2019, Cybercrime and System Administration

How Did Authorities Identify the Alleged Lockbit Boss?

Krebs on Security

MAY 13, 2024

This post examines the activities of Khoroshev’s many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years. was used by a Russian-speaking member called Pin on the English-language cybercrime forum Opensc. Dmitry Yuryevich Khoroshev.

Ransomware

Ransomware Cybercrime Accountability Malware

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

.” The DOJ’s statement doesn’t mention that RSOCKS has been in operation since 2014, when access to the web store for the botnet was first advertised on multiple Russian-language cybercrime forums. A copy of the passport for Denis Kloster, as posted to his Vkontakte page in 2019. info , allproxy[.]info

Advertising

Advertising Cybercrime System Administration Hacking

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

SecureList

OCTOBER 20, 2021

Having been in the field for so long, we have witnessed some major changes in the cybercrime world’s modus operandi. This report shares our insights into the Russian-speaking cybercrime world and the changes in how it operates that have happened in the past five years.

Cybercrime

Cybercrime Banking Malware Ransomware

A Closer Look at the Snatch Data Ransom Group

Krebs on Security

SEPTEMBER 30, 2023

GandCrab dissolved in July 2019, and is thought to have become “ REvil ,” one of the most ruthless and rapacious Russian ransomware groups of all time. “The command requires Windows system administrators,” Truniger’s ads explained. “Experience in backup, increase privileges, mikicatz, network.

Ransomware

Ransomware Accountability Cybercrime Backups

A member of the FIN7 group was sentenced to 10 years in prison

Security Affairs

APRIL 18, 2021

The Ukrainian national Fedir Hladyr (35), aka “das” or “AronaXus,” was sentenced to 10 years in prison for having served as a manager and systems administrator for the financially motivated group FIN7 , aka Carbanak. companies, predominantly in the restaurant, gambling, and hospitality industries.” ” concludes DoJ.

System Administration

System Administration Penetration Testing Malware Hacking

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)

Security Affairs

OCTOBER 3, 2023

Our investigation revealed that this remote endpoint is associated with criminal activities dating back to 2019, indicating that these hosts were likely under the control of the same technical administration. For instance: In September 2019, Cybereason found this hostname in old LockBit 2.0

Scams

Scams Ransomware System Administration Malware

Caketap, a new Unix rootkit used to siphon ATM banking data

Security Affairs

MARCH 18, 2022

Mandiant researchers discovered a new Unix rootkit named Caketap, which is used to steal ATM banking data, while investigating the activity of the LightBasin cybercrime group (aka UNC1945 ). CrowdStrike researchers reported that at least 13 telecommunication companies were compromised by the group since 2019.

Banking

Banking Telecommunications System Administration Hacking

FireEye experts found source code for CARBANAK malware on VirusTotal?

Security Affairs

APRIL 23, 2019

CARBANAK cybercrime gang was first uncovered in 2014 by Kaspersky Lab that dated its activity back to 2013 when the group leveraged the Anunak malware in targeted attacks on financial institutions and ATM networks. MB) [link] — Nick Carr (@ItsReallyNick) April 22, 2019. kb3r1p.rar 879 files (15.03

Malware

Malware Penetration Testing Banking System Administration

FIN7 sysadmin behind “billions in damage” gets 10 years

Malwarebytes

APRIL 20, 2021

In 2018 three high-ranking members of a sophisticated international cybercrime group operating out of Eastern Europe were arrested and taken into custody by US authorities. Ukrainian nationals Dmytro Fedorov, Fedir Hladyr, and Andrii Kolpakov, were members of a prolific hacking group widely known as FIN7. The conviction.

System Administration

System Administration Banking Malware Penetration Testing

FireEye experts found source code for CARBANAK malware on VirusTotal?

Security Affairs

APRIL 23, 2019

CARBANAK cybercrime gang was first uncovered in 2014 by Kaspersky Lab that dated its activity back to 2013 when the group leveraged the Anunak malware in targeted attacks on financial institutions and ATM networks. MB) [link] — Nick Carr (@ItsReallyNick) April 22, 2019. kb3r1p.rar 879 files (15.03

Malware

Malware Penetration Testing Banking System Administration

Dissecting the malicious arsenal of the Makop ransomware gang

Security Affairs

MARCH 14, 2023

The Makop criminals were recently using version 2.5.3869 of the tool, which dates back to 2019. In fact, Makop criminals are still using tools built back in 2019 and 2020 to compromise small and medium enterprises around the world. Advanced_Port_Scanner_2.5.3869.exe Everything is freeware software maintained by Voidtools.

Ransomware

Ransomware Software System Administration Encryption

The Challenges in Building Digital Trust

SecureWorld News

DECEMBER 11, 2023

System administrators didn't bother locking down their systems, because the possibility of bad actors using them didn't really cross their minds. What Stoll was calling us to do is to take the threats of scams, misinformation campaigns, and cybercrime seriously.

Technology

Technology Artificial Intelligence Cybercrime Government

Updates from the MaaS: new threats delivered through NullMixer

Security Affairs

MARCH 27, 2023

The Originating Malvertising Campaign According to CTI investigation on the adversary infrastructure, we were able to identify an ongoing campaign luring system administrators to install the malicious code into their machines.

Malware

Malware Social Engineering Encryption Marketing

Kaseya Ransomware Supply-Chain Attack: What We Know So Far

Digital Shadows

JULY 5, 2021

On 02 July 2021, details started to emerge of a sophisticated supply-chain attack targeting Kaseya VSA, virtual system administrator software used to manage and monitor customers’ infrastructure. REvil is ransomware that was first observed in April 2019.

Ransomware

Ransomware Encryption Cryptocurrency System Administration

Ransomware Gangs and the Name Game Distraction

Krebs on Security

AUGUST 5, 2021

Reinvention is a basic survival skill in the cybercrime business. REvil’s last big victim was Kaseya , a Miami-based company whose products help system administrators manage large networks remotely. ” That CrowdStrike report was from July 2019.

Ransomware

Ransomware Cybercrime Malware System Administration

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

lazydocker : A simple terminal UI for both docker and docker-compose : [link] pic.twitter.com/HsK17rzg8m — Binni Shah (@binitamshah) July 1, 2019. Brian Krebs is an independent investigative reporter known for his coverage of technology, malware , data breaches , and cybercrime developments. Brian Krebs | @briankrebs.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

Canadian Police Raid ‘Orcus RAT’ Author

Krebs on Security

APRIL 2, 2019

31, 2019, Rezvesz said his company recently was the subject of an international search warrant executed jointly by the Royal Canadian Mounted Police (RCMP) and the Canadian Radio-television and Telecommunications Commission (CRTC). In an “official press release” posted to pastebin.com on Mar.

Advertising

Advertising Malware Software Marketing

The Hacker Mind Podcast: Ethical Hacking

ForAllSecure

MAY 26, 2022

.” I wrote about the pending Cyber Security Enhancement Act of 2002 (CSEA) and said: “ The problem with this legislation is that it's often very difficult to determine who is responsible for any given cybercrime. Who is responsible? Is it the hospital, which should have had a power backup? And they were gone like the first day.

Hacking

Hacking Technology InfoSec Media

IT threat evolution Q2 2021

SecureList

AUGUST 12, 2021

This tool was used as part of an ongoing campaign that we named “ TunnelSnake “ The rootkit was detected on the targeted machines as early as November 2019; and another tool we found, showing significant code overlaps with the rootkit, suggests that the developers had been active since at least 2018. Black Kingdom ransomware.

Ransomware

Ransomware Malware Banking Encryption

Cyber Security Informer

How Did Authorities Identify the Alleged Lockbit Boss?

Meet the Administrators of the RSOCKS Proxy Botnet

Trending Sources

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

A Closer Look at the Snatch Data Ransom Group

A member of the FIN7 group was sentenced to 10 years in prison

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)

Caketap, a new Unix rootkit used to siphon ATM banking data

FireEye experts found source code for CARBANAK malware on VirusTotal?

FIN7 sysadmin behind “billions in damage” gets 10 years

FireEye experts found source code for CARBANAK malware on VirusTotal?

Dissecting the malicious arsenal of the Makop ransomware gang

The Challenges in Building Digital Trust

Updates from the MaaS: new threats delivered through NullMixer

Kaseya Ransomware Supply-Chain Attack: What We Know So Far

Ransomware Gangs and the Name Game Distraction

Top Cybersecurity Accounts to Follow on Twitter

Canadian Police Raid ‘Orcus RAT’ Author

The Hacker Mind Podcast: Ethical Hacking

IT threat evolution Q2 2021

Stay Connected