Security Affairs

DECEMBER 25, 2024

authorities attributed the theft of $308 million cryptocurrency from DMM Bitcoin to North Korean cyber actors. authorities linked the $308 million cyber heist targeting cryptocurrency company DMM Bitcoin to North Korea-linked threat actors. On June 1st, the Japanese cryptocurrency exchange DMM Bitcoin announced that crooks stole 4,502.9

Cryptocurrency 122

Cryptocurrency Social Engineering Hacking Cybercrime 122

Krebs on Security

DECEMBER 29, 2024

The first profiled Cryptomus , a dodgy cryptocurrency exchange allegedly based in Canada that has become a major payment processor and sanctions evasion platform for dozens of Russian exchanges and cybercrime services online.

Scams 237

Scams Cybercrime Cryptocurrency Social Engineering 237

Security Affairs

NOVEMBER 21, 2024

Scattered Spider members are part of a broader cybercriminal community called “The Com,” where hackers brag about high-profile cyber thefts, typically initiated through social engineering tactics like phone, email, or SMS scams to gain access to corporate networks. ” reads the press release published by DoJ.

Cybercrime 110

Cybercrime Identity Theft Cryptocurrency Phishing 110

Krebs on Security

NOVEMBER 14, 2024

” Mr. Shefel says he stopped selling stolen payment cards after being pushed out of the business, and invested his earnings in a now-defunct Russian search engine called tf[.]org. He also apparently ran a business called click2dad[.]net net that paid people to click on ads for Russian government employment opportunities.

Retail 270

Retail Advertising Cryptocurrency Marketing 270

Krebs on Security

SEPTEMBER 5, 2023

Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults. “The victim profile remains the most striking thing,” Monahan wrote.

Cryptocurrency 361

Cryptocurrency Passwords Encryption Accountability 361

Security Affairs

APRIL 3, 2021

Code repository hosting service GitHub launched an investigation in a series of attacks aimed at abusing its infrastructure to illicitly mine cryptocurrency. “In a phone call today, Dutch security engineer Justin Perdok told The Record that at least one threat actor is targeting GitHub repositories where Actions might be enabled.

Cryptocurrency 144

Cryptocurrency Accountability Software Engineering 144

Krebs on Security

JUNE 15, 2024

. “He stands accused of hacking into corporate accounts and stealing critical information, which allegedly enabled the group to access multi-million-dollar funds,” Murcia Today wrote. ” The cybercrime-focused Twitter/X account vx-underground said the U.K.

Hacking 342

Hacking Cybercrime Phishing Passwords 342

Security Affairs

APRIL 7, 2025

Cybercriminals exploit compromised accounts for EDR-as-a-Service (Emergency Data Requests – EDR), targeting major platforms According to a detailed analysis conducted by Meridian Group, an increasingly complex and structured phenomenon, commonly referred to as EDR-as-a-Service, is taking hold in the cybersecurity landscape.

Cybercrime 139

Cybercrime Social Engineering Accountability Government 139

Krebs on Security

MARCH 26, 2024

Assuming the user manages not to fat-finger the wrong button on the umpteenth password reset request, the scammers will then call the victim while spoofing Apple support in the caller ID, saying the user’s account is under attack and that Apple support needs to “verify” a one-time code. ” Ken said.

Passwords 358

Passwords Accountability Engineering Phishing 358

eSecurity Planet

DECEMBER 21, 2021

Cryptocurrency Fuels Ransomware. One constant in all this will be cryptocurrency, the coin of the realm when it comes to ransomware. Cryptocurrency really is fueling this in a sense. … If you were to take cryptocurrency away from that, they don’t have a convenient digital platform.

Cryptocurrency 140

Cryptocurrency Ransomware Cybercrime Social Engineering 140

eSecurity Planet

OCTOBER 22, 2024

Cybercriminals employ social engineering techniques to trick you into believing you must resolve fictitious technical issues. The hallmark of ClickFix campaigns is their clever use of social engineering. Enable multi-factor authentication (MFA): Implementing MFA adds layer of security to your accounts.

Scams 123

Scams Malware Phishing Social Engineering 123

Security Affairs

OCTOBER 20, 2021

Once hijacked the channel, attackers either sell it to the highest bidder or employ it in cryptocurrency scam scheme. The researchers identified around 15,000 actor accounts, most of which were created for this campaign. Hijacked channels ranged from $3 USD to $4,000 USD depending on the number of subscribers. Pierluigi Paganini.

Accountability 144

Accountability Malware Phishing Social Engineering 144

Krebs on Security

NOVEMBER 6, 2018

that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. SIM swapping attacks primarily target individuals who are visibly active in the cryptocurrency space.

Mobile 274

Mobile Cryptocurrency Accountability Passwords 274

Krebs on Security

APRIL 4, 2024

The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers. co showing the site did indeed swap out any cryptocurrency addresses.

Phishing 287

Phishing Cryptocurrency DDOS Internet 287

Security Affairs

FEBRUARY 3, 2025

Since 2021, the Crazy Evil gang has become a major cybercriminal group, using phishing, identity fraud, and malware to steal cryptocurrency. “Targeting of Cryptocurrency Users and Influencers: Crazy Evil explicitly victimizes the cryptocurrency space with bespoke spearphishing lures.”

Scams 84

Scams Media Cryptocurrency Cybercrime 84

SecureList

JANUARY 13, 2022

Also, we have previously reported on cryptocurrency-focused BlueNoroff attacks. It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income. Note, this is no proof that the companies listed were compromised.

Cryptocurrency 145

Cryptocurrency Malware Accountability Banking 145

Security Affairs

SEPTEMBER 9, 2022

US authorities recovered more than $30 million worth of cryptocurrency stolen by the North Korea-linked Lazarus APT from Axie Infinity. A report from The Block published in July and citing two people familiar with the matter revealed that threat actors targeted a senior engineer at the company with a fake job offer via LinkedIn.

Cryptocurrency 138

Cryptocurrency Spyware Engineering Hacking 138

Security Affairs

JULY 19, 2022

FBI has warned of crooks developing malicious cryptocurrency-themed apps to steal crypto assets from the users. Federal Bureau of Investigation (FBI) has warned of crooks creating malicious cryptocurrency-themed apps to steal crypto assets from investors. SecurityAffairs – hacking, cryptocurrency-themed apps). million. .”

Cryptocurrency 129

Cryptocurrency Mobile Hacking Accountability 129

Krebs on Security

APRIL 6, 2022

The smash-and-grab attacks by LAPSUS$ obscure some of the group’s less public activities, which according to Microsoft include targeting individual user accounts at cryptocurrency exchanges to drain crypto holdings. The group of teenagers who hacked Twitter hailed from a community that traded in hacked social media accounts.

Social Engineering 291

Social Engineering Phishing Engineering Accountability 291

Krebs on Security

DECEMBER 29, 2022

You just knew 2022 was going to be The Year of Crypto Grift when two of the world’s most popular antivirus makers — Norton and Avira — kicked things off by installing cryptocurrency mining programs on customer computers. A single bitcoin is trading at around $45,000.

Cryptocurrency 304

Cryptocurrency Cybercrime Computers and Electronics Scams 304

Security Affairs

OCTOBER 13, 2024

CISA adds Windows and Qualcomm bugs to its Known Exploited Vulnerabilities catalog Three new Ivanti CSA zero-day actively exploited in attacks Ukrainian national pleads guilty in U.S.

Data breaches 116

Data breaches Cryptocurrency Cybercrime Artificial Intelligence 116

Krebs on Security

FEBRUARY 26, 2023

GoDaddy described the incident at the time in general terms as a social engineering attack, but one of its customers affected by that March 2020 breach actually spoke to one of the hackers involved. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee.

Hacking 330

Hacking Social Engineering Phishing Scams 330

The Last Watchdog

DECEMBER 18, 2024

Organizations face rising risks of AI-driven social engineering and personal device breaches. Dooley Doug Dooley , COO, Data Theorem In 2025, cybersecurity threats will escalate across APIs, cloud setups, supply chains, and cryptocurrency. AI-powered cryptocurrency attacks will automate phishing and exploit vulnerabilities.

Risk 173

Risk Threat Detection Technology Phishing 173

CyberSecurity Insiders

MARCH 10, 2022

But here’s a news piece that gives details of a ransomware group that paid $6 million in salaries last year and even tried to develop its cryptocurrency. The gang also has a bunch of developers, network penetration testers, admins, QA, engineer experts, OSINT, and those who keep a track of transactions and wallet funds.

Cryptocurrency 119

Cryptocurrency Ransomware Banking Hacking 119

Malwarebytes

AUGUST 26, 2021

In August of 2021, a thief stole about $600 million in cryptocurrencies from The Poly Network. Slightly more than one week later, Japanese cryptocurrency exchange Liquid was hacked and lost $97 million worth of digital coins. They ended up giving it back, but not because they were forced to. We can’t answer the first question for you.

Cryptocurrency 123

Cryptocurrency Banking Hacking Engineering 123

SecureList

MARCH 25, 2025

Key findings Phishing Banks were the most popular lure in 2024, accounting for 42.58% of financial phishing attempts. Cryptocurrency phishing saw an 83.37% year-over-year increase in 2024, with 10.7 Consumers remained the primary target of financial cyberthreats, accounting for 73.69% of attacks. million in 2023.

Phishing 81

Phishing Banking Scams Mobile 81

Krebs on Security

AUGUST 19, 2020

According to interviews with several sources, this hybrid phishing gang has a remarkably high success rate, and operates primarily through paid requests or “bounties,” where customers seeking access to specific companies or accounts can hire them to target employees working remotely at home. A phishing page (helpdesk-att[.]com)

Phishing 363

Phishing VPN Social Engineering Media 363

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. 12 blog post , the attackers used their access to Mailchimp employee accounts to steal data from 214 customers involved in cryptocurrency and finance.

Social Engineering 358

Social Engineering Mobile Passwords Cybercrime 358

Heimadal Security

FEBRUARY 23, 2023

A new S1deload Stealer malware campaign infects YouTube and Facebook users as hackers try to use their devices for cryptocurrency mining. The Malware Attack Explained Threat actors use social engineering […] The post Warning! New Malware Hijacks YouTube and Facebook Accounts appeared first on Heimdal Security Blog.

Accountability 98

Accountability Malware Social Engineering Cryptocurrency 98

Krebs on Security

AUGUST 30, 2022

In a blog post earlier this month, Cloudflare said it detected the account takeovers and that no Cloudflare systems were compromised. 4 it became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials.

Mobile 340

Mobile Phishing Authentication Accountability 340

Krebs on Security

JULY 22, 2020

As first reported here on July 16, prior to bitcoin scam messages being blasted out from such high-profile Twitter accounts @barackobama, @joebiden, @elonmusk and @billgates, several highly desirable short-character Twitter account names changed hands, including @L, @6 and @W. They would take a cut from each transaction.”

Hacking 345

Hacking Accountability Scams Media 345

Malwarebytes

JULY 19, 2021

We’ve observed a 419-style scam (also known as an advance fee scam) which combines the promise of cryptocurrency riches with WhatsApp conversation. Folks already involved in cryptocurrency would likely have suspicions raised after reading the below. It’s all about that personal touch in the land of cryptocurrency scams.

Accountability 115

Accountability Scams Cryptocurrency Banking 115

Security Affairs

NOVEMBER 24, 2020

Crooks were able to hijack traffic and email to various cryptocurrency-related websites as a result of a DNS hijacking attack on domains managed by GoDaddy. The threat actors were able to modify DNS settings by tricking GoDaddy employees into handing over the control of the targeted domains with social engineering attacks.

Social Engineering 106

Social Engineering Engineering DNS Accountability 106

SecureWorld News

JANUARY 20, 2023

Popular email marketing service MailChimp recently fell victim to another data breach, this time caused by a successful social engineering attack on its employees and contractors. The incident was limited to 133 accounts, and there is no evidence that this compromise affected any other systems or customer data beyond these MailChimp accounts.

Social Engineering 98

Social Engineering Data breaches Engineering Accountability 98

Adam Levin

MAY 15, 2019

The hacking group, called “The Community” primarily used social engineering (trickery) and SIM card hijacking to steal funds and cryptocurrency from their victims. Once authenticated, the mobile phone number of the target victim is moved to the criminal’s phone.

Identity Theft 176

Identity Theft Social Engineering Mobile Authentication 176

Malwarebytes

FEBRUARY 19, 2025

With stolen passwords, the impact is even broader; hackers could wire funds from a breached online banking account into their own, or masquerade as someone on social media to ask friends and family for money. Some info stealers dont even require an additional stepthey can take cryptocurrency directly from a victims online accounts.

Malware 129

Malware Software Passwords Cryptocurrency 129

Krebs on Security

SEPTEMBER 30, 2022

But the fabricated LinkedIn identities are confusing search engine results for CISO roles at major companies, and they are being indexed as gospel by various downstream data-scraping sources. In a statement provided to KrebsOnSecurity, LinkedIn said its teams were actively working to take these fake accounts down. of spam and scam.”

CISO 341

CISO Cybercrime Accountability Information Security 341