Cybercrime, Document and Information Security

Moldovan citizen sentenced in connection with the E-Root cybercrime marketplace case

Security Affairs

MARCH 15, 2024

US DoJ sentenced a Moldovan national (31) to 42 months in federal prison for operating the E-Root cybercrime marketplace. Diaconu was operating the E-Root cybercrime marketplace. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, cybercrime)

Cybercrime

Cybercrime Cryptocurrency Advertising Passwords

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

Security Affairs

OCTOBER 9, 2023

A threat actor has leaked the source code for the first version of the HelloKitty ransomware on a Russian-speaking cybercrime forum. The availability of the source in the cybercrime ecosystem can allow threat actors to develop their own version of the Hello Kitty ransomware. The HelloKitty gang has been active since January 2021.

Cybercrime

Cybercrime Ransomware DDOS Encryption

Uber hacked, internal systems and confidential documents were allegedly compromised

Security Affairs

SEPTEMBER 16, 2022

Uber on Thursday disclosed a security breach, threat actors gained access to its network, and stole internal documents. Uber on Thursday suffered a cyberattack, the attackers were able to penetrate its internal network and access internal documents, including vulnerability reports. Pierluigi Paganini.

Hacking

Hacking Data breaches Engineering Information Security

New MacStealer macOS malware appears in the cybercrime underground

Security Affairs

MARCH 27, 2023

Uptycs researchers team discovered a new macOS information stealer, called MacStealer, which allows operators to steal iCloud Keychain data and passwords from infected systems. The macOS malware can steal documents, credit card data, cookies from a victim’s browser (i.e.

Cybercrime

Cybercrime Malware Passwords Advertising

TA558 cybercrime group targets hospitality and travel orgs

Security Affairs

AUGUST 20, 2022

TA558 cybercrime group is behind a malware campaign targeting hospitality, hotel, and travel organizations in Latin America. Researchers from Proofpoint are monitoring a malware campaign conducted by a cybercrime group, tracked as TA558, that is targeting hospitality, hotel, and travel organizations in Latin America.

Cybercrime

Cybercrime Malware Phishing Internet

RansomEXX gang claims to have hacked Ferrari and leaked online internal documents

Security Affairs

OCTOBER 3, 2022

The Italian luxury sports car manufacturer Ferrari confirmed the availability of internal documents online, but said it has no evidence of cyber attack. Documents belonging to the Italian luxury sports car manufacturer Ferrari are circulating online, the company confirmed their authenticity stating it is not aware of cyber attacks.

Hacking

Hacking Manufacturing Cyber Attacks Ransomware

DoppelPaymer crew leaked internal confidential documents belonging to aerospace companies

Security Affairs

APRIL 10, 2020

DoppelPaymer hackers leaked online internal confidential documents belonging to some of the largest aerospace companies in the world. The gang behind the DoppelPaymer ransomware has stolen internal confidential documents belonging to some of the largest aerospace companies in the world from the industrial contractor Visser Precision.

Manufacturing

Manufacturing Ransomware Advertising Cybercrime

Russian Cybercrime Trickbot Group is systematically attacking Ukraine

Security Affairs

JULY 8, 2022

In some of the attacks, threat actors used an Excel document named Nuclear.xls, suggesting an alarming lure. Once opened, the document downloads a WinRAR self-extracting archive (SFX) that delivers the AnchorMail backdoor to the victim’s system. Experts also observed attacks dropping IcedID and CobaltStrike. Pierluigi Paganini.

Cybercrime

Cybercrime Malware DDOS Ransomware

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

Security Affairs

NOVEMBER 3, 2022

The Sentinel Labs’s analysis revealed that Black Basta ransomware operators develop and maintain their own toolkit, they documented only collaboration with a limited and trusted set of affiliates. The post Experts link the Black Basta ransomware operation to FIN7 cybercrime gang appeared first on Security Affairs.

Cybercrime

Cybercrime Ransomware Antivirus Malware

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Security Affairs

JUNE 17, 2021

UNC2465 cybercrime group that is affiliated with the Darkside ransomware gang has infected with malware the website of a CCTV camera vendor. In the documented attack, once the backdoor is deployed, UNC2465 interactively established an NGROK tunnel and performed lateral movements in less than 24 hours. Pierluigi Paganini.

Cybercrime

Cybercrime Ransomware Antivirus Software

El Salvador suffered a massive leak of biometric data

Security Affairs

MAY 6, 2024

The threat actor, going by the alias ‘CiberinteligenciaSV,’ posted the 144 GB data dump to Breach Forums, writing that the leak included 5,129,518 high-definition photos, each labeled with the corresponding Salvadorian’s document identification (DUI) number.

Identity Theft

Identity Theft Data breaches Cybercrime Government

Alleged Extortioner of Psychotherapy Patients Faces Trial

Krebs on Security

NOVEMBER 16, 2023

In a 2,200-page report, Finnish authorities laid out how they connected the extortion spree to Kivimäki, a notorious hacker who was convicted in 2015 of perpetrating tens of thousands of cybercrimes, including data breaches, payment fraud, operating a botnet and calling in bomb threats.

Cybercrime

Cybercrime Hacking Data breaches Banking

Many Public Salesforce Sites are Leaking Private Data

Krebs on Security

APRIL 27, 2023

This misconfigured Salesforce Community site from the state of Vermont was leaking pandemic assistance loan application data, including names, SSNs, email address and bank account information. But after being presented with a document including the Social Security number of a health professional in D.C. Washington, D.C.

Banking

Banking Government Information Security Authentication

Threat actors leak Activision employee data on hacking forum

Security Affairs

FEBRUARY 27, 2023

Data allegedly stolen from the American gaming giant Activision in December security breach were leaked on a cybercrime forum. They exfiltrated sensitive work place documents as well as scheduled to be released content dating to November 17th, 2023. Activision was breached December 4th, 2022.

Hacking

Hacking Cybercrime Social Engineering Data breaches

Ohio Lottery data breach impacted over 538,000 individuals

Security Affairs

MAY 11, 2024

“After an extensive forensic investigation and our manual document review, we learned on April 5, 2024 that certain files containing your personal information was subject to unauthorized access.” The incident did not impact the gaming network,” reads the notice of data breach sent to the impacted individuals.

Data breaches

Data breaches Identity Theft Cybercrime Cyber Attacks

Acer Philippines disclosed a data breach after a third-party vendor hack

Security Affairs

MARCH 13, 2024

In our commitment to full transparency, we wish to inform you of a recent security incident involving a third-party vendor managing employee attendance data. The threat actor announced the hack on a popular cybercrime forum, he claimed the theft of about 2869 files.

Data breaches

Data breaches Computers and Electronics Hacking Cybercrime

First American Financial Pays Farcical $500K Fine

Krebs on Security

JUNE 18, 2021

NYSE:FAF ] was leaking more than 800 million documents — many containing sensitive financial data — related to real estate transactions dating back 16 years. Securities and Exchange Commission settled its investigation into the matter after the Fortune 500 company agreed to pay a paltry penalty of less than $500,000.

Insurance

Insurance Risk Financial Services CISO

TA505 Cybercrime targets system integrator companies

Security Affairs

NOVEMBER 12, 2019

The analysis of a malicious email revealed a possible raising interest of the TA505 cybercrime gang in system integrator companies. Attached to the email a suspicious word document was waiting to be opened from the victim. By opening the word document the victim displays the following text (Image1). Introduction.

Cybercrime

Cybercrime Computers and Electronics Penetration Testing Malware

FIN7 targeted a large U.S. carmaker phishing attacks

Security Affairs

APRIL 18, 2024

FIN7 is a Russian criminal group (aka Carbanak ) that has been active since mid-2015, it focuses on restaurants, gambling, and hospitality industries in the US to harvest financial information that was used in attacks or sold in cybercrime marketplaces. com” masquerading as the legitimate website “advanced-ip-scanner[.]com”,

Phishing

Phishing Cybercrime Manufacturing Hacking

DarkGate malware campaign abuses Skype and Teams

Security Affairs

OCTOBER 16, 2023

The researchers speculate the originating accounts of the instant messaging applications were compromised through the leaked credentials available on cybercrime forums. The format is used to to trick the user into believing the file is a.PDF document instead of a VBA script ( www.skype[.]vbs).

Malware

Malware Cryptocurrency Accountability Cybercrime

Ukrainian REvil gang member sentenced to 13 years in prison

Security Affairs

MAY 2, 2024

“According to court documents, Yaroslav Vasinskyi, also known as Rabotnik, 24, conducted thousands of ransomware attacks using the ransomware variant known as Sodinokibi/REvil.” victims, and we are disrupting the broader cybercrime ecosystem.” Vasinskyi was extradited to the U.S. in March 2022.

Ransomware

Ransomware Cryptocurrency Cybercrime Encryption

FIN7 group leverages Windows 11 Alpha-Themed docs to drop Javascript payloads

Security Affairs

SEPTEMBER 4, 2021

FIN7 cybercrime gang used weaponized Windows 11 Alpha-themed Word documents to drop malicious payloads, including a JavaScript backdoor. The attack chain began with a Microsoft Word document (.doc) Anomali Threat Research experts have monitored recent spear-phishing attacks conducted by financially motivated threat actor FIN7.

Cybercrime

Cybercrime Retail Phishing Hacking

French police seized dark web marketplace Le Monde Parallèle

Security Affairs

MAY 26, 2021

Last week, French authorities have seized the dark web marketplace Le Monde Parallèle, it is another success of national police in the fight against cybercrime. French authorities seized the dark web marketplace Le Monde Parallèle, the operation is another success of national police in the fight against cybercrime activity in the dark web.

Cybercrime

Cybercrime Cryptocurrency Banking Mobile

Dridex targets MacOS users with a new delivery technique

Security Affairs

JANUARY 8, 2023

Trend Micro experts discovered a new variant of the Dridex banking malware that targets the MacOS platform and that used a new technique to deliver documents embedded with malicious macros. The banking malware is believed to be operated by the cybercrime gang known as Evil Corp. ” reads the analysis published by Trend Micro.

Banking

Banking Malware Social Engineering Cybercrime

Estonia ‘s police arrested a Tallin resident who stole 286K ID scans from a government DB

Security Affairs

JULY 30, 2021

The hacker exploited a vulnerability in a photo transfer service vulnerability to download ID scans from the Identity Documents Database (KMAIS). ” A joint operation conducted by the cybercrime Bureau of the National Criminal Police and RIA led to the identification of the Tallin resident. or take a new document photo. .

Government

Government Cybercrime Mobile Banking

DEV-1101 AiTM phishing kit is fueling large-scale phishing campaigns

Security Affairs

MARCH 14, 2023

Microsoft warns of large-scale phishing attacks orchestrated with an open-source adversary-in-the-middle (AiTM) phishing kit available in the cybercrime ecosystem Adversary-in-the-middle (AiTM) phishing kits are becoming an essential technology in the cybercrime ecosystem that is used by multiple threat actors to launch phishing attacks.

Phishing

Phishing Cybercrime Authentication Mobile

Spain police dismantled a cybercriminal group who stole the data of 4 million individuals

Security Affairs

OCTOBER 23, 2023

The leaders of the criminal organization used false documentation and spoofing techniques to hide their identity and invested their profits in crypto assets to launder the proceeds. The crooks impersonated delivery firms and electricity suppliers to scam the victims.

Computers and Electronics

Computers and Electronics Scams Cybercrime Phishing

Acer discloses a new data breach, 160 GB of sensitive data available for sale

Security Affairs

MARCH 7, 2023

The threat actor announced the hack on a popular cybercrime forum, he claims to have stolen about 2869 files. The stolen files include confidential product model documentation, binaries, backend infrastructure, BIOS information, and other sensitive data.

Data breaches

Data breaches Hacking Cybercrime Cryptocurrency

US Feds arrested two men involved in the Warzone RAT operation

Security Affairs

FEBRUARY 12, 2024

According to court documents, the FBI covertly purchased and analyzed the Warzone RAT. He is accused of conspiracy to commit various cybercrimes, such as gaining authorized access to protected computers and causing unauthorized damage to protected computers. “Federal authorities in Boston seized www.warzone.ws

Malware

Malware Hacking Cybercrime Advertising

“Beyond the border scam”, pay attention to the instance of the new Nigerian fraud

Security Affairs

FEBRUARY 22, 2024

Will you make sure to help me out of my unfortunate situation, receive the money and send me some to purchase my travel documents and start a new life? He is also the author of the book “La Gestione della Cyber Security nella Pubblica Amministrazione”. Source: www.computersecuritynews.it/beyond-the-border-scam-attenzione-allistanza-della-nuova-truffa-alla-nigeriana

Scams

Scams Banking Computers and Electronics Accountability

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Security Affairs

OCTOBER 18, 2023

The researchers reported that several cybercrime groups began exploiting the flaw in early 2023, when the bug was still a zero-day. The vulnerability has been patched, but but manyhave yet to update their installs. ” reported Google TAG.

Cybercrime

Cybercrime Malware Software Hacking

Lockbit ransomware gang claims to have hacked cybersecurity giant Mandiant

Security Affairs

JUNE 6, 2022

Mandiant is investigating the claims of the ransomware gang, the cybercrime group declared to have stolen 356841 files from the company and plans to leak them online. The alleged stolen documents appear to have been included in an archive named ‘mandiantyellowpress.com.7z.’ com redirects users to the site ninjaflex[.]com

Hacking

Hacking Ransomware Cybersecurity Cybercrime

Swiss Air Force sensitive files stolen in the hack of Ultra Intelligence & Communications

Security Affairs

JANUARY 8, 2024

Documents belonging to the Swiss Air Force were leaked on the dark web as a result of cyberattack on a US security provider. Documents belonging to the Swiss Air Force were leaked on the dark web after the US security company Ultra Intelligence & Communications suffered a data breach.

Hacking

Hacking Data breaches Ransomware Manufacturing

The Emotet botnet is back and hits 100K recipients per day

Security Affairs

DECEMBER 26, 2020

Emotet is back on Christmas Eve, cybercrime operators are sending out spam messages to deliver the infamous Trickbot Trojan. Emotet is back on Christmas Eve, after two months of silence, cybercrime operators are sending out spam messages to deliver the infamous Trickbot Trojan.

Cybercrime

Cybercrime Malware Banking Ransomware

INC RANSOM ransomware gang claims to have breached Xerox Corp

Security Affairs

DECEMBER 30, 2023

Xerox Corp provides document management solutions worldwide. The ransomware group published the images of eight documents, including emails and an invoice, as proof of the hack. The INC RANSOM ransomware group claims to have hacked the American multinational corporation Xerox Corp.

Ransomware

Ransomware InfoSec Data breaches Hacking

Daixin Team group claimed the hack of North Texas Municipal Water District

Security Affairs

NOVEMBER 28, 2023

The ransomware gang claims the theft of board meeting minutes, internal project documentation, personnel details, audit reports, and more. In October 2022, CISA, the FBI, and the Department of Health and Human Services (HHS) warned that the Daixin Team cybercrime group is actively targeting U.S.

Hacking

Hacking VPN Ransomware Cybercrime

Unpatched Office zero-day CVE-2023-36884 actively exploited in targeted attacks

Security Affairs

JULY 12, 2023

The issue, tracked as CVE-2023-36884 , was exploited by nation-state actors and cybercriminals to gain remote code execution via malicious Office documents. The company revealed that it is aware of high-targeted attacks that attempt to exploit these issues through specially-crafted Office documents. ” reads the post.

Phishing

Phishing Cybercrime Hacking Government

TA505 cybercrime group use SDBbot RAT in recent campaigns

Security Affairs

OCTOBER 20, 2019

TA505 cybercrime group that operated the Dridex Trojan and Locky ransomware, has been using a new RAT dubbed SDBbot in recent attacks. Security experts at Proofpoint observed the notorious TA505 cybercrime group that has been using a new RAT dubbed SDBbot in recent attacks. Pierluigi Paganini.

Cybercrime

Cybercrime Advertising Retail Banking

Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration.

Security Affairs

MARCH 8, 2024

The data exfiltrated by the gang included classified information and sensitive personal data from the Federal Administration. million files, and 65,000 documents were classified by NCSC as data relevant to the Federal Administration. Threat actors stole and leaked roughly 1.3 ” continues the report. ” continues the report.

Ransomware

Ransomware Data breaches Unstructured Data Architecture

Three Nigerian men arrested in INTERPOL Operation Killer Bee

Security Affairs

MAY 30, 2022

The suspects, aged between 31 and 38, the police found them in possession of fake documents, including fraudulent invoices and forged official letters. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. SecurityAffairs – hacking, cybercrime).

Cybercrime

Cybercrime Malware Hacking Cybersecurity

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

Security Affairs

APRIL 23, 2022

The Computer Emergency Response Team of Ukraine (CERT-UA) warns of phishing attacks aimed at organizations in the country using the topic “Azovstal” The phishing message use the subject “Azovstal” and a weaponized office document. Upon opening the attachment and enabling the macro, it will start the infection process.

Phishing

Phishing Cybercrime Ransomware Encryption

Grief ransomware gang hit US National Rifle Association (NRA)

Security Affairs

OCTOBER 27, 2021

The NRA was added to the list of compromised organizations on the leak site of the group, that gang also published a set of documents as proof of the hack. The Evil Corp cybercrime group (aka the Dridex gang Indrik Spider , the Dridex gang, and TA505 ) has been active in cybercrime activities since 2007.

Ransomware

Ransomware Banking Cybercrime Hacking

Trickbot spreads malware through new distribution channels

Security Affairs

OCTOBER 16, 2021

TrickBot operators are back and expand the distribution channels with partnership with cybercrime affiliates. The gang support other cybercrime groups such as known Hive0105, Hive0106 (aka TA551 or Shathak), and Hive0107, supporting them in expanding their malware campaigns. ” reads the post published by IBM X-Force.

Malware

Malware Cybercrime DDOS Social Engineering

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

Security Affairs

MARCH 27, 2024

The cybercrime group claims to have stolen three terabytes of data and is threatening to leak them. The group published the images of medical documents as proof of the hack and will publish the stolen data if the NHS does not pay the ransom. ” reads the announcement published by the INC Ransom group.

Healthcare

Healthcare Government Hacking Cybercrime

Moldovan citizen sentenced in connection with the E-Root cybercrime marketplace case

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

Trending Sources

Uber hacked, internal systems and confidential documents were allegedly compromised

New MacStealer macOS malware appears in the cybercrime underground

TA558 cybercrime group targets hospitality and travel orgs

RansomEXX gang claims to have hacked Ferrari and leaked online internal documents

DoppelPaymer crew leaked internal confidential documents belonging to aerospace companies

Russian Cybercrime Trickbot Group is systematically attacking Ukraine

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

El Salvador suffered a massive leak of biometric data

Alleged Extortioner of Psychotherapy Patients Faces Trial

Many Public Salesforce Sites are Leaking Private Data

Threat actors leak Activision employee data on hacking forum

Ohio Lottery data breach impacted over 538,000 individuals

Acer Philippines disclosed a data breach after a third-party vendor hack

First American Financial Pays Farcical $500K Fine

TA505 Cybercrime targets system integrator companies

FIN7 targeted a large U.S. carmaker phishing attacks

DarkGate malware campaign abuses Skype and Teams

Ukrainian REvil gang member sentenced to 13 years in prison

FIN7 group leverages Windows 11 Alpha-Themed docs to drop Javascript payloads

French police seized dark web marketplace Le Monde Parallèle

Dridex targets MacOS users with a new delivery technique

Estonia ‘s police arrested a Tallin resident who stole 286K ID scans from a government DB

DEV-1101 AiTM phishing kit is fueling large-scale phishing campaigns

Spain police dismantled a cybercriminal group who stole the data of 4 million individuals

Acer discloses a new data breach, 160 GB of sensitive data available for sale

US Feds arrested two men involved in the Warzone RAT operation

“Beyond the border scam”, pay attention to the instance of the new Nigerian fraud

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Lockbit ransomware gang claims to have hacked cybersecurity giant Mandiant

Swiss Air Force sensitive files stolen in the hack of Ultra Intelligence & Communications

The Emotet botnet is back and hits 100K recipients per day

INC RANSOM ransomware gang claims to have breached Xerox Corp

Daixin Team group claimed the hack of North Texas Municipal Water District

Unpatched Office zero-day CVE-2023-36884 actively exploited in targeted attacks

TA505 cybercrime group use SDBbot RAT in recent campaigns

Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration.

Three Nigerian men arrested in INTERPOL Operation Killer Bee

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

Grief ransomware gang hit US National Rifle Association (NRA)

Trickbot spreads malware through new distribution channels

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

Stay Connected