2024, Cybercrime and Hacking - Cyber Security Informer

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

Cyber threat analysts at Silent Push said they recently received reports from a partner organization that identified an aggressive scanning effort against their website using an Internet address previously associated with a campaign by FIN7 , a notorious Russia-based hacking group. co — first came online in February 2023.

Hacking

Hacking Cybercrime Advertising Data breaches

U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”

Krebs on Security

FEBRUARY 26, 2025

government officials searched online for non-extradition countries and for an answer to the question “can hacking be treason?” In several posts to an English-language cybercrime forum in November, Kiberphant0m leaked some of the phone records and threatened to leak them all unless paid a ransom.

Hacking

Hacking Government Identity Theft Accountability

Russian Phobos ransomware operator faces cybercrime charges

Security Affairs

NOVEMBER 19, 2024

Russian Phobos ransomware operator Evgenii Ptitsyn, accused of managing attacks, was extradited from South Korea to the US to face cybercrime charges. Russian Phobos ransomware operator Evgenii Ptitsyn, suspected of playing a key role in the ransomware operations, was extradited from South Korea to the US to face cybercrime charges.

Cybercrime

Cybercrime Ransomware Healthcare Education

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

Security Affairs

OCTOBER 21, 2024

Cisco confirms that data published by IntelBroker on a cybercrime forum was taken from the company DevHub environment. Cisco confirms that the data posted by IntelBroker on a cybercrime forum was stolen from its DevHub environment. for customers to use as needed.

Cybercrime

Cybercrime Data breaches Technology Banking

US DoJ charges five alleged members of the Scattered Spider cybercrime gang

Security Affairs

NOVEMBER 21, 2024

Justice Department charged five suspects linked to the Scattered Spider cybercrime gang with wire fraud conspiracy. Justice Department charged five alleged members of the cybercrime gang Scattered Spider (also known as UNC3944 , 0ktapus ) with conspiracy to commit wire fraud. In January 2024, U.S.

Cybercrime

Cybercrime Identity Theft Cryptocurrency Phishing

Happy 15th Anniversary, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2024

Maybe it’s indelicate to celebrate the birthday of a cybercrime blog that mostly publishes bad news, but happily many of 2024’s most engrossing security stories were about bad things happening to bad guys. In case you missed any of them, here’s a recap of 2024’s most-read stories.

Scams

Scams Cybercrime Cryptocurrency Social Engineering

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Krebs on Security

FEBRUARY 28, 2025

Last year, the French security firm Intrinsec detailed Prospero’s connections to bulletproof services advertised on Russian cybercrime forums under the names Securehost and BEARHOST. government for its hacking operations, CEO Eugene Kaspersky says he ordered workers to delete the code. effective July 20, 2024.

Malware

Malware Antivirus Software DDOS

New Mirai botnet targets TBK DVRs by exploiting CVE-2024-3721

Security Affairs

JUNE 9, 2025

A new variant of the Mirai botnet exploits CVE-2024-3721 to target DVR systems, using a new infection method. Researchers from Russian cybersecurity firm Kaspersky discovered a new variant of the Mirai botnet that exploits a command injection vulnerability ( CVE-2024-3721 ) in TBK DVR-4104 and DVR-4216 digital video recording devices.

IoT

IoT Firmware Malware Architecture

U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams

Krebs on Security

MAY 29, 2025

“Americans lose billions of dollars annually to these cyber scams, with revenues generated from these crimes rising to record levels in 2024,” reads a statement from the U.S. In May 2024, KrebsOnSecurity published a deep dive on Stark Industries Solutions that found much of the malicious traffic traversing Starks network (e.g.

Scams

Scams Internet Internet Cybercrime

An Interview With the Target & Home Depot Hacker

Krebs on Security

NOVEMBER 14, 2024

Nor did he respond to reporting here in January 2024 that he ran an IT company with a 34-year-old Russian man named Aleksandr Ermakov , who was sanctioned by authorities in Australia, the U.K. Shefel says he is now flat broke, and that he currently has little to show for a storied hacking career. ” Dmitri Golubov, circa 2005.

Retail

Retail Advertising Cryptocurrency Cybercrime

Operation ENDGAME disrupted global ransomware infrastructure

Security Affairs

MAY 25, 2025

. “A Command Post was set up at Europol headquarters in The Hague during the action week, with investigators from Canada, Denmark, France, Germany, the Netherlands, the United Kingdom and the United States working with Europols European Cybercrime Centre and its Joint Cybercrime Action Taskforce.”

Ransomware

Ransomware Cybercrime Malware Cryptocurrency

8Base ransomware group hacked Croatia’s Port of Rijeka

Security Affairs

DECEMBER 7, 2024

Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,ransomware) The CEO of the Croatian Port, Duko Grabovac, told local media outlet Novi list that despite threats actors stole some data, the incident had no impact on the operations at the post.

Ransomware

Ransomware Hacking Accountability Cyber Attacks

Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766

Security Affairs

OCTOBER 29, 2024

Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks. Fog and Akira ransomware operators are exploiting the critical SonicWall VPN vulnerability CVE-2024-40766 (CVSS v3 score: 9.3) to breach corporate networks via SSL VPN access. reads the SonicWall’s advisory.

VPN

VPN Ransomware Firewall Internet

Booking.com Phishers May Leave You With Reservations

Krebs on Security

NOVEMBER 1, 2024

We’ll also explore an array of cybercrime services aimed at phishers who target hotels that rely on the world’s most visited travel website. One post last month on the Russian-language hacking forum BHF offered up to $5,000 for each hotel account.

Phishing

Phishing Accountability Artificial Intelligence Cybercrime

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

NOVEMBER 21, 2024

Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. In January 2024, KrebsOnSecurity broke the news that Urban had been arrested in Florida in connection with multiple SIM-swapping attacks.

Identity Theft

Identity Theft Phishing Cryptocurrency Accountability

Experts warn of mass exploitation of critical PHP flaw CVE-2024-4577

Security Affairs

MARCH 10, 2025

Threat actors exploit PHP flaw CVE-2024-4577 for remote code execution. GreyNoise researchers warn of a large-scale exploitation of a critical vulnerability, tracked as CVE-2024-4577 (CVSS 9.8), in PHP. The flaw CVE-2024-4577 (CVSS score: 9.8) Over 1,000 attacks detected globally. is a PHP-CGI OS Command Injection Vulnerability.

DDOS

DDOS Security Intelligence Hacking Malware

Sudanese Brothers Arrested in ‘AnonSudan’ Takedown

Krebs on Security

OCTOBER 17, 2024

AnonSudan ), a cybercrime business known for launching powerful distributed denial-of-service (DDoS) attacks against a range of targets, including dozens of hospitals, news websites and cloud providers. government on Wednesday announced the arrest and charging of two Sudanese brothers accused of running Anonymous Sudan (a.k.a.

DDOS

DDOS Government Internet Internet

Alleged ‘Scattered Spider’ Member Extradited to U.S.

Krebs on Security

APRIL 30, 2025

A 23-year-old Scottish man thought to be a member of the prolific Scattered Spider cybercrime group was extradited last week from Spain to the United States, where he is facing charges of wire fraud, conspiracy and identity theft. Tyler Buchanan, being escorted by Spanish police at the airport in Palma de Mallorca in June 2024.

Identity Theft

Identity Theft Phishing Cryptocurrency Cybercrime

Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office

Security Affairs

NOVEMBER 21, 2024

Mexico’s president announced the government is investigating an alleged ransomware hack that targeted the administration’s legal affairs office. Today they are going to send me a report on the supposed hacking.” This is not the first time Mexico’s presidential office has been targeted in a hack involving sensitive information.

Government

Government Hacking Ransomware Insurance

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Krebs on Security

JUNE 15, 2024

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider , a cybercrime group suspected of hacking into Twilio , LastPass , DoorDash , Mailchimp , and nearly 130 other organizations over the past two years. In January 2024, U.S.

Hacking

Hacking Cybercrime Phishing Passwords

Change Healthcare data breach impacted over 100 million people

Security Affairs

OCTOBER 25, 2024

The Change Healthcare data breach in the February 2024 impacted over 100 million, the largest-ever healthcare data breach in the US. UnitedHealth Group announced that the data breach suffered by Change Healthcare in February 2024 impacted more than 100 million individuals.

Data breaches

Data breaches Healthcare Cybercrime Insurance

Kosovo authorities extradited admin of the cybercrime marketplace BlackDB.cc

Security Affairs

MAY 15, 2025

Kosovar citizen extradited to the US for running the cybercrime marketplace BlackDB.cc Kosovo citizen Liridon Masurica (33) of Gjilan, was extradited to the US for running the cybercrime marketplace BlackDB.cc Kosovo police arrested Masurica (aka @blackdb) on December 12, 2024. In December 2024, the U.S. Assistant U.S.

Cybercrime

Cybercrime Identity Theft Cryptocurrency Hacking

Four REvil Ransomware members sentenced for hacking and money laundering

Security Affairs

OCTOBER 27, 2024

Four former members of the REvil ransomware group were sentenced in Russia for hacking and money laundering, marking a rare case of Russian gang members being convicted in the country. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, REvil ransomware gang )

Ransomware

Ransomware Hacking Malware Cybercrime

RansomHouse gang claims the hack of the Loretto Hospital in Chicago

Security Affairs

MARCH 10, 2025

Another American hospital falls victim to a ransomware attack; the RansomHouse gang announced the hack of Loretto Hospital in Chicago.” ” The RansomHouse gang announced the hack of Loretto Hospital in Chicago, the groups claims to have stolen 1.5TB of sensitive data. Ransomware attacks on U.S.

Hacking

Hacking Healthcare Backups Ransomware

Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

OCTOBER 20, 2024

CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog North Korea-linked APT37 exploited IE zero-day in a recent attack Omni Family Health data breach impacts 468,344 individuals Iran-linked actors target critical infrastructure organizations macOS HM Surf flaw in TCC allows bypass Safari privacy settings Two Sudanese (..)

Data breaches

Data breaches Cybercrime Cyber Insurance Marketing

Change Healthcare data breach exposed the private data of over half the U.S.

Security Affairs

JANUARY 26, 2025

In October 2024, UnitedHealth Group announced that the data breach suffered by Change Healthcare in February 2024 impacted more than 100 million individuals. Change Healthcare can confirm we are experiencing a cybersecurity issue perpetrated by a cybercrime threat actor who has represented itself to us as ALPHV/Blackcat.

Healthcare

Healthcare Data breaches Insurance Cybercrime

A member of the Scattered Spider cybercrime group pleads guilty

Security Affairs

APRIL 7, 2025

A 20-year-old man linked to the Scattered Spider cybercrime group has pleaded guilty to charges filed in Florida and California. ” Source News4Jax The charges relate to his alleged role in the Scattered Spider cybercrime group (also known as UNC3944 , 0ktapus ). .” In January 2024, U.S. ” reported News4Jax.

Cybercrime

Cybercrime Identity Theft Social Engineering Hacking

Canadian authorities arrested alleged Snowflake hacker

Security Affairs

NOVEMBER 5, 2024

Canadian authorities arrested a suspect linked to multiple hacks following a breach of cloud data platform Snowflake earlier this year. Authorities arrested Mr. Moucka on October 30, 2024, he was taken into custody on a US provisional arrest warrant. Charges remain undisclosed. according to people familiar with the matter.”

Unstructured Data

Unstructured Data Media Cybercrime Hacking

July 2024 ransomware attack on the City of Columbus impacted 500,000 people

Security Affairs

NOVEMBER 4, 2024

The July 2024 ransomware attack that hit the City of Columbus, Ohio, exposed the personal and financial data of 500,000 individuals. On July 18, 2024, the City of Columbus, Ohio, suffered a cyber attack that impacted the City’s services.

Ransomware

Ransomware Identity Theft Data breaches Cyber threats

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

This domain was featured in a writeup from February 2024 by the security firm Lookout , which found it was one of dozens being used by a prolific and audacious voice phishing group it dubbed “ Crypto Chameleon.” Before we get to the Apple scam in detail, we need to revisit Tony’s case. “ Annie.”

Phishing

Phishing Cryptocurrency Accountability Social Engineering

Oracle confirms the hack of two obsolete servers hacked. No Oracle Cloud systems or customer data were affected

Security Affairs

APRIL 10, 2025

The hacker has published 10,000 customer records, a file showing Oracle Cloud access, user credentials, and an internal video as proof of the hack. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, Oracle) reported Bloomberg. This is not okay.

Hacking

Hacking Data breaches Encryption Authentication

Microsoft disrupted a global cybercrime ring abusing Azure OpenAI Service

Security Affairs

MARCH 1, 2025

These individuals are members of a global cybercrime ring tracked as Storm-2139 by Microsoft. ” The IT giant started the investigation in December 2024 when Microsofts Digital Crimes Unit (DCU) filed a lawsuit in the Eastern District of Virginia alleging various causes of action against 10 unidentified individuals violating U.S.

Cybercrime

Cybercrime Technology Hacking Accountability

Romania ’s election systems hit by 85,000 attacks ahead of presidential vote

Security Affairs

DECEMBER 6, 2024

Threat actors gained access to credentials for election-related websites, and then leaked them on Russian cybercrime forums a few days before the presidential election. 756/2024 and the implementation calendar approved by Government Decision no. 756/2024 and the implementation calendar approved by Government Decision no.

Government

Government Cybercrime Cyber Attacks Hacking

DragonForce operator chained SimpleHelp flaws to target an MSP and its customers

Security Affairs

MAY 27, 2025

Sophos states that DragonForce ransomware operators chainedthe three vulnerabilities, tracked as CVE-2024-57727 , CVE-2024-57728 , and CVE-2024-57726 , for initial access. DragonForce runs a cybercrime affiliate service, letting affiliates use its tools to launch attacks and extort victims.

Ransomware

Ransomware Software Retail Data breaches

Security Affairs newsletter Round 496 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

NOVEMBER 3, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Cryptocurrency

Cryptocurrency Hacking Phishing Cyber Attacks

Authorities shut down Crimenetwork, the Germany’s largest crime marketplace

Security Affairs

DECEMBER 4, 2024

Since 2012, Crimenetwork facilitated the sale of illegal goods and services, including drugs, forged documents, hacking tools, and stolen data. The operation was carried out by Public Prosecutor’s Office in Frankfurt am Main, the Central Office for Combating Cybercrime (ZIT), and the Federal Criminal Police Office (BKA).

Cybercrime

Cybercrime Cryptocurrency Hacking Internet

DMM Bitcoin $308M Bitcoin heist linked to North Korea

Security Affairs

DECEMBER 25, 2024

dollars from the Japan-based cryptocurrency company DMM by North Korean cyber actors in May 2024.” dollars from the Japan-based cryptocurrency company DMM by North Korean cyber actors in May 2024.” Researchers attributed the hack of Harmonys Horizon bridge and Sky Mavis Ronin Bridge to North Korea-linked threat actors.

Cryptocurrency

Cryptocurrency Social Engineering Hacking Cybercrime

Banshee macOS stealer supports new evasion mechanisms

Security Affairs

JANUARY 10, 2025

In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures. The malicious code was advertised on cybercrime forums for $3,000 per month. The report includes Indicators of Compromise (IoCs) for this new variant.

Malware

Malware Advertising Antivirus Cybercrime

Cisco states that the second data leak is linked to the one from October

Security Affairs

DECEMBER 30, 2024

On Wednesday, December 25, 2024, at 17:07 EST, the threat actor IntelBroker posted on X about releasing more data. We have analyzed the post data, and it aligns with the known data set from October 14, 2024.” At 17:40 EST, IntelBroker released 4.45 GB of data for free on BreachForums. ” reads the update published by Cisco.

Data breaches

Data breaches Cybercrime Authentication Technology

XE Group shifts from credit card skimming to exploiting zero-days

Security Affairs

FEBRUARY 10, 2025

The cybercrime group XE Group exploited a VeraCore zero-day to deploy reverse shells, web shells in recent attacks. ” The group was spotted using zero-day vulnerabilities in Advantive VeraCore respectively tracked as CVE-2024-57968 (CVSS score of 9.9) ” reads the analysis published by Intezer.

Manufacturing

Manufacturing Cybercrime Authentication Passwords

Interpol: Operation HAECHI-V led to more than 5,500 suspects arrested

Security Affairs

DECEMBER 2, 2024

Operation HAECHI V (July-Nov 2024) targeted cyber frauds like phishing, romance scams, sextortion, investment fraud, online gambling, BEC, and e-commerce fraud. Operation Synergia II is a collaborative effort by INTERPOL, private sector partners, and 95 countries, that targeted phishing, ransomware, and infostealers from April to August 2024.

Cryptocurrency

Cryptocurrency Phishing Scams Cybercrime

China-linked APTs’ tool employed in RA World Ransomware attack

Security Affairs

FEBRUARY 13, 2025

A November 2024 RA World ransomware attack on an Asian software firm used a tool linked to China-linked threat actors. During the attack in late 2024, the attacker deployed a distinct toolset that had previously been used by a China-linked actor in classic espionage attacks.” ” reads the report published by Broadcom. .

Ransomware

Ransomware Software Cybercrime Encryption

U.S. cannabis dispensary STIIIZY disclosed a data breach

Security Affairs

JANUARY 11, 2025

The security breach exposed customer data and IDs between October 10 and November 10, 2024. “On November 20, 2024, we were notified by a vendor of point-of-sale processing services for some of our retail locations that accounts with their organization had been compromised by an organized cybercrime group.”

Data breaches

Data breaches Retail Cybercrime Government

Operation Serengeti: INTERPOL arrested 1,006 suspects in 19 African countries

Security Affairs

NOVEMBER 27, 2024

. “Operation Serengeti (2 September – 31 October) targeted criminals behind ransomware, business email compromise (BEC), digital extortion and online scams – all identified as prominent threats in the 2024 Africa Cyber Threat Assessment Report.” ” reads the press release published by INTERPOL.

Scams

Scams Cybercrime Ransomware Cyber threats

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”

Trending Sources

Russian Phobos ransomware operator faces cybercrime charges

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

US DoJ charges five alleged members of the Scattered Spider cybercrime gang

Happy 15th Anniversary, KrebsOnSecurity!

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

New Mirai botnet targets TBK DVRs by exploiting CVE-2024-3721

U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams

An Interview With the Target & Home Depot Hacker

Operation ENDGAME disrupted global ransomware infrastructure

8Base ransomware group hacked Croatia’s Port of Rijeka

Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766

Booking.com Phishers May Leave You With Reservations

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Experts warn of mass exploitation of critical PHP flaw CVE-2024-4577

Sudanese Brothers Arrested in ‘AnonSudan’ Takedown

Alleged ‘Scattered Spider’ Member Extradited to U.S.

Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Change Healthcare data breach impacted over 100 million people

Kosovo authorities extradited admin of the cybercrime marketplace BlackDB.cc

Four REvil Ransomware members sentenced for hacking and money laundering

RansomHouse gang claims the hack of the Loretto Hospital in Chicago

Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

Change Healthcare data breach exposed the private data of over half the U.S.

A member of the Scattered Spider cybercrime group pleads guilty

Canadian authorities arrested alleged Snowflake hacker

July 2024 ransomware attack on the City of Columbus impacted 500,000 people

A Day in the Life of a Prolific Voice Phishing Crew

Oracle confirms the hack of two obsolete servers hacked. No Oracle Cloud systems or customer data were affected

Microsoft disrupted a global cybercrime ring abusing Azure OpenAI Service

Romania ’s election systems hit by 85,000 attacks ahead of presidential vote

DragonForce operator chained SimpleHelp flaws to target an MSP and its customers

Security Affairs newsletter Round 496 by Pierluigi Paganini – INTERNATIONAL EDITION

Authorities shut down Crimenetwork, the Germany’s largest crime marketplace

DMM Bitcoin $308M Bitcoin heist linked to North Korea

Banshee macOS stealer supports new evasion mechanisms

Cisco states that the second data leak is linked to the one from October

XE Group shifts from credit card skimming to exploiting zero-days

Interpol: Operation HAECHI-V led to more than 5,500 suspects arrested

China-linked APTs’ tool employed in RA World Ransomware attack

U.S. cannabis dispensary STIIIZY disclosed a data breach

Operation Serengeti: INTERPOL arrested 1,006 suspects in 19 African countries

Stay Connected