Krebs on Security

NOVEMBER 14, 2024

Shefel claims the true mastermind behind the Target and other retail breaches was Dmitri Golubov , an infamous Ukrainian hacker known as the co-founder of Carderplanet, among the earliest Russian-language cybercrime forums focused on payment card fraud. “I’m also godfather of his second son.” “Hi, how are you?”

Retail 274

Retail Advertising Cryptocurrency Cybercrime 274

Krebs on Security

JUNE 15, 2024

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider , a cybercrime group suspected of hacking into Twilio , LastPass , DoorDash , Mailchimp , and nearly 130 other organizations over the past two years. man arrested was a SIM-swapper who went by the alias “ Tyler.”

Hacking 344

Hacking Cybercrime Phishing Passwords 344

Krebs on Security

NOVEMBER 21, 2024

The bot allowed the attackers to use the phished username, password and one-time code to log in as that employee at the real employer website. One of Scattered Spider’s first big victims in its 2022 SMS phishing spree was Twilio , a company that provides services for making and receiving text messages and phone calls. Click to enlarge.

Identity Theft 268

Identity Theft Phishing Cryptocurrency Accountability 268

Security Affairs

APRIL 7, 2025

A 20-year-old man linked to the Scattered Spider cybercrime group has pleaded guilty to charges filed in Florida and California. “In the Florida case, Urban was accused of stealing at least $800,000 in cryptocurrency from five different victims between August 2022 and March 2023.” ” reported News4Jax.

Cybercrime 67

Cybercrime Identity Theft Social Engineering Hacking 67

Krebs on Security

SEPTEMBER 13, 2023

In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle “ USDoD ” had infiltrated the FBI ‘s vetted information sharing network InfraGard , and was selling the contact information for all 80,000 members. Department of Defense. Now it’s a charming kitten.

Cybercrime 344

Cybercrime Passwords Authentication Malware 344

Krebs on Security

JANUARY 30, 2024

technology companies during the summer of 2022. stole at least $800,000 from at least five victims between August 2022 and March 2023. 2022 that an intrusion had exposed a “limited number” of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials.

Social Engineering 359

Social Engineering Mobile Cybercrime Passwords 359

Krebs on Security

OCTOBER 31, 2022

A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon , a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims. The Raccoon v.

Malware 341

Malware Identity Theft Cybercrime Accountability 341

Security Affairs

MARCH 10, 2025

authorities seized $23M in crypto linked to a $150M Ripple wallet theft, experts believe the incident is linked to the 2022 LastPass breach. authorities seized $23M in crypto tied to a $150M Ripple hack, suspected to have been carried out by hackers from the 2022 LastPass breach. ” reads the complaint.

Password Management 88

Password Management Cryptocurrency Passwords Data breaches 88

Zero Day

JUNE 6, 2025

The data in question was posted on a Russian cybercrime forum on May 15 and then uploaded again on June 3, apparently garnering attention from other cybercriminals and potential buyers. The hackers say that the dates of birth and social security numbers were originally encrypted but have since been decrypted and are now visible in plain text.

Password Management 128

Password Management Passwords Artificial Intelligence Software 128

eSecurity Planet

NOVEMBER 29, 2022

Group-IB cybersecurity researchers recently identified several Russian-speaking cybercrime groups offering infostealing malware-as-a-service (MaaS), resulting in the theft of more than 50 million passwords thus far. Millions in Cybercrime Profit. Don’t save passwords in browser. Gaming Becomes a Target.

Passwords 127

Passwords Cybercrime Malware Marketing 127

Security Affairs

MAY 27, 2022

The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. In May 2021, over 36,000 email and password combinations for.edu email accounts were offered for sale on a publically available instant messaging platform. Pierluigi Paganini.

Cybercrime 145

Cybercrime Education Accountability Phishing 145

Security Affairs

OCTOBER 21, 2024

HIBP confirmed that the stolen archive had 31M records, including email address, screen name, bcrypt password hash, and timestamps for password changes. The exposed token had been available since December 2022 and was reportedly rotated multiple times since then.

Internet 130

Internet Internet Data breaches Authentication 130

Security Affairs

MAY 1, 2025

A cybercrime group named Hive0117 is behind a fresh phishing campaign that targeted Russian organizations with a new version of the DarkWatchman malware, according to Russian cybersecurity firm F6. The messages contained password-protected archives named similarly to Documents from 04/29/2025.rar.

Malware 87

Malware Phishing Telecommunications Antivirus 87

Krebs on Security

DECEMBER 29, 2022

Thanks to your readership and support, I was able to spend more time in 2022 on some deep, meaty investigative stories — the really satisfying kind with the potential to affect positive change. Some of that work is highlighted in the 2022 Year in Review review below. million users.

Cryptocurrency 309

Cryptocurrency Cybercrime Computers and Electronics Scams 309

eSecurity Planet

FEBRUARY 10, 2025

Since early 2022, there has been a 49 percent rise in phishing attempts capable of evading filters, with AI-generated threats accounting for nearly 5 percent of these attacks. This surge highlights a broader trend toward automation in cybercrime and signals that no email platform is immune.

Phishing 113

Phishing Artificial Intelligence Password Management Accountability 113

Krebs on Security

AUGUST 2, 2022

The underground cybercrime forums are now awash in pleas from people who are desperately seeking a new supplier of abundant, cheap, and reliably clean proxies to restart their businesses. According to Constella Intelligence [currently an advertiser on KrebsOnSecurity], Oleg used the same password from his iboss32@ro.ru

Malware 324

Malware Cybercrime Internet Internet 324

Security Affairs

JUNE 6, 2025

After Russia’s invasion of Ukraine in February 2022, Rudometov reportedly fled to Krasnodar, Russia. The two infostealers allowed operators to harvest usernames, passwords, contact info, and crypto-wallets from victims, the threat actors sold this data to criminals for financial theft and hacking. ” continues the announcement.

Malware 88

Malware Passwords Identity Theft Accountability 88

Krebs on Security

JUNE 1, 2023

One of Megatraffer’s ads on an English-language cybercrime forum. Megatraffer has continued to offer their code-signing services across more than a half-dozen other Russian-language cybercrime forums, mostly in the form of sporadically available EV and non-EV code-signing certificates from major vendors like Thawte and Comodo.

Malware 314

Malware Cybercrime Software Accountability 314

The Hacker News

NOVEMBER 23, 2022

As many as 34 Russian-speaking gangs distributing information-stealing malware under the stealer-as-a-service model stole no fewer than 50 million passwords in the first seven months of 2022. The underground market value of stolen logs and compromised card details is estimated around $5.8

Passwords 98

Passwords Malware Cybercrime Marketing 98

Krebs on Security

AUGUST 29, 2023

government today announced a coordinated crackdown against QakBot , a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. Researchers at AT&T Alien Labs say the crooks responsible for maintaining the QakBot botnet have rented their creation to various cybercrime groups over the years.

Hacking 315

Hacking Malware Ransomware Government 315

Krebs on Security

JANUARY 19, 2023

5, 2022, and that an investigation determined the bad actor started abusing the API beginning around Nov. T-Mobile says it is in the process of notifying affected customers, and that no customer payment card data, passwords, Social Security numbers, driver’s license or other government ID numbers were exposed.

Mobile 339

Mobile Accountability Data breaches Identity Theft 339

Bleeping Computer

NOVEMBER 23, 2022

At least 34 distinct Russian-speaking cybercrime groups using info-stealing malware like Raccoon and Redline have collectively stolen 50,350,000 account passwords from over 896,000 individual infections from January to July 2022. [.].

Passwords 98

Passwords Cybercrime Accountability Malware 98

Security Affairs

AUGUST 20, 2024

Toyota has confirmed a data breach after a threat actor leaked 240GB of data stolen from its infrastructure on a cybercrime forum. Toyota disclosed a data breach after a threat actor leaked an archive of 240GB of data stolen from its systems on a cybercrime forum, BleepingComputer reported.

Data breaches 120

Data breaches Cybercrime Financial Services Hacking 120

Security Affairs

MAY 24, 2025

The FBI warns that the Silent Ransom Group, active since 2022 and also known as Luna Moth, has targeted U.S. “Implement basic cyber hygiene to include being suspicious, robust passwords, multifactor authentication, and installation of antivirus tools.” FBI warns Silent Ransom Group has targeted U.S.

Social Engineering 114

Social Engineering Antivirus Phishing Engineering 114

Krebs on Security

DECEMBER 5, 2022

The defendants, who initially pursued a strategy of counter suing Google for interfering in their sprawling cybercrime business, later brazenly offered to dismantle the botnet in exchange for payment from Google. 2022 by Google researcher Luca Nagy. 2022 by Google researcher Luca Nagy. A slide from a talk given in Sept.

Cybercrime 308

Cybercrime Malware Internet Internet 308

Krebs on Security

FEBRUARY 9, 2023

Authorities in the United States and United Kingdom today levied financial sanctions against seven men accused of operating “ Trickbot ,” a cybercrime-as-a-service platform based in Russia that has enabled countless ransomware attacks and bank account takeovers since its debut in 2016. companies and government entities.

Hacking 250

Hacking Cybercrime Ransomware Government 250

Security Affairs

JULY 15, 2022

Threat actors behind the campaign used multiple accounts across several social media platforms to advertise password-cracking software for Programmable Logic Controller (PLC), Human-Machine Interface (HMI), and project files. The password cracking software also acts as a dropper for the Sality P2P bot. ” concludes the report.

Passwords 131

Passwords Software Firmware Malware 131

SecureList

SEPTEMBER 6, 2022

According to the analytical agency Newzoo, in 2022, the global gaming market will exceed $ 200 billion , with 3 billion players globally. The gaming industry went into full gear during the pandemic, as many people took up online gaming as their new hobby to escape the socially-distanced reality. Top game titles by number of related threats.

Mobile 134

Mobile Passwords Software Accountability 134

Security Affairs

APRIL 7, 2025

Microsoft credited controversial actor EncryptHub, a lone actor with ties to cybercrime, for reporting two Windows flaws. After years of low-profile IT work and self-study, his activity paused in 2022, likely due to jail time. Although involved in cybercrime, EncryptHub also pursued legitimate security research.

Cybercrime 73

Cybercrime Malware Hacking VPN 73

Krebs on Security

APRIL 30, 2024

Finnish prosecutors quickly zeroed in on a suspect: Julius “Zeekill” Kivimäki , a notorious criminal hacker convicted of committing tens of thousands of cybercrimes before he became an adult. After being charged with the attack in October 2022, Kivimäki fled the country.

DDOS 317

DDOS Cybercrime Hacking Passwords 317

Malwarebytes

MAY 1, 2025

These messages frequently warn recipients about a problem with their accounts, like a password that needs to be updated, a policy change that requires a login, or a delayed package that has to be approved. In reality, those usernames and passwords are delivered directly to cybercriminals on the other side of the website.

Small Business 95

Small Business Cybersecurity Scams Passwords 95

Krebs on Security

JANUARY 10, 2024

Rasch said it could be that Dellone’s stolen crypto was seized as part of a government asset forfeiture, but that either way there is no reason Uncle Sam should hold some cybercrime victims’ life savings indefinitely. The law firm DLAPiper writes that in November 2022, the U.S. federal court.” federal court.”

Cryptocurrency 347

Cryptocurrency Government Cybercrime Accountability 347

Krebs on Security

JANUARY 8, 2024

In 2020, the United States brought charges against four men accused of building a bulletproof hosting empire that once dominated the Russian cybercrime industry and supported multiple organized cybercrime groups. From January 2005 to April 2013, there were two primary administrators of the cybercrime forum Spamdot (a.k.a

Cybercrime 283

Cybercrime Banking Computers and Electronics DDOS 283

SecureList

NOVEMBER 23, 2021

Governments in many countries push for easier identification of Internet users to fight cybercrime, as well as “traditional” crime coordinated online. While we hope 2022 will be the last pandemic year, we do not think the privacy trends will reverse. What will be the consequences of these processes?

Government 127

Government Internet Internet Technology 127

Krebs on Security

NOVEMBER 16, 2022

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode , an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic. com — which was created to phish U.S.

Malware 338

Malware Banking Phishing DDOS 338

Security Affairs

DECEMBER 17, 2024

” The Remote Access Trojan (RAT) has been active since July 2022. Attackers also attempted to exploit weak vendor-supplied passwords. . “Private sector partners are encouraged to implement the recommendations listed in the Mitigation column of the table below to reduce the likelihood and impact of these attack campaigns.”

Architecture 109

Architecture Internet Internet Malware 109

Krebs on Security

NOVEMBER 16, 2023

In a 2,200-page report, Finnish authorities laid out how they connected the extortion spree to Kivimäki, a notorious hacker who was convicted in 2015 of perpetrating tens of thousands of cybercrimes, including data breaches, payment fraud, operating a botnet and calling in bomb threats.

Cybercrime 288

Cybercrime Hacking Data breaches Banking 288