacting the end-of-life Zyxel P660HN-T1A router. Zyxel addressed the vulnerability in 2017 with the release of new firmware, however, the vendor warned that a Gafgyt variant was exploiting the flaw in 2019.

Firmware

Firmware Hacking Cybercrime Information Security

North Korea-linked hackers stole $626 million in virtual assets in 2022

Security Affairs

DECEMBER 22, 2022

. “South Korea’s main spy agency, the National Intelligence Service, said North Korea’s capacity to steal digital assets is considered among the best in the world because of the country’s focus on cybercrimes since U.N. economic sanctions were toughened in 2017 in response to its nuclear and missile tests.” Citing the U.S.

Cryptocurrency

Cryptocurrency Cybercrime Media Government

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

.” The DOJ’s statement doesn’t mention that RSOCKS has been in operation since 2014, when access to the web store for the botnet was first advertised on multiple Russian-language cybercrime forums. “Thanks to you, we are now developing in the field of information security and anonymity!,”

Advertising

Advertising Cybercrime System Administration Hacking

Admins of Genesis Market marketplace sold their infrastructure on a hacker forum

Security Affairs

JULY 17, 2023

In April, the FBI seized the Genesis Market , a black marketplace for stolen credentials that was launched in 2017. As reported by BleepingComputer , on June 28, the alleged admin of Genesis Market (GenesisStore) announced on a cybercrime forum that the platform was available for sale.

Marketing

Marketing Accountability Cybercrime Passwords

Helix Bitcoin Mixer operator charged for laundering over $300M worth of Bitcoin

Security Affairs

FEBRUARY 14, 2020

An American was charged with money laundering while operating the dark web Helix Bitcoin mixer service between 2014 and 2017. Larry Dean Harmon (36), from Akron, Ohio, was charged with laundering more than $310 million worth of Bitcoin while he was operating a Darknet-based cryptocurrency laundering service between 2014 and 2017.

Cryptocurrency

Cryptocurrency Advertising Cybercrime Engineering

U.S. Treasury Department sanctions darkweb marketplace Hydra Market

Security Affairs

APRIL 6, 2022

The seizure of the Hydra Market is the result of an international investigation conducted by the Central Office for Combating Cybercrime (ZIT) in partnership with U.S. Hydra quickly rose to become the most prominent Russian-language darknet market after the closure of a key competitor in 2017. SecurityAffairs – hacking, cybercrime).

Marketing

Marketing Cybercrime Advertising Hacking

Germany police shut down Hydra Market dark web marketplace

Security Affairs

APRIL 6, 2022

The seizure of the Hydra Market is the result of an international investigation conducted by the Central Office for Combating Cybercrime (ZIT) in partnership with U.S. “Hydra quickly rose to become the most prominent Russian-language darknet market after the closure of a key competitor in 2017. billion euros in 2020 alone.

Marketing

Marketing Cybercrime Advertising Hacking

Magniber Ransomware operators use PrintNightmare exploits to infect Windows servers

Security Affairs

AUGUST 12, 2021

CrowdStrike recently observed a malicious activity associated with Magniber ransomware , a threat that has been active since 2017. “CrowdStrike recently observed new activity related to a 2017 ransomware family, known as Magniber, using the PrintNighmare vulnerability on victims in South Korea. ” CrowdStrike concludes.

Ransomware

Ransomware Cybercrime Encryption Hacking

Russians charged with hacking Mt. Gox exchange and operating BTC-e

Security Affairs

JUNE 9, 2023

Bilyuchenko is also charged with conspiring with Alexander Vinnik to run the virtual currency exchange BTC-e from 2011 to 2017. The BTC-e virtual currency is popular in the cybercrime underground because it was used by crooks to launder funds for illegal activities.

Hacking

Hacking Cryptocurrency Advertising Banking

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Security Affairs

OCTOBER 29, 2020

The government agencies receive information about imminent attacks, threat actors are using the TrickBot botnet to deliver the infamous ransomware to the infected systems. “CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.

Healthcare

Healthcare Ransomware Cybercrime DNS

Telstra Telecom discloses data breach impacting former and current employees

Security Affairs

OCTOBER 5, 2022

Narelle Devine, the company’s chief information security officer for the Asia Pacific region, added that no customer account information was stored on the third-party platform. It seems that the security breach also impacted other companies. to several other organisations.

Data breaches

Data breaches Telecommunications Accountability Information Security

Uber hacked, internal systems and confidential documents were allegedly compromised

Security Affairs

SEPTEMBER 16, 2022

We don’t have an estimate right now as to when full access to tools will be restored, so thank you for bearing with us,” Latha Maripuri, Uber’s chief information security officer, told NYT via email. This is not the first time that the company suffered a security breach.

Hacking

Hacking Data breaches Engineering Information Security

Russian nation sentenced to 48 months in prison for helping Kelihos Botnet to evade detection

Security Affairs

DECEMBER 12, 2021

Koshkin was arrested in California in September 2019 , while Tsurkan was arrested in April 2017. At the time the FBI dismantled the Kelihos botnet, in 2017, the malicious infrastructure was composed of at least 50,000 compromised devices around the world.

Antivirus

Antivirus Malware Cybercrime Cyber threats

Alexander Vinnik, the popular cyber criminal goes on trial in Paris

Security Affairs

OCTOBER 19, 2020

In 2017, Greek Police arrested the Russian national Alexander Vinnik and they accused the man of running the BTC-e Bitcoin exchange to launder more than US$4bn worth of the cryptocurrency. SecurityAffairs – hacking, cybercrime). Vinnik is also accused to be responsible for the failure of the Japanese bitcoin exchange Mt.

Advertising

Advertising Cybercrime Hacking Cryptocurrency

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion. The botnet was first discovered by Fortinet in March, the DDoS botnet targeted several routers and web servers by exploiting known vulnerabilities. The botnet targets multiple architectures, including arm, bsd, x64, and x86.

Malware

Malware DDOS IoT Cybercrime

Nigerian National pleads guilty to participating in a millionaire BEC scheme

Security Affairs

SEPTEMBER 24, 2023

The man was extradited from Canada to the United States on April 12, 2023. “According to his plea agreement, from February 2017 until at least July 2017, Simon-Ebo conspired with others to perpetrate a BEC scheme.” According to the US authorities, fraudulent activities caused losses of more than $6 million to the victims.

Accountability

Accountability Banking Hacking Cybercrime

SynAck ransomware gang releases master decryption keys for old victims

Security Affairs

AUGUST 13, 2021

The news was first reported by TheRecord website, the master decryption keys work for victims that were infected between July 2017 and early 2021. “The keys have been verified as authentic by Michael Gillespie , a malware analyst at security firm Emsisoft and the creator of the ID-Ransomware service.”

Ransomware

Ransomware Authentication Malware Hacking

German BKA arrested the alleged operator of Deutschland im Deep Web darknet market

Security Affairs

OCTOBER 30, 2022

The Darknet marketplace was a crucial service for drug trafficking in the cybercrime underground for several years. . As a result, the darkweb marketplace was shut down in 2017 by the BKA also arrested its operator and sentenced him to seven years in prison in 2018. “The arrest took place on Tuesday, October 25.

Marketing

Marketing Cybercrime Mobile Internet

Iran-linked MERCURY APT behind destructive attacks on hybrid environments

Security Affairs

APRIL 10, 2023

MERCURY (aka MuddyWater , SeedWorm and TEMP.Zagros ) has been active since at least 2017, in January 2022 the USCYBERCOM has officially linked the Iran-linked APT group to Iran’s Ministry of Intelligence and Security (MOIS). Threat actors masqueraded the attacks as a standard ransomware operation.

Ransomware

Ransomware Cybercrime VPN Education

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

LeakedSource was advertised on a number of popular cybercrime forums as a service that could help hackers break into valuable or high-profile accounts. LeakedSource also tried to pass itself off as a legal, legitimate business that was marketing to security firms and professionals. us, but denied being the operator of LeakedSource.

Hacking

Hacking Accountability Data breaches Marketing

Most ransomware attacks take place outside the working hours

Security Affairs

MARCH 17, 2020

Security experts from FireEye published an interesting report on the Ransomware deployment trends, it revealed that most of the attacks (76%) against the enterprise sector occur outside working hours. FireEye compiled the report using data from dozens of ransomware infections that it has investigated from 2017 to 2019.

Ransomware

Ransomware Advertising Malware Cybercrime

Defiant Tech firm who operated LeakedSource pleads guilty

Security Affairs

MAY 20, 2019

The LeakedSource website was launched in late 2015, in January 2017 the popular data breach notification website has been raided by feds. “I am immensely proud of this outcome as combatting cybercrime is an operational priority for us.” SecurityAffairs – cybercrime, LeakedSource). Pierluigi Paganini.

Cybercrime

Cybercrime Data breaches Advertising Passwords

TA547 targets German organizations with Rhadamanthys malware

Security Affairs

APRIL 12, 2024

TA547 is a financially motivated threat actor that has been active since at least November 2017, it was observed conducting multiple campaigns to deliver a variety of Android and Windows malware, including DanaBot , Gootkit , Lumma stealer , NetSupport RAT , Ursnif , and ZLoader.

Malware

Malware Social Engineering Retail Engineering

Enemybot, a new DDoS botnet appears in the threat landscape

Security Affairs

APRIL 17, 2022

The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion. Researchers from Fortinet discovered a new DDoS botnet, tracked as Enemybot, that has targeted several routers and web servers by exploiting known vulnerabilities. Upon installing the threat, the bot drops a file in /tmp/.pwned

DDOS

DDOS Architecture Malware Cybercrime

NightLion hacker is selling details of 142 million MGM Resorts hotel guests

Security Affairs

JULY 14, 2020

“The new finding came to light over the weekend after a hacker put up for sale the hotel’s data in an ad published on a dark web cybercrime marketplace.” The hacker claims to have obtained the database from the hack of the DataViper monitoring service operated by the security firm Night Lion Security.

Data breaches

Data breaches Advertising Hacking Cybercrime

Creator of multiple IoT botnets, including Satori, pleaded guilty

Security Affairs

SEPTEMBER 4, 2019

Schuchman , Vamp, and Drake created the Satori botnet in between July and August 2017. Between September an October 2017, Schuchman and his accomplices developed a new version of Satori named Okiru. In November 2017 the trio created a new version named Masuta , that targeted GPON routers. SecurityAffairs – Satori, cybercrime).

IoT

IoT DDOS Internet Internet

Russian Alexander Vinnik sentenced in Paris to five years in prison for money laundering

Security Affairs

DECEMBER 8, 2020

The French court acquitted Vinnik of charges of extortion and association with a cybercrime organization. In 2017, Greek Police arrested the Russian national Alexander Vinnik and they accused the man of running the BTC-e Bitcoin exchange to launder more than US$4bn worth of the cryptocurrency.

Cryptocurrency

Cryptocurrency Hacking Ransomware Cybercrime

Two PoS Malware used to steal data from more than 167,000 credit cards

Security Affairs

OCTOBER 25, 2022

MajikPOS PoS malware was first spotted by Trend Micro in early 2017, when it was used to target businesses in North America and Canada. On July 18, 2019, the source code for MajikPOS (aka MagicPOS) was offered for sale on the cybercrime forum “exploit[.]in” MajikPOS is written using the “.NET

Malware

Malware Cybercrime Banking Marketing

Developer of DDoS Mirai based botnets sentenced to prison

Security Affairs

JUNE 26, 2020

Schuchman, Vamp, and Drake created the Satori botnet in between July and August 2017. Between September an October 2017, Schuchman and his accomplices developed a new version of Satori named Okiru. In November 2017 the trio created a new version named Masuta , that targeted GPON routers. ” continues the DoJ.

DDOS

DDOS IoT Advertising Internet

Source code of Dharma ransomware now surfacing on public hacking forums

Security Affairs

MARCH 29, 2020

.” reads the post published by “This, in turn, would result in the broader proliferation among multiple cybercrime groups, and an eventual surge in attacks.” ” The availability of the source code online will allow threat actors to create their own versions and start distributing them.

Ransomware

Ransomware Hacking Advertising Malware

Data from Sephora and StreetEasy data breaches added to HIBP

Security Affairs

OCTOBER 7, 2019

The data has been available for sale in the cybercrime underground since February. HIBP also included data from a data breach suffered by Sephora Southeast Asia in January 2017 that exposed data for 780,073 customers, including customer’s dates of birth, email addresses, ethnicities, genders, names, and physical attributes.

Data breaches

Data breaches Passwords Advertising Cybercrime

Russian cybercriminal Aleksandr Brovko sentenced to 8 years in jail

Security Affairs

NOVEMBER 3, 2020

According to The Register , Brovko was retained by co-conspirator Alexander Tverdokhlebov, who was sentenced to over nine years in 2017 after pleading guilty to possessing 40,000 stolen credit card numbers and controlling a botnet composed of up to 500,000 infected computers.

Accountability

Accountability Banking Advertising Data collection

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

includes several new flaws, including: Vulnerability Affected software CVE-2017-17105 Zivif PR115-204-P-RS CVE-2019-10655 Grandstream CVE-2020-25223 WebAdmin of Sophos SG UTM CVE-2021-42013 Apache CVE-2022-31137 Roxy-WI CVE-2022-33891 Apache Spark ZSL-2022-5717 MiniDVBLinux. “Since the release of Zerobot 1.1,

IoT

IoT DDOS Malware Firmware

Marcus Hutchins sentenced to supervised release, no jail for the expert

Security Affairs

JULY 27, 2019

In August 2017, he was arrested in Las Vegas after attending the Def Con hacking conference and was detained by the FBI in the state of Nevada. In August 2017, Marcus Hutchins pleaded not guilty to charges of creating and selling malware at a hearing in Milwaukee, Wisconsin. . SecurityAffairs – Marcus Hutchins, cybercrime).

Banking

Banking Malware Advertising Cybercrime

Law enforcement seized the Genesis Market cybercrime marketplace

FBI: Compromised US academic credentials available on various cybercrime forums

Trending Sources

Who Wants to Fuel Independent and High Quality OSINT/Cybercrime and Threat Intelligence Research? Accepting BitCoin Donations

Russian cybercrime group likely behind ongoing exploitation of PaperCut flaws

A man faces up to 25 years in prison for his role in operating unlicensed crypto exchange BTC-e

TheMoon bot infected 40,000 devices in January and February

A Ukrainian man is the third FIN7 member sentenced in the United States

Nissan Oceania data breach impacted roughly 100,000 people

TA505 Cybercrime targets system integrator companies

DarkGate malware campaign abuses Skype and Teams

Gafgyt botnet is targeting EoL Zyxel routers

North Korea-linked hackers stole $626 million in virtual assets in 2022

Meet the Administrators of the RSOCKS Proxy Botnet

Admins of Genesis Market marketplace sold their infrastructure on a hacker forum

Helix Bitcoin Mixer operator charged for laundering over $300M worth of Bitcoin

U.S. Treasury Department sanctions darkweb marketplace Hydra Market

Germany police shut down Hydra Market dark web marketplace

Magniber Ransomware operators use PrintNightmare exploits to infect Windows servers

Russians charged with hacking Mt. Gox exchange and operating BTC-e

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Telstra Telecom discloses data breach impacting former and current employees

Uber hacked, internal systems and confidential documents were allegedly compromised

Russian nation sentenced to 48 months in prison for helping Kelihos Botnet to evade detection

Alexander Vinnik, the popular cyber criminal goes on trial in Paris

EnemyBot malware adds new exploits to target CMS servers and Android devices

Nigerian National pleads guilty to participating in a millionaire BEC scheme

SynAck ransomware gang releases master decryption keys for old victims

German BKA arrested the alleged operator of Deutschland im Deep Web darknet market

Iran-linked MERCURY APT behind destructive attacks on hybrid environments

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Most ransomware attacks take place outside the working hours

Defiant Tech firm who operated LeakedSource pleads guilty

TA547 targets German organizations with Rhadamanthys malware

Enemybot, a new DDoS botnet appears in the threat landscape

NightLion hacker is selling details of 142 million MGM Resorts hotel guests

Creator of multiple IoT botnets, including Satori, pleaded guilty

Russian Alexander Vinnik sentenced in Paris to five years in prison for money laundering

Two PoS Malware used to steal data from more than 167,000 credit cards

Developer of DDoS Mirai based botnets sentenced to prison

Source code of Dharma ransomware now surfacing on public hacking forums

Data from Sephora and StreetEasy data breaches added to HIBP

Russian cybercriminal Aleksandr Brovko sentenced to 8 years in jail

A new Zerobot variant spreads by exploiting Apache flaws

Marcus Hutchins sentenced to supervised release, no jail for the expert

Stay Connected