Krebs on Security

JUNE 15, 2024

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider , a cybercrime group suspected of hacking into Twilio , LastPass , DoorDash , Mailchimp , and nearly 130 other organizations over the past two years. man arrested was a SIM-swapper who went by the alias “ Tyler.”

Hacking 345

Hacking Cybercrime Phishing Passwords 345

Security Affairs

DECEMBER 25, 2024

authorities attributed the theft of $308 million cryptocurrency from DMM Bitcoin to North Korean cyber actors. authorities linked the $308 million cyber heist targeting cryptocurrency company DMM Bitcoin to North Korea-linked threat actors. On June 1st, the Japanese cryptocurrency exchange DMM Bitcoin announced that crooks stole 4,502.9

Cryptocurrency 125

Cryptocurrency Social Engineering Hacking Cybercrime 125

Krebs on Security

FEBRUARY 26, 2023

Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group. But it’s worth revisiting how this group typically got in to targeted companies: By calling employees and tricking them into navigating to a phishing website.

Hacking 333

Hacking Social Engineering Phishing Scams 333

Krebs on Security

DECEMBER 29, 2024

Identified by the Mandiant as one of the most consequential threat actors of 2024, Judische was responsible for a hacking rampage that exposed private information on hundreds of millions of Americans. One focus of that story was a Canadian cybercriminal who used the nickname Judische.

Scams 244

Scams Cybercrime Cryptocurrency Social Engineering 244

Security Affairs

NOVEMBER 21, 2024

The cybercrime group Scattered Spider is suspected of hacking into hundreds of organizations over the past two years, including Twilio , LastPass , DoorDash , and Mailchimp. Victims included gaming, telecom, and cryptocurrency firms, with losses reaching millions in stolen cryptocurrency and data from hundreds of thousands of accounts.

Cybercrime 112

Cybercrime Identity Theft Cryptocurrency Phishing 112

Penetration Testing

NOVEMBER 12, 2023

Microsoft has issued a warning about the North Korean hacking group Sapphire Sleet (BlueNoroff), which is deploying a new infrastructure for impending social engineering campaigns on LinkedIn.

Social Engineering 85

Social Engineering Cryptocurrency Engineering Penetration Testing 85

Krebs on Security

JULY 22, 2020

The New York Times last week ran an interview with several young men who claimed to have had direct contact with those involved in last week’s epic hack against Twitter. ” Twice in the past year, the OGUsers forum was hacked , and both times its database of usernames, email addresses and private messages was leaked online.

Hacking 350

Hacking Accountability Scams Media 350

Krebs on Security

FEBRUARY 17, 2021

Secret Service and Department of Homeland Security told reporters on Wednesday the trio’s activities involved extortion, phishing, direct attacks on financial institutions and ATM networks, as well as malicious applications that masqueraded as software tools to help people manage their cryptocurrency holdings.

Cryptocurrency 346

Cryptocurrency Financial Services Banking Government 346

Security Affairs

NOVEMBER 15, 2024

The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, malware)

Encryption 119

Encryption Password Management Cryptocurrency Social Engineering 119

Security Affairs

APRIL 17, 2025

Then the DLL launches a decoy by opening an msedge_proxy window that displays a legitimate cryptocurrency trading website. In a documented instance, attackers used a ClickFix social engineering tactic to trick users into running a PowerShell command that downloads and installs Node.js to deploy malicious payloads. components.

Social Engineering 118

Social Engineering Malware Cryptocurrency Engineering 118

CyberSecurity Insiders

JANUARY 17, 2022

North Korea, the nation that is being led by Kim Jong UN is back into news headlines for stealing cryptocurrency worth millions through cyber attacks. The post North Korea steals $400m cryptocurrency through Cyber Attacks appeared first on Cybersecurity Insiders.

Cryptocurrency 135

Cryptocurrency Cyber Attacks Social Engineering Banking 135

Security Affairs

APRIL 7, 2025

By simply paying the fee, usually in cryptocurrencies, the customer will receive the sensitive material ready to be exploited. With the help of these documents, even inexperienced operators with limited hacking skills can quickly acquire the necessary expertise to successfully forward counterfeit EDRs.

Cybercrime 140

Cybercrime Social Engineering Accountability Government 140

Security Affairs

NOVEMBER 24, 2020

Crooks were able to hijack traffic and email to various cryptocurrency-related websites as a result of a DNS hijacking attack on domains managed by GoDaddy. The threat actors were able to modify DNS settings by tricking GoDaddy employees into handing over the control of the targeted domains with social engineering attacks.

Social Engineering 107

Social Engineering Engineering DNS Accountability 107

Security Affairs

FEBRUARY 3, 2025

The Russian-speaking Crazy Evil group runs over 10 social media scams, tricking victims into installing StealC, AMOS, and Angel Drainer malware. Since 2021, the Crazy Evil gang has become a major cybercriminal group, using phishing, identity fraud, and malware to steal cryptocurrency. ” reads the report published by Insikt Group.

Scams 86

Scams Media Cryptocurrency Cybercrime 86

Krebs on Security

APRIL 6, 2022

Many organizations are already struggling to combat cybersecurity threats from ransomware purveyors and state-sponsored hacking groups, both of which tend to take days or weeks to pivot from an opportunistic malware infection to a full blown data breach. In fact, the group often announces its hacks on social media.

Social Engineering 294

Social Engineering Phishing Engineering Accountability 294

Adam Levin

MAY 15, 2019

The hacking group, called “The Community” primarily used social engineering (trickery) and SIM card hijacking to steal funds and cryptocurrency from their victims. Department of Justice announced that it has arrested and charged members of a major cybercriminal ring in connection with $2.4

Identity Theft 176

Identity Theft Social Engineering Mobile Authentication 176

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S.

Social Engineering 359

Social Engineering Mobile Passwords Cybercrime 359

Security Boulevard

JULY 16, 2024

DeFAIL: Cryptocurrency fans lose their worthless tokens via phishing attacks on decen­tral­ized finance sites. The post Squarespace Hacked — DeFi Wallets Drained (Imaginary Money Stolen) appeared first on Security Boulevard.

Hacking 131

Hacking Cryptocurrency Phishing Social Engineering 131

Krebs on Security

AUGUST 19, 2020

Allen said a typical voice phishing or “vishing” attack by this group involves at least two perpetrators: One who is social engineering the target over the phone, and another co-conspirator who takes any credentials entered at the phishing page and quickly uses them to log in to the target company’s VPN platform in real-time.

Phishing 363

Phishing VPN Social Engineering Media 363

Security Affairs

JULY 19, 2022

FBI has warned of crooks developing malicious cryptocurrency-themed apps to steal crypto assets from the users. Federal Bureau of Investigation (FBI) has warned of crooks creating malicious cryptocurrency-themed apps to steal crypto assets from investors. SecurityAffairs – hacking, cryptocurrency-themed apps).

Cryptocurrency 132

Cryptocurrency Mobile Hacking Accountability 132

Heimadal Security

APRIL 19, 2022

CISA, the FBI, and the US Treasury Department have recently issued a warning that firms in the cryptocurrency and blockchain industries are being targeted by the North Korean Lazarus hacking gang. It seems that the threat actors are using trojanized cryptocurrency applications in this wave of cyberattacks.

Social Engineering 128

Social Engineering Cryptocurrency Engineering Hacking 128

SecureWorld News

FEBRUARY 27, 2025

billion hack of cryptocurrency exchange Bybit to North Korea's state-sponsored hacking group, TraderTraitor, more commonly known as the infamous Lazarus Group. Their strategy often involves spear-phishing attacks, social engineering, and exploiting vulnerabilities in smart contracts and multi-signature wallets.

Hacking 60

Hacking Cryptocurrency Cybercrime Social Engineering 60

Security Boulevard

DECEMBER 3, 2021

Schadenfreude: This week saw a pair of high-profile cryptocurrency thefts, totalling over $150 million. The post $150M Stolen in ‘Imaginary Money’ Crypto/DeFi Hacks appeared first on Security Boulevard.

Hacking 126

Hacking Cryptocurrency Social Engineering Engineering 126

Threatpost

NOVEMBER 23, 2020

‘Vishing’ attack on GoDaddy employees gave fraudsters access to cryptocurrency service domains NiceHash, Liquid.

Cryptocurrency 121

Cryptocurrency Social Engineering VPN Engineering 121

CyberSecurity Insiders

APRIL 5, 2023

North Korea has established a hacking group named APT43 to fund its cybercrime activities, aimed at advancing Pyongyang’s geopolitical interests. On April 3 of this year, Google’s Threat Analysis Group (TAG) announced that APT43 was in-volved in cryptocurrency theft and digital currency laundering.

Hacking 105

Hacking Social Engineering Cryptocurrency Manufacturing 105

Security Affairs

APRIL 7, 2025

“In the Florida case, Urban was accused of stealing at least $800,000 in cryptocurrency from five different victims between August 2022 and March 2023.” The cybercrime group Scattered Spider is suspected of hacking intohundreds of organizations over the past two years, including Twilio , LastPass , DoorDash , and Mailchimp.

Cybercrime 68

Cybercrime Identity Theft Social Engineering Hacking 68

Krebs on Security

DECEMBER 29, 2022

You just knew 2022 was going to be The Year of Crypto Grift when two of the world’s most popular antivirus makers — Norton and Avira — kicked things off by installing cryptocurrency mining programs on customer computers. Tank, seen here performing as a DJ in Ukraine in an undated photo from social media.

Cryptocurrency 313

Cryptocurrency Cybercrime Computers and Electronics Scams 313

SecureWorld News

JULY 11, 2022

Axie Infinity, a video game that utilizes NFTs and Ethereum-based cryptocurrencies, lost $540 million in March of this year after a senior engineer was tricked into opening a PDF of a fake job application, according to a story from The Block. The employee who fell for the social engineering scheme no longer works for Sky Mavis.

Social Engineering 98

Social Engineering Hacking Cryptocurrency Cybercrime 98

Security Affairs

NOVEMBER 13, 2023

The APT group’s campaigns focus on cryptocurrency exchanges, venture capital firms, and banks. Microsoft researchers warn of a new social engineering campaign aimed at IT job seekers that relied on a new cluster of bogus skills assessment portals. ” warns Microsoft through a series of posts on X.

Social Engineering 143

Social Engineering Cryptocurrency Engineering Malware 143

Security Affairs

AUGUST 23, 2024

The cybercriminal facilitated money laundering by accepting illicit cryptocurrency from criminal groups, including North Korea-linked APT Lazarus , vendors of child sexual abuse material, and terrorist financiers. “There were also transfers between cryptocurrency wallets. But not only physical money transactions were made.”

Cryptocurrency 120

Cryptocurrency Social Engineering Hacking Engineering 120

Security Boulevard

MAY 23, 2025

As cryptocurrency becomes more popular and the adoption rises, we see a related increase in the number of cybercrimes, fraud, and malware schemes. If you hold cryptocurrency or are using Web3 platforms, you need to be careful. Dont be phished or socially engineered! Avoid browser extensions!

Cryptocurrency 59

Cryptocurrency Social Engineering Engineering Password Management 59

Security Affairs

JUNE 4, 2024

These include: Social engineering tactics SIM swapping schemes Banking and credit card fraud” The attackers use various social engineering and spoofing tactics to trick victims into revealing their sensitive information, which supports real-time interaction to abuse and bypass MFA (Multi-Factor Authentication).

Banking 132

Banking Phishing Social Engineering Engineering 132

Security Affairs

NOVEMBER 6, 2018

Group-IB and Swiss insurance broker ASPIS that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges. Based on the risk score, CryptoIns experts have calculated insurance rates for cryptocurrency exchange users who can now insure their accounts against cyber threats.

Insurance 97

Insurance Cryptocurrency Cyber threats Marketing 97

Security Affairs

JUNE 30, 2022

North Korea-linked Lazarus APT group is suspected to be behind the recent hack of the Harmony Horizon Bridge. Recently, threat actors have stolen $100 million in cryptocurrency from the Blockchain company Harmony. SecurityAffairs – hacking, Harmony). ” reads the report published by Elliptic. ” concludes the post.

Hacking 100

Hacking Social Engineering Cryptocurrency Engineering 100

Security Affairs

MARCH 29, 2025

Notifications & Social Engineering: Posts fake push notifications to trick users. “Already observed targeting banks in Spain and Turkey and popular cryptocurrency wallets, Crocodilus is clearly engineered to go after high-value assets.” ” ThreatFabric concludes.

Banking 70

Banking Mobile Identity Theft Malware 70

Krebs on Security

APRIL 20, 2023

Mandiant concluded that the 3CX attack was orchestrated by the North Korean state-sponsored hacking group known as Lazarus , a determination that was independently reached earlier by researchers at Kaspersky Lab and Elastic Security. Microsoft Corp.

Malware 331

Malware Software Technology Accountability 331

Security Affairs

NOVEMBER 8, 2023

The APT group’s campaigns focus on cryptocurrency exchanges, venture capital firms, and banks. blog, which was chosen by the attackers in an attempt to appear as the legitimate cryptocurrency exchange swissborg.com. The binary is ad-hoc signed that was observed communicating with the domain swissborg[.]blog,

Malware 136

Malware Cryptocurrency Social Engineering Engineering 136