2021, Cryptocurrency, Cybercrime and Information Security

Russian cybercrime forums launch contests for cryptocurrency hacks

Security Affairs

JUNE 7, 2021

Cybercriminals in Russian underground forums have been invited to take part in competitions for hacking cryptocurrency and NFT. Several Russian underground forums have launched competitions for hacking cryptocurrency schema and Non-fungible token (NFT). SecurityAffairs – hacking, cryptocurrency hack). Pierluigi Paganini.

Cryptocurrency

Cryptocurrency Cybercrime Hacking Technology

Moldovan citizen sentenced in connection with the E-Root cybercrime marketplace case

Security Affairs

MARCH 15, 2024

US DoJ sentenced a Moldovan national (31) to 42 months in federal prison for operating the E-Root cybercrime marketplace. Diaconu was operating the E-Root cybercrime marketplace. ” The marketplace allowed buyers to pay using cryptocurrency exchange and online payment system Perfect Money.

Cybercrime

Cybercrime Cryptocurrency Advertising Passwords

Florida man sentenced to prison for SIM Swapping conspiracy that led to theft of $1M in cryptocurrency

Security Affairs

OCTOBER 30, 2023

A man from Orlando was sentenced to prison for SIM Swapping conspiracy that led to the theft of approximately $1M in cryptocurrency. The man was sentenced for his role in a hacking scheme that led to the theft of approximately $1M worth of cryptocurrency from dozens of victims. ” reads the press release published by DoJ.

Cryptocurrency

Cryptocurrency Accountability Hacking Cybercrime

WeSteal, a shameless commodity cryptocurrency stealer available for sale

Security Affairs

MAY 2, 2021

The bold author of a new cryptocurrency stealer, dubbed WeSteal, is promising its customers a leading way to make money in 2021. According to Palo Alto Networks, the author of WeSteal, that goes online as “ComplexCodes,” started advertising the cryptocurrency stealer on underground forums in mid-February 2021.

Cryptocurrency

Cryptocurrency Malware Advertising System Administration

TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide

Security Affairs

SEPTEMBER 9, 2021

Evidence collected by the experts suggests that the campaign began on July 25, 2021, threat actors used a large set of open-source tools in the attacks. In January 2021, the cybercrime gang launched a new campaign targeting Kubernetes environments with the Hildegard malware. ” reads the analysis published by AT&T.

Cybercrime

Cybercrime Cryptocurrency Penetration Testing Malware

Ukrainian REvil gang member sentenced to 13 years in prison

Security Affairs

MAY 2, 2024

In November 2021, the US Department of Justice charged Vasinskyi, REvil ransomware affiliate, for orchestrating the ransomware attacks on Kaseya MSP platform that took place on July 4, 2021. victims, and we are disrupting the broader cybercrime ecosystem.”

Ransomware

Ransomware Cryptocurrency Cybercrime Encryption

Crooks broke into AT&T email accounts to empty their cryptocurrency wallets

Security Affairs

APRIL 30, 2023

Threat actors are gaining access to AT&T email accounts in an attempt to hack into the victim’s cryptocurrency exchange accounts. Hackers are breaking into the AT&T email accounts and then using the access they are logging into the victim’s cryptocurrency exchange accounts to drain their crypto funds, TechCrunch reported.

Cryptocurrency

Cryptocurrency Accountability Passwords Hacking

German police seized the darknet marketplace Nemesis Market

Security Affairs

MARCH 23, 2024

An operation conducted by the Federal Criminal Police Office in Germany (BKA) and the Frankfurt cybercrime combating unit (ZIT) led to the seizure of the infrastructure of the darknet marketplace Nemesis Market in Germany and Lithuania. The law enforcement confiscated about 94,000 euros worth of cryptocurrencies.

Marketing

Marketing Cybercrime DDOS Internet

The Biden administration will work with 30 countries to curb global cybercrime

Security Affairs

OCTOBER 3, 2021

The Biden administration announced it will work with 30 countries, including NATO allies and G7 partners, to curb global cybercrime. President Joe Biden announced that the US will work with 30 countries to curb cybercrime and dismantle ransomware gangs that are targeting organizations worldwide. Pierluigi Paganini.

Cybercrime

Cybercrime Artificial Intelligence Ransomware Cryptocurrency

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Security Affairs

MAY 13, 2024

In December 2021, experts at Check Point Research observed the resurgence of the Phorpiex botnet. The new variant, dubbed “Twizt,” could operate without active C2 servers in peer-to-peer mode. Each of the infected computers can act as a server and send commands to other bots in a chain.

Phishing

Phishing Ransomware Security Awareness Authentication

The worst cyber attacks of 2021

Security Affairs

JANUARY 3, 2022

Which are the cyber attacks of 2021 that had the major impact on organizations worldwide in terms of financial losses and disruption of the operations? The systems at the company were infected with the Phoenix Locker, a variant of ransomware tracked as Hades that was part of the arsenal of the cybercrime group known as Evil Corp.

Cyber Attacks

Cyber Attacks Ransomware Insurance Hacking

Organizations paid at least $602 million to ransomware gangs in 2021

Security Affairs

FEBRUARY 13, 2022

Organizations have paid more than $600 million in cryptocurrency during 2021, nearly one-third to the Conti ransomware gang. and Australia have published a joint advisory warning of an increased globalised threat of ransomware worldwide in 2021. Last week, cybersecurity agencies from the U.K., added the company. .”

Ransomware

Ransomware Cryptocurrency Cybercrime Malware

Phorpiex botnet is back, in 2021 it $500K worth of crypto assets

Security Affairs

DECEMBER 17, 2021

Experts at Check Point Research have monitored the resurgence of the Phorpiex botnet, an old threat that was involved in sextortion spam campaigns , crypto-jacking, cryptocurrency clipping (substituting the original wallet address saved in the clipboard with the attacker’s wallet address during a transaction) and ransomware attacks in the past.

Cryptocurrency

Cryptocurrency Cybercrime Malware Hacking

Threat actors stole more than $150 million worth of cryptocurrency tokens from BitMart platform

Security Affairs

DECEMBER 6, 2021

Threat actors stole more than $150 million in various cryptocurrencies from the cryptocurrency trading platform BitMart. Cryptocurrency trading platform BitMart has disclosed a security breach, threat actors stole than $150 million in various cryptocurrencies. — Sheldon Xia (@sheldonbitmart) December 6, 2021.

Cryptocurrency

Cryptocurrency Hacking Cybercrime Information Security

Ex-Canadian government employee admits to being a member of the Russian cybercrime gang NetWalker

Security Affairs

JUNE 30, 2022

A former Canadian government IT worker admitted to being a high-level member of the Russian cybercrime group NetWalker. to charges related to his involvement with the Russian cybercrime group NetWalker. in cryptocurrency obtained from ransom payments. million as a result of the offenses charged in the indictment.

Cybercrime

Cybercrime Government Ransomware Cryptocurrency

Threat actors use recently discovered CVE-2021-26084 Atlassian Confluence

Security Affairs

SEPTEMBER 30, 2021

Threat actors are actively exploiting the recently disclosed CVE-2021-26084 RCE vulnerability in Atlassian Confluence deployments. At the end of August, Atlassian released security patches to address the critical CVE-2021-26084 flaw that affects the Confluence enterprise collaboration product. link] — U.S.

Cryptocurrency

Cryptocurrency Authentication Malware Marketing

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

Security Affairs

FEBRUARY 10, 2022

The FBI reported that US citizens have lost more than $68 million to SIM swapping attacks in 2021, the number of complaints since 2018 and associated losses have increased almost fivefold. In 2021, IC3 received 1,611 SIM swapping complaints with adjusted losses of more than $68 million.”

Mobile

Mobile Cryptocurrency Authentication Accountability

APWG: Phishing maintained near-record levels in the first quarter of 2021

Security Affairs

JUNE 13, 2021

The Anti-Phishing Working Group (APWG) revealed that the number of phishing websites peaked at record levels in the first quarter of 2021. The Anti-Phishing Working Group (APWG) has published its new Phishing Activity Trends Report related to the first quarter of 2021. Reported Phishing Websites for Q1 2021.

Phishing

Phishing Advertising Cryptocurrency Encryption

Conti Ransomware Group Diaries, Part IV: Cryptocrime

Krebs on Security

MARCH 7, 2022

The candid messages revealed how Conti evaded law enforcement and intelligence agencies , what it was like on a typical day at the Conti office , and how Conti secured the digital weaponry used in their attacks. This final post on the Conti conversations explores different schemes that Conti pursued to invest in and steal cryptocurrencies.

Ransomware

Ransomware Cryptocurrency DDOS Scams

French authorities arrested a Russian national for his role in the Hive ransomware operation

Security Affairs

DECEMBER 14, 2023

“A Russian, suspected of having recovered in cryptocurrencies the money taken from French victims of the powerful Hive ransomware , dismantled in January, was arrested last week, AFP learned on Tuesday December 12 from the judicial police.” anti-cybercrime (Ofac).” anti-cybercrime (Ofac).”

Ransomware

Ransomware Cryptocurrency Cybercrime VPN

USCYBERCOM and CISA warn organizations to fix CVE-2021-26084 Confluence flaw

Security Affairs

SEPTEMBER 3, 2021

USCYBERCOM is urging organizations to patch a critical CVE-2021-26084 flaw in Atlassian Confluence Server and Data Center, ahead of the Labor Day weekend. . US Cyber Command (USCYBERCOM) has issued an alert to warn US organizations to address Atlassian Confluence CVE-2021-26084 vulnerability immediately, ahead of the Labor Day weekend.

Authentication

Authentication Cryptocurrency Hacking Government

Glupteba botnet is back after Google disrupted it in December 2021

Security Affairs

DECEMBER 19, 2022

The Glupteba botnet is back, researchers reported a surge in infection worldwide after Google disrupted its operation in 2021. In December 2021, Google announced it has taken down the infrastructure operated by the Glupteba botnet, it also sued Russian nationals Dmitry Starovikov and Alexander Filippov for creating and operating the botnet.

DNS

DNS Antivirus Cryptocurrency Software

German police seized the dark web marketplace Kingdom Market

Security Affairs

DECEMBER 20, 2023

The Kingdom Market was established in March 2021, the offer of the dark web marketplace included drugs, malware, stolen data, and forged documents. “To pay, users of the darknet marketplace used the cryptocurrencies Bitcoin, Litecoin, Monero and Zcash. ” reads a press release published by BKA.

Marketing

Marketing Cryptocurrency Accountability Banking

New RedLine malware version distributed as fake Omicron stat counter

Security Affairs

JANUARY 12, 2022

The RedLine malware allows operators to steal several information, including credentials, credit card data, cookies, autocomplete information stored in browsers, cryptocurrency wallets, credentials stored in VPN clients and FTP clients. 2021-11-26 04:34:54 2021-11-26 10:05:15 149.154.167.91 154.167.91

Malware

Malware Manufacturing Cryptocurrency Cybercrime

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. The messages said recipients had earned an investment credit at a cryptocurrency trading platform called moonxtrade[.]com. A DIRECT QUOT The domain quot[.]pw billion last year.

Scams

Scams DDOS Cryptocurrency Accountability

Google obtained a temporary court order against CryptBot distributors

Security Affairs

APRIL 28, 2023

The malware allows operators to steal login credentials from popular services such as social media platforms and cryptocurrency wallets, then stolen data is sold on cybercrime forums by the operators. CryptBot distributors spread the malware through modified versions of legitimate software such as Google Earth Pro and Google Chrome.

Malware

Malware Cybercrime Cryptocurrency Media

Security Affairs newsletter Round 423 by Pierluigi Paganini – International edition

Security Affairs

JUNE 11, 2023

Experts found new MOVEit Transfer SQL Injection flaws The University of Manchester suffered a cyber attack and suspects a data breach Russians charged with hacking Mt.

Social Engineering

Social Engineering Data breaches Ransomware Cybercrime

French police seized dark web marketplace Le Monde Parallèle

Security Affairs

MAY 26, 2021

Last week, French authorities have seized the dark web marketplace Le Monde Parallèle, it is another success of national police in the fight against cybercrime. French authorities seized the dark web marketplace Le Monde Parallèle, the operation is another success of national police in the fight against cybercrime activity in the dark web.

Cybercrime

Cybercrime Cryptocurrency Banking Mobile

Clipminer Botnet already allowed operators to make at least $1.7 Million

Security Affairs

JUNE 3, 2022

The bot focuses on cryptocurrency mining and cryptocurrency theft via clipboard hijacking. Clipminer was first spotted in early 2021, it likely spread via Trojanized downloads of cracked or pirated software. .” Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Cryptocurrency

Cryptocurrency Malware Hacking Software

Let’s give a look at the Dark Web Price Index 2022

Security Affairs

JUNE 15, 2022

Privacy Affairs published the Dark Web Index, an analysis of prices for illegal services/products available in the black marketplaces and related to the period between February 2021 and June 2022. The document updates the information provided in the Dark Web Index 2022 report. verified account goes for $170 ($710 in 2021).

Identity Theft

Identity Theft Accountability DDOS Cybercrime

Former Ubiquiti employee gets 6 years in jail for stealing confidential data and extorting company

Security Affairs

MAY 15, 2023

” In January 2021, SHARP was working on a team remediating the security incident, when he sent a ransom note to the company. SHARP (37) was arrested in December 2021, in March he pleaded guilty to posing as an anonymous hacker and a whistleblower to extort almost $2 million worth of cryptocurrency while working at Ubiquiti.

Marketing

Marketing Cybercrime Cryptocurrency Hacking

TeamTNT group targets poorly configured Docker servers exposing REST APIs

Security Affairs

NOVEMBER 9, 2021

Threat actors execute malicious scripts to deploy Monero cryptocurrency miners, perform container-to-host escape using well-known techniques, and scan the Internet for exposed ports from other compromised containers. This could be how TeamTNT gained the information it used for the compromised sites in this attack.”

Cryptocurrency

Cryptocurrency Malware Cybercrime Architecture

Crook sentenced to 18 months for stealing $20M in SIM swapping attack

Security Affairs

DECEMBER 6, 2022

DoJ announced that Nicholas Truglia (25) was sentenced to 18 months in prison for the theft of over $20 million worth of cryptocurrency through SIM swapping attacks. Nicholas Truglia and his associates stole a staggering amount of cryptocurrency from the victim through a complex SIM swap scheme.” ” said U.S.

Cryptocurrency

Cryptocurrency Accountability Mobile Hacking

Over 200 Apps on Play Store were distributing Facestealer info-stealer

Security Affairs

MAY 17, 2022

The Facestealer spyware was first spotted on July 2021 by Dr. Web researchers, the development team behind the threat has frequently changed its code. Trend Micro researchers also discovered 40 fake cryptocurrency miner apps that are variants of similar apps that they discovered in August 2021.

Spyware

Spyware Cryptocurrency VPN Malware

US Treasury FinCEN linked $5.2 billion in BTC transactions to ransomware payments

Security Affairs

OCTOBER 16, 2021

FinCEN analyzed a data set composed of 2,184 SARs filed between 1 January 2011 and 30 June 2021 and identified 177 CVC (convertible virtual currency) wallets addresses that were used in ransomware operations associated with the above ransomware variants. ” reads the report published by FinCEN.

Ransomware

Ransomware Cryptocurrency Hacking Cybercrime

Citizen of Croatia charged with running the Monopoly Market drug marketplace

Security Affairs

JUNE 26, 2023

In 2021, law enforcement within the United States placed and received numerous orders for narcotics on the Monopoly Market website from various vendors. “In December 2021, in coordination with foreign law enforcement partners in Germany and Finland, the computer server hosting Monopoly was seized and taken offline.”

Marketing

Marketing Computers and Electronics Cryptocurrency Hacking

Security Affairs newsletter Round 313

Security Affairs

MAY 9, 2021

Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager UNC2529, a new sophisticated cybercrime gang that targets U.S.

Data breaches

Data breaches DDOS VPN Hacking

Threat actors stole $19 million worth of crypto assets from Cream Finance

Security Affairs

AUGUST 31, 2021

Crooks have stolen more than $19 million in cryptocurrency assets from Cream Finance, a decentralized finance (DeFi) platform. Threat actors have stolen more than $19 million in cryptocurrency assets from Cream Finance, a decentralized finance (DeFi) platform. — Cream Finance (@CreamdotFinance) August 30, 2021.

Cryptocurrency

Cryptocurrency Hacking Financial Services Marketing

TeamTNT is back and targets servers to run Bitcoin encryption solvers

Security Affairs

SEPTEMBER 19, 2022

AquaSec researchers observed the cybercrime gang TeamTNT hijacking servers to run Bitcoin solver since early September. In the first week of September, AquaSec researchers identified at least three different attacks targeting their honeypots, the experts associated them with the cybercrime gang TeamTNT. ” concludes the report.

Encryption

Encryption Cybercrime Hacking Malware

A server of the Jenkins project hacked by exploiting a Confluence flaw

Security Affairs

SEPTEMBER 7, 2021

The development team behind the Jenkins server disclose a security breach, threat actors deployed a cryptocurrency miner on one of its servers. The development team behind the Jenkins Project disclosed a security breach after threat actors compromised one of their internal servers and installed a cryptocurrency miner.

Hacking

Hacking Cryptocurrency Authentication Internet

Security Affairs newsletter Round 341

Security Affairs

NOVEMBER 20, 2021

The post Security Affairs newsletter Round 341 appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini. SecurityAffairs – hacking, newsletter).

Banking

Banking Small Business Data breaches Firmware

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

Security Affairs

DECEMBER 31, 2021

The RedLine malware allows operators to steal several information, including credentials, credit card data, cookies, autocomplete information stored in browsers, cryptocurrency wallets, credentials stored in VPN clients and FTP clients. Internationally sourced data, exfiltrated in Sept and Aug 2021.

Accountability

Accountability Malware Data breaches Passwords

State of the Industry: Where Is Cybersecurity Headed in 2022?

SecureWorld News

FEBRUARY 10, 2022

With analysis from over 3,500 companies spread across the world, the almanac details key trends in 2021 and how they can shape the outlook for 2022. In what was a record year for cybercrime, we also saw a record year for investments and mergers and acquisitions. A total of $29.3

Cybersecurity

Cybersecurity Digital transformation Cryptocurrency Marketing

ERMAC 2.0 Android Banking Trojan targets over 400 apps

Security Affairs

MAY 27, 2022

ERMAC was first spotted by researchers from Threatfabric in July 2021, it is based on the popular banking trojan Cerberus. is able to steal credentials for financial and cryptocurrency apps included in the list of targeted apps that are sent by the C2. The ERMAC Android banking trojan version 2.0 IoCs: Distribution: bolt-food[.]site

Banking

Banking Malware Cybercrime Phishing

Russian cybercrime forums launch contests for cryptocurrency hacks

Moldovan citizen sentenced in connection with the E-Root cybercrime marketplace case

Trending Sources

Florida man sentenced to prison for SIM Swapping conspiracy that led to theft of $1M in cryptocurrency

WeSteal, a shameless commodity cryptocurrency stealer available for sale

TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide

Ukrainian REvil gang member sentenced to 13 years in prison

Crooks broke into AT&T email accounts to empty their cryptocurrency wallets

German police seized the darknet marketplace Nemesis Market

The Biden administration will work with 30 countries to curb global cybercrime

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

The worst cyber attacks of 2021

Organizations paid at least $602 million to ransomware gangs in 2021

Phorpiex botnet is back, in 2021 it $500K worth of crypto assets

Threat actors stole more than $150 million worth of cryptocurrency tokens from BitMart platform

Ex-Canadian government employee admits to being a member of the Russian cybercrime gang NetWalker

Threat actors use recently discovered CVE-2021-26084 Atlassian Confluence

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

APWG: Phishing maintained near-record levels in the first quarter of 2021

Conti Ransomware Group Diaries, Part IV: Cryptocrime

French authorities arrested a Russian national for his role in the Hive ransomware operation

USCYBERCOM and CISA warn organizations to fix CVE-2021-26084 Confluence flaw

Glupteba botnet is back after Google disrupted it in December 2021

German police seized the dark web marketplace Kingdom Market

New RedLine malware version distributed as fake Omicron stat counter

Interview With a Crypto Scam Investment Spammer

Google obtained a temporary court order against CryptBot distributors

Security Affairs newsletter Round 423 by Pierluigi Paganini – International edition

French police seized dark web marketplace Le Monde Parallèle

Clipminer Botnet already allowed operators to make at least $1.7 Million

Let’s give a look at the Dark Web Price Index 2022

Former Ubiquiti employee gets 6 years in jail for stealing confidential data and extorting company

TeamTNT group targets poorly configured Docker servers exposing REST APIs

Crook sentenced to 18 months for stealing $20M in SIM swapping attack

Over 200 Apps on Play Store were distributing Facestealer info-stealer

US Treasury FinCEN linked $5.2 billion in BTC transactions to ransomware payments

Citizen of Croatia charged with running the Monopoly Market drug marketplace

Security Affairs newsletter Round 313

Threat actors stole $19 million worth of crypto assets from Cream Finance

TeamTNT is back and targets servers to run Bitcoin encryption solvers

A server of the Jenkins project hacked by exploiting a Confluence flaw

Security Affairs newsletter Round 341

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

State of the Industry: Where Is Cybersecurity Headed in 2022?

ERMAC 2.0 Android Banking Trojan targets over 400 apps

Stay Connected