Banking, Cybercrime and System Administration

Caketap, a new Unix rootkit used to siphon ATM banking data

Security Affairs

MARCH 18, 2022

Experts spotted a new Unix rootkit, called Caketap, that was used to steal ATM banking data. Mandiant researchers discovered a new Unix rootkit named Caketap, which is used to steal ATM banking data, while investigating the activity of the LightBasin cybercrime group (aka UNC1945 ). ” concludes the report.

Banking

Banking Telecommunications System Administration Hacking

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

SecureList

OCTOBER 20, 2021

Having been in the field for so long, we have witnessed some major changes in the cybercrime world’s modus operandi. This report shares our insights into the Russian-speaking cybercrime world and the changes in how it operates that have happened in the past five years.

Cybercrime

Cybercrime Banking Malware Ransomware

How Did Authorities Identify the Alleged Lockbit Boss?

Krebs on Security

MAY 13, 2024

This post examines the activities of Khoroshev’s many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years. was used by a Russian-speaking member called Pin on the English-language cybercrime forum Opensc. Dmitry Yuryevich Khoroshev.

Ransomware

Ransomware Cybercrime Accountability Malware

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

Security Affairs

MARCH 10, 2020

Microsoft is warning of human-operated ransomware, this kind of attack against businesses is becoming popular in the cybercrime ecosystem. Human-operated ransomware is a technique usually employed in nation-state attacks that is becoming very popular in the cybercrime ecosystem. ” reads the post published by Microsoft.

Ransomware

Ransomware Cybercrime Social Engineering Banking

A member of the FIN7 group was sentenced to 10 years in prison

Security Affairs

APRIL 18, 2021

The Ukrainian national Fedir Hladyr (35), aka “das” or “AronaXus,” was sentenced to 10 years in prison for having served as a manager and systems administrator for the financially motivated group FIN7 , aka Carbanak. Between 2014 and 2016 the group used a new custom malware dubbed Carbanak that is considered a newer version of Anunak.

System Administration

System Administration Penetration Testing Malware Hacking

US authorities charged Dridex gang members for stealing over $100 Million

Security Affairs

DECEMBER 7, 2019

US DoJ charged two Russian citizens for deploying the Dridex malware and for their involvement in international bank fraud and computer hacking schemes. 32) and Igor Turashev (38) for distributing the infamous Dridex banking Trojan , and for their involvement in international bank fraud and computer hacking schemes.

Banking

Banking Malware Accountability Cybercrime

FIN7 sysadmin behind “billions in damage” gets 10 years

Malwarebytes

APRIL 20, 2021

In 2018 three high-ranking members of a sophisticated international cybercrime group operating out of Eastern Europe were arrested and taken into custody by US authorities. But FIN7 had already been active for a few years at that point and was involved in a lot more banking and financial malware than just the ATM machines manipulation.

System Administration

System Administration Banking Malware Penetration Testing

Three members of FIN7 (Carbanak) gang charged with stealing 15 million credit cards

Security Affairs

AUGUST 2, 2018

Three members of the cybercrime group tracked as FIN7 and Carbanak have been indicted and charged with 26 felony counts. Three members of the notorious cybercrime gang known as FIN7 and Carbanak have been indicted and charged with 26 felony counts of conspiracy, wire fraud, computer hacking, access device fraud and aggravated identity theft.

Banking

Banking Cybercrime Identity Theft Penetration Testing

FireEye experts found source code for CARBANAK malware on VirusTotal?

Security Affairs

APRIL 23, 2019

The Carbanak gang (aka FIN7 , Anunak or Cobalt ) stole over a billion euros from banks across the world, the name “Carbanak” comes with the name of the malware they used to compromise computers at banks, other financial institutions, restaurants, and other industries. Hladyr is suspected to be a system administrator for the group.

Malware

Malware Penetration Testing Banking Advertising

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)

Security Affairs

OCTOBER 3, 2023

Our investigation revealed that this remote endpoint is associated with criminal activities dating back to 2019, indicating that these hosts were likely under the control of the same technical administration. This hostname connection is particularly heterogeneous, but it technically makes sense.

Scams

Scams Ransomware System Administration Malware

FireEye experts found source code for CARBANAK malware on VirusTotal?

Security Affairs

APRIL 23, 2019

The Carbanak gang (aka FIN7 , Anunak or Cobalt ) stole over a billion euros from banks across the world, the name “Carbanak” comes with the name of the malware they used to compromise computers at banks, other financial institutions, restaurants, and other industries. Hladyr is suspected to be a system administrator for the group.

Malware

Malware Penetration Testing Banking Advertising

Bye Bye Emotet, law enforcement pushed the uninstall code via the botnet

Security Affairs

APRIL 26, 2021

The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked as TA542. The infamous banking trojan is also used to deliver other malicious code, such as Trickbot and QBot trojan or ransomware such as Conti (TrickBot) or ProLock (QBot). Department of Justice in their affidavit.

Malware

Malware Banking System Administration Hacking

Ransomware Gangs and the Name Game Distraction

Krebs on Security

AUGUST 5, 2021

Reinvention is a basic survival skill in the cybercrime business. REvil’s last big victim was Kaseya , a Miami-based company whose products help system administrators manage large networks remotely. Indeed, some of the most destructive and costly ransomware groups are now in their third incarnation. Image: FBI.

Ransomware

Ransomware Cybercrime Malware System Administration

IT threat evolution Q2 2021

SecureList

AUGUST 12, 2021

Gootkit: the cautious banking Trojan. It is complex multi-stage banking malware, which was initially discovered by Doctor Web in 2014. Bizarro banking Trojan expands into Europe. Bizarro is one more banking Trojan family originating from Brazil that is now found in other parts of the world.

Ransomware

Ransomware Malware Banking Encryption

Cyber Security Informer

Caketap, a new Unix rootkit used to siphon ATM banking data

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

Trending Sources

How Did Authorities Identify the Alleged Lockbit Boss?

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

A member of the FIN7 group was sentenced to 10 years in prison

US authorities charged Dridex gang members for stealing over $100 Million

FIN7 sysadmin behind “billions in damage” gets 10 years

Three members of FIN7 (Carbanak) gang charged with stealing 15 million credit cards

FireEye experts found source code for CARBANAK malware on VirusTotal?

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)

FireEye experts found source code for CARBANAK malware on VirusTotal?

Bye Bye Emotet, law enforcement pushed the uninstall code via the botnet

Ransomware Gangs and the Name Game Distraction

IT threat evolution Q2 2021

Stay Connected