Cybercrime, Information Security and VPN

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Security Affairs

JANUARY 15, 2025

A previously unknown threat actor released config files and VPN passwords for Fortinet FortiGate devices on a popular cybercrime forum. A previously unknown threat actor named Belsen Group published configuration files and VPN passwords for over 15,000 Fortinet FortiGate appliances. “The data includes: IPs.

VPN

VPN Passwords Firewall Firmware

Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766

Security Affairs

OCTOBER 29, 2024

Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks. Fog and Akira ransomware operators are exploiting the critical SonicWall VPN vulnerability CVE-2024-40766 (CVSS v3 score: 9.3) to breach corporate networks via SSL VPN access. ” reads the advisory.

VPN

VPN Ransomware Firewall Internet

US DoJ charges five alleged members of the Scattered Spider cybercrime gang

Security Affairs

NOVEMBER 21, 2024

Justice Department charged five suspects linked to the Scattered Spider cybercrime gang with wire fraud conspiracy. Justice Department charged five alleged members of the cybercrime gang Scattered Spider (also known as UNC3944 , 0ktapus ) with conspiracy to commit wire fraud. ” reads the press release published by DoJ.

Cybercrime

Cybercrime Identity Theft Cryptocurrency Phishing

The ‘Groove’ Ransomware Gang Was a Hoax

Krebs on Security

NOVEMBER 2, 2021

22 on RAMP , a new and fairly exclusive Russian-language darknet cybercrime forum. ” In the first week of September, Groove posted on its darknet blog nearly 500,000 login credentials for customers of Fortinet VPN products, usernames and passwords that could be used to remotely connect to vulnerable systems. .”

Ransomware

Ransomware Cybercrime Media VPN

Bulletproof VPN services took down in a global police operation

Security Affairs

DECEMBER 22, 2020

A joint operation conducted by law European enforcement agencies resulted in the seizure of the infrastructure of three bulletproof VPN services. ” The three VPN bulletproof services were hosted at insorg.org , safe-inet.com , and safe-inet.net, their home page currently displays a law enforcement banner. day to $190/year.

VPN

VPN Cybercrime Advertising Accountability

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. Experts reported that brute-force cracking tools and account checkers are available on cybercrime marketplaces and forums for an average of $4. Pierluigi Paganini.

Cybercrime

Cybercrime Antivirus Marketing Accountability

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Krebs on Security

OCTOBER 8, 2020

There’s an old adage in information security: “Every company gets penetration tested, whether or not they pay someone for the pleasure.” ” Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in.

Cybercrime

Cybercrime Malware Ransomware VPN

Fox Kitten Campaign – Iranian hackers exploit 1-day VPN flaws in attacks

Security Affairs

FEBRUARY 16, 2020

Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world. Iran-linked attackers targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies as part of the Fox Kitten Campaign. SecurityAffairs – Fox Kitten campaign, VPN ). Pierluigi Paganini.

VPN

VPN Telecommunications Advertising Hacking

The newer cybercrime triad: TrickBot-Emotet-Conti

Security Affairs

NOVEMBER 20, 2021

The researchers believe that one reason that contributed to multiple ransomware-as-a-service (RaaS) operations shutting down this year ( Babuk , DarkSide , BlackMatter , REvil , Avaddon ) was that affiliates used low-level access sellers and brokers (RDP, vulnerable VPN, poor quality spam). ” concludes the analysis.

Cybercrime

Cybercrime Ransomware Banking Malware

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Security Affairs

OCTOBER 12, 2020

US government networks are under attack, threat actors chained VPN and Windows Zerologon flaws to gain unauthorized access to elections support systems. Recently Microsoft observed Iran-linked APT Mercury and the Russian cybercrime gang TA505 exploiting the Zerologon flaw in attacks in the wild. Pierluigi Paganini.

VPN

VPN Government Authentication Advertising

International law enforcement operation dismantled RedLine and Meta infostealers

Security Affairs

OCTOBER 29, 2024

Update software : Keep your operating system, security software, and firewall up to date to patch vulnerabilities. Consider extra security layers : Use additional protection like a VPN for safer online activity. The following authorities participated in the Operation Magnus.

Identity Theft

Identity Theft Malware Passwords Banking

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. The FBI has observed incidents of stolen higher education credential information posted on publically accessible online forums or listed for sale on criminal marketplaces.

Cybercrime

Cybercrime Education Accountability Phishing

Cybercrime underground flooded with offers for initial access to shipping and logistics orgs

Security Affairs

NOVEMBER 3, 2021

Experts warn of the availability in the cybercrime underground of offers for initial access to networks of players in global supply chains. “It’s extremely beneficial that security teams in the shipping industry monitor and track adversaries, their tools and malicious behavior to stop attacks from these criminals.”

Cybercrime

Cybercrime VPN Ransomware Hacking

Veeam Backup & Replication exploit reused in new Frag ransomware attack

Security Affairs

NOVEMBER 9, 2024

Attackers accessed targets via VPN gateways lacking multifactor authentication, some of which ran outdated software. In each of the cases, attackers initially accessed targets using compromised VPN gateways without multifactor authentication enabled. Some of these VPNs were running unsupported software versions.”

Backups

Backups Ransomware VPN Accountability

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

Security Affairs

JANUARY 18, 2022

Europol this week announced the shutdown of VPNLab, a VPN service that is very popular in the cybercrime ecosystem. An international operation conducted by law enforcement bodies from 10 countries took down VPNLab.net, a VPN service provider that is very popular in the cybercrime ecosystem. Europol said.

VPN

VPN Cybercrime Ransomware Advertising

BunnyLoader, a new Malware-as-a-Service advertised in cybercrime forums

Security Affairs

OCTOBER 3, 2023

Zscaler ThreatLabz researchers discovered a new malware-as-a-service (MaaS) that is called BunnyLoader, which has been advertised for sale in multiple cybercrime forums since September 4, 2023. The malware is also able to steal data from messaging apps and VPN clients. ” continues the report.

Advertising

Advertising Cybercrime Malware Cryptocurrency

New ‘Karakurt’ cybercrime gang focuses on data theft and extortion

Security Affairs

DECEMBER 11, 2021

Accenture researchers detailed the activity of a new sophisticated cybercrime group, called Karakurt, behind recent cyberattacks. The analysis of the attack chain associated with this threat actor revealed that it primarily leverages VPN credentials to gain initial access to the target’s network. group and karakurt[.]tech,

Cybercrime

Cybercrime VPN Ransomware Hacking

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Proxy services can be used in a legitimate manner for several business purposes — such as price comparisons or sales intelligence — but they are massively abused for hiding cybercrime activity because they make it difficult to trace malicious traffic to its original source. SocksEscort began in 2009 as “ super-socks[.]com com , segate[.]org

Malware

Malware VPN Internet Internet

Security Affairs newsletter Round 496 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

NOVEMBER 3, 2024

Chinese threat actors use Quad7 botnet in password-spray attacks FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide PTZOptics cameras zero-days actively exploited in the wild New LightSpy spyware (..)

Cryptocurrency

Cryptocurrency Hacking Phishing Cyber Attacks

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

Security Affairs

JANUARY 14, 2025

The campaign likely began in November 2024, the campaign unfolded in four phases: vulnerability scanning (Nov 1623, 2024), reconnaissance (Nov 2227), SSL VPN setup (Dec 47), and lateral movement (Dec 1627). In the next phase (starting Dec 4, 2024), attackers targeted SSL VPN access by creating super admin accounts or hijacking existing ones.

Firewall

Firewall VPN Accountability Firmware

The controversial case of the threat actor EncryptHub

Security Affairs

APRIL 7, 2025

Microsoft credited controversial actor EncryptHub, a lone actor with ties to cybercrime, for reporting two Windows flaws. In 2024, he shifted to cybercrime, starting with low-level roles in vishing and ransomware, later moving into malware and vulnerability research that drew wide attention.

Cybercrime

Cybercrime Malware Hacking VPN

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Security Affairs

JUNE 17, 2021

UNC2465 cybercrime group that is affiliated with the Darkside ransomware gang has infected with malware the website of a CCTV camera vendor. Experts noticed that in this supply chain attack, UNC2465 did not deliver the Darkside ransomware as the final payload, but they not exclude that the cybercrime group could move to a new RaaS operation.

Cybercrime

Cybercrime Ransomware Antivirus Software

Security Affairs newsletter Round 499 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

NOVEMBER 24, 2024

CISA adds Apple, Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalog More than 2,000 Palo Alto Networks firewalls hacked exploiting recently patched zero-days Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office US DoJ charges five alleged members of the Scattered Spider cybercrime gang Threat actor (..)

Cybercrime

Cybercrime Artificial Intelligence Hacking VPN

Russian-based DoubleVPN seized by law enforcement

Security Affairs

JUNE 30, 2021

Law enforcement has seized the servers of DoubleVPN (doublevpn.com), a Russian-based VPN service that provides double-encryption service widely used by threat actors to anonymize their operation while performing malicious activities. The VPN service was offered for a starting price of €22 ($25). . Pierluigi Paganini.

VPN

VPN Cybercrime Encryption Advertising

86 million AT&T customer records reportedly up for sale on the dark web

Zero Day

JUNE 6, 2025

The data in question was posted on a Russian cybercrime forum on May 15 and then uploaded again on June 3, apparently garnering attention from other cybercriminals and potential buyers. But in this age of cybercrime, these numbers have become vulnerable.

Password Management

Password Management Passwords Artificial Intelligence Software

NailaoLocker ransomware targets EU healthcare-related entities

Security Affairs

FEBRUARY 20, 2025

The Orange Cyberdefense CERT investigated four attackers with a similar initial access vector consisting of thecompromise of a Check Point VPN appliance. The experts believe threat actors exploited the zero-dayCVE-2024-24919 in Check Point Security Gateways with Remote Access VPN or Mobile Access features.

Healthcare

Healthcare Ransomware VPN Malware

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Webroot

MARCH 3, 2025

March is a time for leprechauns and four-leaf clovers, and as luck would have it, its also a time to learn how to protect your private data from cybercrime. During this time, many government agencies and consumer protection organizations come together to help educate consumers on how to keep their personal and financial information secure.

Consumer Protection

Consumer Protection Identity Theft Scams Social Engineering

U.S. Offers $10M bounty for info on RedLine malware creator and state hackers

Security Affairs

JUNE 6, 2025

Update software : Keep your operating system, security software, and firewall up to date to patch vulnerabilities. Consider extra security layers : Use additional protection like a VPN for safer online activity. The following authorities participated in the Operation Magnus.

Malware

Malware Passwords Identity Theft Accountability

Threat actors are offering access to corporate networks via unauthorized Fortinet VPN access

Security Affairs

NOVEMBER 29, 2022

The sensitive system information, system configurations, and network details might be further distributed over the darkweb. The post Threat actors are offering access to corporate networks via unauthorized Fortinet VPN access appeared first on Security Affairs. Pierluigi Paganini. SecurityAffairs – hacking, Fortinet).

VPN

VPN Firewall Authentication Internet

Security Affairs newsletter Round 500 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 1, 2024

CISA adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog Thai police arrested Chinese hackers involved in SMS blaster attacks Zyxel firewalls targeted in recent ransomware attacks Malware campaign abused flawed Avast Anti-Rootkit driver Russia-linked APT TAG-110 uses targets Europe and Asia Russia-linked threat (..)

Cybercrime

Cybercrime Firewall Social Engineering Ransomware

Daixin Team group claimed the hack of North Texas Municipal Water District

Security Affairs

NOVEMBER 28, 2023

In October 2022, CISA, the FBI, and the Department of Health and Human Services (HHS) warned that the Daixin Team cybercrime group is actively targeting U.S. The Daixin Team group gains initial access to victims through virtual private network (VPN) servers. The threat actors obtained the VPN credentials through phishing attacks.

Hacking

Hacking VPN Ransomware Cybercrime

Malicious Minecraft mods distributed by the Stargazers DaaS target Minecraft gamers

Security Affairs

JUNE 19, 2025

It also downloads a third-stage.NET stealer that collects browser credentials, crypto wallets, VPN data, and more, sending everything to a Discord webhook. The first Java-based loader checks for virtual machines and analysis tools to avoid being analyzed, then downloads a second-stage Java stealer, which extracts Minecraft and Discord data.

Malware

Malware VPN Cyber threats Hacking

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

The Last Watchdog

OCTOBER 24, 2022

. • Create security awareness for employees. One of the most important ways to protect against data breaches is to increase employee security awareness. Employees are the first line of defense against cybercrime and should understand how to recognize phishing emails and what to do if they suspect them. Use a corporate VPN.

Security Awareness

Security Awareness Passwords Data breaches Cybersecurity

Microsoft issues targeted notification to hospitals vulnerable to Ransomware attacks

Security Affairs

APRIL 2, 2020

Microsoft is sending notifications to dozens of hospitals about vulnerable VPN devices and gateways exposed online in their network. Microsoft is warning dozens of hospitals of the risks of ransomware attacks due to insecure VPN devices and gateways exposed online. ” reads the post published by Microsoft.

Ransomware

Ransomware VPN Healthcare Cyber Attacks

Cloak ransomware group hacked the Virginia Attorney General’s Office

Security Affairs

MARCH 24, 2025

A cyberattack on the Virginia Attorney Generals Office forced officials to shut down IT systems, including email and VPN, and revert to paper filings. The breach was detected in February , leading to notifications to the FBI, Virginia State Police, and the Virginia Information Technologies Agency.

Ransomware

Ransomware Hacking Social Engineering Manufacturing

SuperBlack Ransomware operators exploit Fortinet Firewall flaws in recent attacks

Security Affairs

MARCH 14, 2025

“When the firewall had VPN capabilities, the threat actor created local VPN user accounts with names resembling legitimate accounts but with an added digit at the end. These newly created users were then added to the VPN user group, enabling future logins.” ” reads the report.

Firewall

Firewall Ransomware VPN Encryption

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 13, 2024

Akira ransomware targets Finnish organizations GitLab fixed a critical zero-click account hijacking flaw Juniper Networks fixed a critical RCE bug in its firewalls and switches Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467 Team Liquid’s wiki leak exposes (..)

VPN

VPN Cybercrime Ransomware Hacking

US authorities have indicted Black Kingdom ransomware admin

Security Affairs

MAY 4, 2025

Black Kingdom ransomware was first spotted in late February 2020 by security researcher GrujaRS , the ransomware encrypts files and appends the.DEMON extension to filenames of the encrypted documents.

Ransomware

Ransomware Encryption VPN Cryptocurrency

Australian man charged for Evil Twin Wi-Fi attacks on domestic flights

Security Affairs

JULY 2, 2024

“The man, 42, is expected to appear in Perth Magistrates Court today (28 June, 2024) to face nine charges for alleged cybercrime offences.” These harvested cfedentials could be used to access victims’ personal information and bank details. ” AFP Western Command Cybercrime Detective Inspector Andrea Coleman said.

Cybercrime

Cybercrime Wireless Banking VPN

Security Affairs newsletter Round 436 by Pierluigi Paganini – International edition

Security Affairs

SEPTEMBER 10, 2023

US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital North Korea-linked threat actors target cybersecurity experts with a zero-day Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks Nation-state actors (..)

DDOS

DDOS VPN Data breaches Cybercrime

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 18

Security Affairs

NOVEMBER 3, 2024

EIW — ESET Israel Wiper — used in active attacks targeting Israeli orgs Tenacious Pungsan: A DPRK threat actor linked to Contagious Interview Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives Cryptocurrency Enthusiasts Targeted in Multi-Vector Supply Chain Attack (..)

Malware

Malware VPN Cryptocurrency Mobile

Security Affairs newsletter Round 474 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JUNE 2, 2024

Ticketmaster confirms data breach impacting 560 million customers Critical Apache Log4j2 flaw still threatens global finance Crooks stole more than $300M worth of Bitcoin from the exchange DMM Bitcoin ShinyHunters is selling data of 30 million Santander customers Over 600,000 SOHO routers were destroyed by Chalubo malware in 72 hours LilacSquid APT (..)

Data breaches

Data breaches VPN Cloud Migration Cybercrime

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Security Affairs

JULY 11, 2020

A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen data on cybercrime black marketplaces. The data stolen by Nikulin were available on the cybercrime underground between 2015 and 2016, they were offered for sale by multiple traders.

Hacking

Hacking Cybercrime Data breaches Advertising

Iranian threat actors attempt to buy stolen data of US organizations, FBI warns

Security Affairs

NOVEMBER 11, 2021

The Federal Bureau of Investigation (FBI) issued a private industry notification (PIN) to warn private industry partners that Iran-linked threat actors are attempting to buy stolen information belonging to US businesses and organizations abroad. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

VPN

VPN Cybercrime Passwords Firewall

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766

Trending Sources

US DoJ charges five alleged members of the Scattered Spider cybercrime gang

The ‘Groove’ Ransomware Gang Was a Hoax

Bulletproof VPN services took down in a global police operation

15 billion credentials available in the cybercrime marketplaces

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Fox Kitten Campaign – Iranian hackers exploit 1-day VPN flaws in attacks

The newer cybercrime triad: TrickBot-Emotet-Conti

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

International law enforcement operation dismantled RedLine and Meta infostealers

FBI: Compromised US academic credentials available on various cybercrime forums

Cybercrime underground flooded with offers for initial access to shipping and logistics orgs

Veeam Backup & Replication exploit reused in new Frag ransomware attack

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

BunnyLoader, a new Malware-as-a-Service advertised in cybercrime forums

New ‘Karakurt’ cybercrime gang focuses on data theft and extortion

Who and What is Behind the Malware Proxy Service SocksEscort?

Security Affairs newsletter Round 496 by Pierluigi Paganini – INTERNATIONAL EDITION

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

The controversial case of the threat actor EncryptHub

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Security Affairs newsletter Round 499 by Pierluigi Paganini – INTERNATIONAL EDITION

Russian-based DoubleVPN seized by law enforcement

86 million AT&T customer records reportedly up for sale on the dark web

NailaoLocker ransomware targets EU healthcare-related entities

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

U.S. Offers $10M bounty for info on RedLine malware creator and state hackers

Threat actors are offering access to corporate networks via unauthorized Fortinet VPN access

Security Affairs newsletter Round 500 by Pierluigi Paganini – INTERNATIONAL EDITION

Daixin Team group claimed the hack of North Texas Municipal Water District

Malicious Minecraft mods distributed by the Stargazers DaaS target Minecraft gamers

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

Microsoft issues targeted notification to hospitals vulnerable to Ransomware attacks

Cloak ransomware group hacked the Virginia Attorney General’s Office

SuperBlack Ransomware operators exploit Fortinet Firewall flaws in recent attacks

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

US authorities have indicted Black Kingdom ransomware admin

Australian man charged for Evil Twin Wi-Fi attacks on domestic flights

Security Affairs newsletter Round 436 by Pierluigi Paganini – International edition

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 18

Security Affairs newsletter Round 474 by Pierluigi Paganini – INTERNATIONAL EDITION

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Iranian threat actors attempt to buy stolen data of US organizations, FBI warns

Stay Connected