Accountability, Cybercrime, Hacking and Malware

From Cybercrime Saul Goodman to the Russian GRU

Krebs on Security

FEBRUARY 7, 2024

In 2021, the exclusive Russian cybercrime forum Mazafaka was hacked. Launched in 2001 under the tagline “Network terrorism,” Mazafaka would evolve into one of the most guarded Russian-language cybercrime communities. The Facebook account for Aleksey Safronov. One representation of the leaked Mazafaka database.

Cybercrime

Cybercrime Accountability Identity Theft Hacking

Crime Shop Sells Hacked Logins to Other Crime Shops

Krebs on Security

JANUARY 21, 2022

Criminals ripping off other crooks is a constant theme in the cybercrime underworld; Accountz Club’s slogan — “the best autoshop for your favorite shops’ accounts” — just normalizes this activity by making logins stolen from users of various cybercrime shops for sale at a fraction of their account balances.

Hacking

Hacking Cybercrime Authentication Passwords

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Krebs on Security

AUGUST 29, 2023

government today announced a coordinated crackdown against QakBot , a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. Reliaquest says QakBot infections accounted for nearly one-third of all loaders observed in the wild during the first six months of this year.

Hacking

Hacking Malware Ransomware Government

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

JUNE 21, 2023

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. This story explores the history and identity behind Cryptor[.]biz WHO RUNS CRYPTOR[.]BIZ?

Malware

Malware Antivirus Cybercrime Hacking

Career Choice Tip: Cybercrime is Mostly Boring

Krebs on Security

MAY 29, 2020

But new research suggests that as cybercrime has become dominated by pay-for-service offerings, the vast majority of day-to-day activity needed to support these enterprises is in fact mind-numbingly boring and tedious, and that highlighting this reality may be a far more effective way combat cybercrime and steer offenders toward a better path.

Cybercrime

Cybercrime System Administration Marketing Malware

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. The proxy lookup page inside the malware-based anonymity service Faceless. MrMurza’s Faceless advertised on the Russian-language cybercrime forum ProCrd. Image: spur.us.

Malware

Malware Passwords Accountability Advertising

Over 100K hacking forums accounts exposed by info-stealing malware

Bleeping Computer

AUGUST 14, 2023

Researchers discovered 120,000 infected systems that contained credentials for cybercrime forums. Many of the computers belong to hackers, the researchers say. [.]

Accountability

Accountability Cybercrime Hacking Malware

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. One of Megatraffer’s ads on an English-language cybercrime forum. user account — this one on Verified[.]ru account on Carder[.]su

Malware

Malware Cybercrime Software Antivirus

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Krebs on Security

FEBRUARY 9, 2023

Authorities in the United States and United Kingdom today levied financial sanctions against seven men accused of operating “ Trickbot ,” a cybercrime-as-a-service platform based in Russia that has enabled countless ransomware attacks and bank account takeovers since its debut in 2016. companies and government entities.

Hacking

Hacking Cybercrime Ransomware Government

FBI Hacker Dropped Stolen Airbus Data on 9/11

Krebs on Security

SEPTEMBER 13, 2023

The FBI responded by reverifying InfraGard members and by seizing the cybercrime forum where the data was being sold. In a post on the English language cybercrime forum BreachForums , USDoD leaked information on roughly 3,200 Airbus vendors, including names, addresses, phone numbers, and email addresses. But on Sept. But on Sept.

Cybercrime

Cybercrime Passwords Authentication Malware

No SOCKS, No Shoes, No Malware Proxy Services!

Krebs on Security

AUGUST 2, 2022

With the recent demise of several popular “proxy” services that let cybercriminals route their malicious traffic through hacked PCs, there is now something of a supply chain crisis gripping the underbelly of the Internet. com , a malware-based proxy network that has been in existence since at least 2010. Image: Spur.us.

Malware

Malware Cybercrime Internet Internet

Cybercrime Statistics in 2019

Security Affairs

JANUARY 18, 2020

I’m preparing the slides for my next speech and I decided to create this post while searching for interesting cybercrime statistics in 2020. Cybercrime will cost as much as $6 trillion annually by 2021. The global expense for organizations to protect their systems from cybercrime attacks will continue to grow.

Cybercrime

Cybercrime Small Business Data breaches Mobile

UK Ad Campaign Seeks to Deter Cybercrime

Krebs on Security

MAY 28, 2020

The United Kingdom’s anti-cybercrime agency is running online ads aimed at young people who search the Web for services that enable computer crimes, specifically trojan horse programs and DDoS-for-hire services. law enforcement agents in connection with various cybercrime investigations.

Cybercrime

Cybercrime DDOS Advertising Hacking

DarkGate malware campaign abuses Skype and Teams

Security Affairs

OCTOBER 16, 2023

Researchers uncovered an ongoing campaign abusing popular messaging platforms Skype and Teams to distribute the DarkGate malware. The threat actors abused popular messaging platforms such as Skype and Teams to deliver a script used as a loader for a second-stage payload, which was an AutoIT script containing the DarkGate malware.

Malware

Malware Cryptocurrency Accountability Cybercrime

Crooks manipulate GitHub’s search results to distribute malware

Security Affairs

APRIL 13, 2024

Researchers warn threat actors are manipulating GitHub search results to target developers with persistent malware. Checkmarx researchers reported that t hreat actors are manipulating GitHub search results to deliver persistent malware to developers systems. csproj or.vcxproj), it is automatically executed when the project is built.

Malware

Malware Cryptocurrency Encryption Hacking

This Service Helps Malware Authors Fix Flaws in their Code

Krebs on Security

MAY 18, 2020

Almost daily now there is news about flaws in commercial software that lead to computers getting hacked and seeded with malware. Here’s a look at one long-lived malware vulnerability testing service that is used and run by some of the Dark Web’s top cybercriminals. is cybercrime forum.

Malware

Malware Cybercrime Ransomware Marketing

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

Security Affairs

DECEMBER 31, 2021

The Have I Been Pwned data breach notification service now includes credentials for 441K accounts that were stolen by RedLine malware. The Have I Been Pwned data breach notification service now allows victims of the RedLine malware to check if their credentials have been stolen. SecurityAffairs – hacking, malware).

Accountability

Accountability Malware Data breaches Passwords

Carbanak malware returned in ransomware attacks

Security Affairs

DECEMBER 26, 2023

Researchers at NCC Group reported that in November they observed the return of the infamous banking malware Carbanak in ransomware attacks. The cybersecurity firm NCC Group reported that in November the banking malware Carbanak was observed in ransomware attacks. ” reads the report published by NCC Group.

Malware

Malware Ransomware Banking Healthcare

Understanding Malware-as-a-Service

SecureList

JUNE 15, 2023

Money is the root of all evil, including cybercrime. Thus, it was inevitable that malware creators would one day begin not only to distribute malicious programs themselves, but also to sell them to less technically proficient attackers, thereby lowering the threshold for entering the cybercriminal community.

Malware

Malware Ransomware Cybercrime Hacking

Hackers breached four prominent underground cybercrime forums

Security Affairs

MARCH 6, 2021

A suspicious wave of attacks resulted in the hack of four cybercrime forums Verified, Crdclub, Exploit, and Maza since January. Since January, a series of mysterious cyberattacks that resulted in the hack of popular Russian-language cybercrime forums. ” reads the post published by threat intelligence firm Intel 471.

Cybercrime

Cybercrime DDOS Hacking Passwords

LockBit ransomware gang claims to have breached accountancy firm Xeinadin

Security Affairs

DECEMBER 23, 2023

The LockBit ransomware claims to have hacked accountancy firm Xeinadin threatens to leak the alleged stolen data. The LockBit ransomware claims responsibility for hacking the Xeinadin accountancy firm and threatens to disclose the alleged stolen data. Account balances. tb of customer data is alleged. And much more.

Accountability

Accountability Ransomware Data breaches Hacking

UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware

Security Affairs

MAY 5, 2021

A new cybercrime gang, tracked as UNC2529 , has targeted many organizations in the US and other countries using new sophisticated malware. A new financially motivated threat actor, tracked by FireEye Experts as UNC2529, has targeted many organizations in the United States and other countries using several new pieces of malware.

Cybercrime

Cybercrime Malware Manufacturing Retail

Brokewell Android malware supports an extensive set of Device Takeover capabilities

Security Affairs

APRIL 27, 2024

ThreatFabric researchers identified a new Android malware called Brokewell, which implements a wide range of device takeover capabilities. ThreatFabric researchers uncovered a new mobile malware named Brokewell, which is equipped with sophisticated device takeover features. ” reads the report published by ThreatFabric.

Malware

Malware Spyware Authentication Mobile

HAEICHI-II: Interpol arrested +1,000 suspects linked to various cybercrimes

Security Affairs

NOVEMBER 27, 2021

HAEICHI-II: Interpol arrested 1,003 individuals charged for several cybercrimes, including romance scams, investment frauds, and online money laundering. The authorities blocked 2,350 bank accounts linked to the illicit proceeds of online financial crime and intercepted over 27 million dollars. ” concludes the announcement.

Cybercrime

Cybercrime Scams Banking Malware

Malware exploits undocumented Google OAuth endpoint to regenerate Google cookies

Security Affairs

JANUARY 1, 2024

The MultiLogin endpoint endpoint is an internal mechanism that allows the synchronization of Google accounts across services. This endpoint receives a vector containing account IDs and auth-login tokens for efficiently handling concurrent sessions or seamlessly transitioning between user profiles. ” continues the report.

Malware

Malware Penetration Testing Passwords Encryption

Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MARCH 24, 2024

surfaces in the threat landscape Pokemon Company resets some users’ passwords Ukraine cyber police arrested crooks selling 100 million compromised accounts New AcidPour wiper targets Linux x86 devices. Players hacked during the matches of Apex Legends Global Series. Is it a Russia’s weapon?

Malware

Malware Cybercrime Hacking Cyber threats

Info stealers and how to protect against them

Security Affairs

DECEMBER 18, 2023

Info stealers, the type of malware with its purpose in the name, can cripple businesses and everyday users alike. Info stealers, also known as information stealers, are a type of malicious software (malware) designed to covertly collect sensitive and personal information from a victim’s computer or network.

Banking

Banking Cybercrime Malware Accountability

Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

APRIL 14, 2024

Crooks manipulate GitHub’s search results to distribute malware BatBadBut flaw allowed an attacker to perform command injection on Windows Roku disclosed a new security breach impacting 576,000 accounts LastPass employee targeted via an audio deepfake call TA547 targets German organizations with Rhadamanthys malware CISA adds D-Link multiple (..)

Data breaches

Data breaches Social Engineering Malware Hacking

Cactus ransomware gang claims the Schneider Electric hack

Security Affairs

JANUARY 30, 2024

The ransomware identifies user accounts by viewing successful logins in Windows Event Viewer, it also uses a modified variant of the open-source PSnmap Tool. Once the malware has escalated the privileges on a machine, the threat actors use a batch script to uninstall popular antivirus solutions installed on the machine.

Ransomware

Ransomware Hacking Data breaches Digital transformation

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Security Affairs

FEBRUARY 17, 2024

Ukrainian national Vyacheslav Igorevich Penchukov has pleaded guilty to his key roles in the Zeus and IcedID malware operations. Vyacheslav Igorevich Penchukov was a leader of two prolific malware groups that infected thousands of computers with malicious software.

Malware

Malware Cybercrime Banking Hacking

Hacker hijacked Orange Spain RIPE account causing internet outage to company customers

Security Affairs

JANUARY 4, 2024

An internet outage impacted Orange Spain after a hacker gained access to the company’s RIPE account to misconfigure BGP routing. The hacker, who uses the moniker ‘Snow’, gained access to the RIPE account of Orange Spain and misconfigured the BGP routing causing an internet outage. I have fixed your RIPE admin account security.

Internet

Internet Internet Accountability Passwords

The fire in the OVH datacenter also impacted APTs and cybercrime groups

Security Affairs

MARCH 13, 2021

The fire at the OVH datacenter in Strasbourg also impacted the command and control infrastructure used by several nation-state APT groups and cybercrime gangs. The servers were used by cybercrime gangs and APT groups, including Iran-linked Charming Kitten and APT39 groups, the Bahamut cybercrime group, and the Vietnam-linked OceanLotus APT.

Cybercrime

Cybercrime Malware Hacking Accountability

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

SecureList

OCTOBER 20, 2021

Having been in the field for so long, we have witnessed some major changes in the cybercrime world’s modus operandi. This report shares our insights into the Russian-speaking cybercrime world and the changes in how it operates that have happened in the past five years. Client-side attacks on the wane.

Cybercrime

Cybercrime Banking Malware Ransomware

NodeStealer 2.0 takes over Facebook Business accounts and targets crypto wallets

Security Affairs

AUGUST 1, 2023

Researchers spotted a Python variant of the NodeStealer that was designed to take over Facebook business accounts and cryptocurrency wallets. The malicious code was designed to take over Facebook business accounts and steal funds from cryptocurrency wallets. environment. The author used Node.js

Accountability

Accountability Cryptocurrency Malware Phishing

SEC announces sanctions against entities over email account hacking

Security Affairs

SEPTEMBER 1, 2021

Securities and Exchange Commission (SEC) announced sanctions against several organizations over email account hacking. Securities and Exchange Commission (SEC) announced sanctions against eight entities belonging to three companies over email account hacking due to cybersecurity failures. Pierluigi Paganini.

Accountability

Accountability Hacking Financial Services Cybersecurity

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. The credentials are sold for an average of $15.43, the most expensive pairs relate to banking and financial services accounts, with an average price of nearly $71. Pierluigi Paganini.

Cybercrime

Cybercrime Antivirus Marketing Accountability

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 10, 2020

Microsoft has uncovered Zerologon attacks that were allegedly conducted by the infamous TA505 Russia-linked cybercrime group. Microsoft spotted a series of Zerologon attacks allegedly launched by the Russian cybercrime group tracked as TA505 , CHIMBORAZO and Evil Corp. SecurityAffairs – hacking, Zerologon). states Microsoft.

Cybercrime

Cybercrime Security Intelligence Authentication Banking

$10M Is Yours If You Can Get This Guy to Leave Russia

Krebs on Security

MAY 4, 2023

government this week put a $10 million bounty on the head of a Russian man who for the past 18 years operated Try2Check , one of the cybercrime underground’s most trusted services for checking the validity of stolen credit card data. was used to register an account with the username “Nordex” at bankir[.]com

Marketing

Marketing Cybercrime Accountability Cryptocurrency

Cybercrime group exploits Windows zero-day in ransomware attacks

Security Affairs

APRIL 11, 2023

The experts pointed out that while the majority of zero-days they have discovered in the past were used by APT groups, this zero-day was exploited by a sophisticated cybercrime group. This group is known to have used similar CLFS driver exploits in the past that were likely developed by the same author.

Cybercrime

Cybercrime Ransomware Education Media

New Lobshot hVNC malware spreads via Google ads

Security Affairs

MAY 1, 2023

The previously undetected LOBSHOT malware is distributed using Google ads and gives operators VNC access to Windows devices. Threat actors are using an elaborate scheme of fake websites through Google Ads to spread their malware, the backdoors are embedded in installers for apparently legitimate applications, such as AnyDesk.

Malware

Malware Cybercrime Banking Software

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

In 2020, the United States brought charges against four men accused of building a bulletproof hosting empire that once dominated the Russian cybercrime industry and supported multiple organized cybercrime groups. From January 2005 to April 2013, there were two primary administrators of the cybercrime forum Spamdot (a.k.a

Cybercrime

Cybercrime Banking Computers and Electronics DDOS

Security Affairs newsletter Round 463 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MARCH 17, 2024

France Travail data breach impacted 43 Million people Scranton School District in Pennsylvania suffered a ransomware attack Lazarus APT group returned to Tornado Cash to launder stolen funds Moldovan citizen sentenced in connection with the E-Root cybercrime marketplace case UK Defence Secretary jet hit by an electronic warfare attack in Poland Cisco (..)

Data breaches

Data breaches Computers and Electronics Cybercrime Ransomware

Security Affairs newsletter Round 456 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 28, 2024

Pro-Ukraine hackers wiped 2 petabytes of data from Russian research center Participants earned more than $1.3M Pro-Ukraine hackers wiped 2 petabytes of data from Russian research center Participants earned more than $1.3M

Artificial Intelligence

Artificial Intelligence Hacking Malware Cyber Attacks

Threat actors use Quantum Builder to deliver Agent Tesla malware

Security Affairs

SEPTEMBER 29, 2022

The recently discovered malware builder Quantum Builder is being used by threat actors to deliver the Agent Tesla RAT. A recently discovered malware builder called Quantum Builder is being used to deliver the Agent Tesla remote access trojan (RAT), Zscaler ThreatLabz researchers warn. SecurityAffairs – hacking, Agent Tesla).

Malware

Malware Cybercrime Phishing Hacking

From Cybercrime Saul Goodman to the Russian GRU

Crime Shop Sells Hacked Logins to Other Crime Shops

Webinars

Trending Sources

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Webinars

Why Malware Crypting Services Deserve More Scrutiny

Career Choice Tip: Cybercrime is Mostly Boring

Giving a Face to the Malware Proxy Service ‘Faceless’

Over 100K hacking forums accounts exposed by info-stealing malware

Ask Fitis, the Bear: Real Crooks Sign Their Malware

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

FBI Hacker Dropped Stolen Airbus Data on 9/11

No SOCKS, No Shoes, No Malware Proxy Services!

Cybercrime Statistics in 2019

UK Ad Campaign Seeks to Deter Cybercrime

DarkGate malware campaign abuses Skype and Teams

Crooks manipulate GitHub’s search results to distribute malware

This Service Helps Malware Authors Fix Flaws in their Code

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

Carbanak malware returned in ransomware attacks

Understanding Malware-as-a-Service

Hackers breached four prominent underground cybercrime forums

LockBit ransomware gang claims to have breached accountancy firm Xeinadin

UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware

Brokewell Android malware supports an extensive set of Device Takeover capabilities

HAEICHI-II: Interpol arrested +1,000 suspects linked to various cybercrimes

Malware exploits undocumented Google OAuth endpoint to regenerate Google cookies

Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION

Info stealers and how to protect against them

Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION

Cactus ransomware gang claims the Schneider Electric hack

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Hacker hijacked Orange Spain RIPE account causing internet outage to company customers

The fire in the OVH datacenter also impacted APTs and cybercrime groups

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

NodeStealer 2.0 takes over Facebook Business accounts and targets crypto wallets

SEC announces sanctions against entities over email account hacking

15 billion credentials available in the cybercrime marketplaces

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

$10M Is Yours If You Can Get This Guy to Leave Russia

Cybercrime group exploits Windows zero-day in ransomware attacks

New Lobshot hVNC malware spreads via Google ads

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Security Affairs newsletter Round 463 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 456 by Pierluigi Paganini – INTERNATIONAL EDITION

Threat actors use Quantum Builder to deliver Agent Tesla malware

Stay Connected