2008 and Cybercrime - Cyber Security Informer

From Cybercrime Saul Goodman to the Russian GRU

Krebs on Security

FEBRUARY 7, 2024

In 2021, the exclusive Russian cybercrime forum Mazafaka was hacked. Launched in 2001 under the tagline “Network terrorism,” Mazafaka would evolve into one of the most guarded Russian-language cybercrime communities. ru at DomainTools.com reveals this address has been used to register at least 10 domain names since 2008.

Cybercrime

Cybercrime Accountability Identity Theft Hacking

Inside ‘Evil Corp,’ a $100M Cybercrime Menace

Krebs on Security

DECEMBER 16, 2019

Justice Department this month offered a $5 million bounty for information leading to the arrest and conviction of a Russian man indicted for allegedly orchestrating a vast, international cybercrime network that called itself “ Evil Corp ” and stole roughly $100 million from businesses and consumers. HITCHED TO A MULE.

Cybercrime

Cybercrime Banking Small Business Accountability

Canada Charges Its “Most Prolific Cybercriminal”

Krebs on Security

DECEMBER 8, 2021

According to cyber intelligence firm Intel 471 , that dark_cl0ud6@hotmail.com address has been used in conjunction with the handle “ DCReavers2 ” to register user accounts on a half-dozen English-language cybercrime forums since 2008, including Hackforums , Blackhatworld, and Ghostmarket.

Cybercrime

Cybercrime Ransomware Accountability Advertising

Bulletproof hosting founder imprisoned for helping cybercrime gangs

Bleeping Computer

DECEMBER 1, 2021

34-year-old Russian Aleksandr Grichishkin, the founder of a bulletproof hosting service, was sentenced to 60 months in prison for allowing cybercrime gangs to use the platform in attacks targeting US financial institutions between 2008 to 2015. [.].

Cybercrime

Russian authorities arrested the kingpin of cybercrime Infraud Organization

Security Affairs

JANUARY 24, 2022

’ In February 2008, the US authorities dismantled the global cybercrime organization tracked as Infraud Organization, which was involved in stealing and selling credit card and personal identity data. Its purported founder Andrey Novak is wanted in the US on the accusations of cybercrime. Pierluigi Paganini.

Cybercrime

Cybercrime Hacking Cryptocurrency Ransomware

FBI Arrests Alleged Owner of Deer.io, a Top Broker of Stolen Accounts

Krebs on Security

MARCH 10, 2020

According to historic WHOIS records maintained by DomainTools.com (an advertiser on this site), vpleer was originally registered in 2008 to someone using the email address hm@mail.ru. ru , a cybercrime forum in its own right that called itself “ The Antichat Mafia.” It also was used in 2007 to register xeka[.]ru

Accountability

Accountability Advertising Hacking Cybercrime

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

One of Megatraffer’s ads on an English-language cybercrime forum. Megatraffer has continued to offer their code-signing services across more than a half-dozen other Russian-language cybercrime forums, mostly in the form of sporadically available EV and non-EV code-signing certificates from major vendors like Thawte and Comodo.

Malware

Malware Cybercrime Software Accountability

REvil Ransom Arrest, $6M Seizure, and $10M Reward

Krebs on Security

NOVEMBER 8, 2021

” These last two nicknames correspond to accounts on several top cybercrime forums way back in 2013, where a user named “Yaroslav2468” registered using the email address yarik45@gmail.com. Prosecutors say Vasinskyi also used the monikers “ Yarik45 ,” and “ Yaroslav2468.” 3 was Lublin, Poland.

Ransomware

Ransomware Cybercrime System Administration Passwords

Man Who Mass-Extorted Psychotherapy Patients Gets Six Years

Krebs on Security

APRIL 30, 2024

Finnish prosecutors quickly zeroed in on a suspect: Julius “Zeekill” Kivimäki , a notorious criminal hacker convicted of committing tens of thousands of cybercrimes before he became an adult. After being charged with the attack in October 2022, Kivimäki fled the country.

DDOS

DDOS Cybercrime Hacking Passwords

Stark Industries Solutions: An Iron Hammer in the Cloud

Krebs on Security

MAY 23, 2024

These services can be used in a legitimate manner for several business purposes — such as price comparisons or sales intelligence — but they are also massively abused for hiding cybercrime activity because they can make it difficult to trace malicious traffic to its original source. ” DomainTools.com finds Ivan V.

DDOS

DDOS Internet Internet Government

Finland’s Most-Wanted Hacker Nabbed in France

Krebs on Security

FEBRUARY 5, 2023

A notorious hacker convicted of perpetrating tens of thousands of cybercrimes, Kivimäki had been in hiding since October 2022, when he failed to show up in court and Finland issued an international warrant for his arrest. Kivimäki was ultimately convicted of orchestrating more than 50,000 cybercrimes.

Cybercrime

Cybercrime DDOS Hacking Accountability

Mariposa Botnet Author, Darkcode Crime Forum Admin Arrested in Germany

Krebs on Security

OCTOBER 1, 2019

A Slovenian man convicted of authoring the destructive and once-prolific Mariposa botnet and running the infamous Darkode cybercrime forum has been arrested in Germany on request from prosecutors in the United States, who’ve recently re-indicted him on related charges. issued international arrest warrant for his extradition.

Cybercrime

Cybercrime Malware Antivirus Banking

BrandPost: Aligning security and business strategies

CSO Magazine

FEBRUARY 16, 2023

Looking at history, this does not bode well for levels of cybercrime. However, there is some evidence that macroeconomic conditions can impact cybercrime. In times of economic downturn, for example, cybercrime may increase as people turn to illegal activities to make money. To read this article in full, please click here

Identity Theft

Identity Theft Cybercrime Technology

PLAYFULGHOST backdoor supports multiple information stealing features

Security Affairs

JANUARY 5, 2025

The PLAYFULGHOST backdoor shares functionality with Gh0stRAT whose source code was publicly released in 2008. Google researchers analyzed a new malware family called PLAYFULGHOST that supports multiple features, including keylogging, screen and audio capture, remote shell, and file transfer/execution.

Malware

Malware Encryption Phishing Hacking

Who Is the Network Access Broker ‘Babam’?

Krebs on Security

DECEMBER 3, 2021

Since the beginning of 2020, Babam has set up numerous auctions on the Russian-language cybercrime forum Exploit , mainly selling virtual private networking (VPN) credentials stolen from various companies. back in 2008 (notice again the suspect “www” as part of the domain name). com and wwwpexpay[.]com.

Ransomware

Ransomware Passwords Accountability Cybercrime

The Link Between AWM Proxy & the Glupteba Botnet

Krebs on Security

JUNE 28, 2022

Launched in March 2008, AWM Proxy quickly became the largest service for crooks seeking to route their malicious Web traffic through compromised devices. com shows that in 2008 it displayed the personal information for a Dmitry Starovikov , who listed his Skype username as “lycefer.” ru , and the website web-site[.]ru

Passwords

Passwords Malware Internet Internet

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

JUNE 21, 2023

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. biz , a long-running crypting service that is trusted by some of the biggest names in cybercrime.

Malware

Malware Antivirus Cybercrime Hacking

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

In 2020, the United States brought charges against four men accused of building a bulletproof hosting empire that once dominated the Russian cybercrime industry and supported multiple organized cybercrime groups. From January 2005 to April 2013, there were two primary administrators of the cybercrime forum Spamdot (a.k.a

Cybercrime

Cybercrime Banking Computers and Electronics DDOS

Fake Lawsuit Threat Exposes Privnote Phishing Sites

Krebs on Security

APRIL 4, 2024

Launched in 2008, privnote.com employs technology that encrypts each message so that even Privnote itself cannot read its contents. In keeping with the overall theme, these phishing domains appear focused on stealing usernames and passwords to some of the cybercrime underground’s busiest shops, including Brian’s Club.

Phishing

Phishing Cryptocurrency DDOS Internet

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Proxy services can be used in a legitimate manner for several business purposes — such as price comparisons or sales intelligence — but they are massively abused for hiding cybercrime activity because they make it difficult to trace malicious traffic to its original source. SocksEscort began in 2009 as “ super-socks[.]com com , segate[.]org

Malware

Malware VPN Internet Internet

Police seized 50,000 Bitcoin from operator of the now-defunct piracy site movie2k

Security Affairs

JANUARY 31, 2024

It was operating between 2008 and 2013. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – cybercrime, Apple) According to German media , one of the two operators was also involved in the operations of the site mega-downloads.net.

Media

Media Cybercrime Advertising Information Security

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

Security Affairs

JANUARY 18, 2022

Europol this week announced the shutdown of VPNLab, a VPN service that is very popular in the cybercrime ecosystem. An international operation conducted by law enforcement bodies from 10 countries took down VPNLab.net, a VPN service provider that is very popular in the cybercrime ecosystem.

VPN

VPN Cybercrime Ransomware Advertising

FBI Dismantles Qakbot Botnet in Landmark Cyber Op

SecureWorld News

AUGUST 29, 2023

The significance of this achievement cannot be overstated, as Qakbot has been responsible for a myriad of cybercrimes, including ransomware attacks and financial fraud, causing massive losses to individuals and businesses for more than a decade. What is Qakbot and why was it shutdown?

Cybercrime

Cybercrime Malware Ransomware Manufacturing

Ragnar Locker Ransomware targets Greece Gas Company

CyberSecurity Insiders

AUGUST 23, 2022

Highlighting the achievements made by Microsoft’s Digital Crimes unit, which have been combating cybercrime since 2008, the Windows OS offering firm stated that its security teams have removed over 531,000 unique phishing URLs and about 5400 phishing kits between July 2021 to June 2022. .

Ransomware

Ransomware Phishing Architecture Cybercrime

Bulletproof Hosting Admins Admit Guilt

Heimadal Security

MAY 10, 2021

The small organization has been led by four East European nationals that pleaded guilty to conspiring to cyber-crime activities and “engage in a Racketeer Influenced Corrupt Organization (RICO) arising from their providing ‘bulletproof hosting’ services between 2008 and 2015”.

Malware

Malware Cybercrime Cybersecurity

GUEST ESSAY: Restore Us Institute (RUI) aims to protect Americans from online harms and crimes

The Last Watchdog

OCTOBER 3, 2022

The Internet’s co-designer, Vint Cerf, in a 2008 Guardian interview , explained how the Internet’s 1974, essential enabling Internet-protocol had a design flaw in not enabling packet authentication, security, or privacy at scale. Utopia meet reality. “It was actually an oversight.

Internet

Internet Internet Government Technology

Cyber Insurance: The Good, the Bad, and the Ugly

IT Security Guru

JUNE 28, 2022

As cybercrime infects every facet of our daily lives, and technological advancements do little to stop the spread, many security professionals are turning to traditional solutions for a very modern problem. At first glance, it seems odd that most businesses don’t insure against something as potentially devastating as cybercrime.

Cyber Insurance

Cyber Insurance Insurance Small Business Marketing

Unmasking the Cracks of Today’s Cyber Defence

Jane Frankland

OCTOBER 31, 2023

The Growing Gap in Cyber Defence In 2023, cybercrime continues to loom large, with media headlines underscoring the severity of the issue. You witnessed this during the 2008 recession when the FBI reported a 22.3% growth in cybercrime, and during the COVID-19 pandemic when it surged 300%.

CISO

CISO Threat Detection Cyber threats Cybercrime

Qakbot is back and targets the Hospitality industry

Security Affairs

DECEMBER 18, 2023

Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. In August, the FBI announced that the Qakbot botnet was dismantled as a result of an international law enforcement operation named Operation ‘Duck Hunt.’ Duck Hunt is one of the largest U.S.-led

Malware

Malware Phishing Ransomware Hacking

Qakbot operations continue to evolve to avoid detection

Security Affairs

JULY 13, 2022

Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. Experts warn that operators behind the Qakbot malware operation are improving their attack chain in an attempt to avoid detection. The malware spreads via malspam campaigns, it inserts replies in active email threads.

Malware

Malware Hacking Cybercrime Information Security

Black Basta ransomware operators leverage QBot for lateral movements

Security Affairs

JUNE 7, 2022

QBot, aka Qakbot and Pinkslipbot , has been active since 2008, it is used by threat actors for collecting browsing data and banking credentials and other financial information from the victims. Black Basta has been active since April 2022, like other ransomware operations, it implements a double-extortion attack model. .

Ransomware

Ransomware Backups Malware Firewall

Exposing a Portfolio of Pay Per Install Rogue and Fraudulent and Malicious Affiliate Network Domains – An OSINT Analysis

Security Boulevard

JANUARY 24, 2022

Sample portfolio of pay per install rogue fraudulent and malicious affiliate network domains known to have been in operation in 2008 include: vipsoftcash[.]com. Related pay per install rogue fraudulent and malicious domains known to have been used back in 2008 for various rogue fraudulent and malicious purposes include: drawn-cash[.]com.

Adware

Adware Software Accountability Cybercrime

QakBot threat actors are still operational after the August takedown

Security Affairs

OCTOBER 7, 2023

Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. In August, the FBI announced that the Qakbot botnet was dismantled as a result of an international law enforcement operation named Operation ‘Duck Hunt.’

Malware

Malware Ransomware Phishing Hacking

Freedom Hosting operator gets 27 years for hosting Dark Web child abuse sites

Malwarebytes

SEPTEMBER 20, 2021

By the end of it all, he stood accused of creating and operating servers from 2008 to 2013. Marques at this time was facing up to four charges , plus extradition to the US, which eventually happened in 2019. He pleaded guilty at the start of 2020, after a year-long investigation.

Malware

Malware Software Cybercrime

Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022

Security Affairs

DECEMBER 1, 2023

Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. In August, the FBI announced that the Qakbot botnet was dismantled as a result of an international law enforcement operation named Operation ‘Duck Hunt.’

Ransomware

Ransomware Malware Retail Insurance

Cybercriminals’ friend VPNLab.net shut down by law enforcement

Malwarebytes

JANUARY 19, 2022

VPNLab had been around since 2008 and had built its service around the OpenVPN technology, used strong encryption, and provided double VPN, with servers located in many different countries. “Our service is designed for a broad spectrum of clients who care about their personal security. The impact.

VPN

VPN Encryption Cybercrime Technology

Security Affairs newsletter Round 291

Security Affairs

NOVEMBER 29, 2020

A cyberattack crippled the IT infrastructure of the City of Saint John Hundreds of female sports stars and celebrities have their naked photos and videos leaked online Romanians arrested for running underground malware services Threat actor shared a list of 49,577 IPs vulnerable Fortinet VPNs Computer Security and Data Privacy, the perfect alliance (..)

Data breaches

Data breaches Social Engineering Ransomware Malware

New Kraken botnet is allowing operators to earn USD 3,000 every month

Security Affairs

FEBRUARY 17, 2022

Experts pointed out that despite having the same name, this botnet should not be confused with the Kraken botnet that was spotted in 2008. Kraken is a new Golang-based botnet discovered in late October 2021 by researchers from threat intelligence firm ZeroFox Intelligence.

VPN

VPN Cryptocurrency Hacking Cybercrime

News alert: NCA’s Data Privacy Week webinars highlight data protection for consumers, businesses

The Last Watchdog

JANUARY 23, 2024

Data Privacy Week builds on the success of Data Privacy Day which began in the United States and Canada in January 2008 as an extension of Data Protection Day in Europe. We advocate for the safe use of all technology and educate everyone on how best to protect ourselves, our families, and our organizations from cybercrime.

Data privacy

Data privacy Education Artificial Intelligence Government

CVE-2019-1132 Windows Zero-Day exploited by Buhtrap Group in government attack

Security Affairs

JULY 11, 2019

The second one, tracked as CVE-2019.0880, affects Windows 7 and Server 2008. The first vulnerability, tracked as CVE-2019-1132, affects the Win32k component and could be exploited to run arbitrary code in kernel mode. The issue resides in the way splwow64 (Thunking Spooler APIs) handles certain calls.

Government

Government Advertising Passwords Banking

FBI: Operation ‘Duck Hunt’ dismantled the Qakbot botnet

Security Affairs

AUGUST 30, 2023

’ Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. The FBI announced that the Qakbot botnet has been dismantled as a result of an international law enforcement operation named Operation ‘Duck Hunt.’

Malware

Malware Manufacturing Data breaches Cyber threats

A look at the 2020–2022 ATM/PoS malware landscape

SecureList

OCTOBER 6, 2022

Recovering from the 2020 slump, the number of attacks continued to grow steadily, and we expect cybercrime activity to increase further. Originally discovered by Visa, the RawPoS family has been in use at least since 2008. HydraPOS and AbaddonPOS proved to be the most active families.

Malware

Malware Banking Software Cybercrime

Avast released a free decryptor for the Windows version of the Akira ransomware

Security Affairs

JULY 1, 2023

Files are encrypted by Chacha 2008 ( D. . “During the run, the ransomware generates a symmetric encryption key using CryptGenRandom() , which is the random number generator implemented by Windows CryptoAPI. Bernstein’s implementation ).” ” reads the report published by Avast.

Ransomware

Ransomware Encryption Malware Hacking

New QBot campaign delivered hijacking business correspondence

Security Affairs

APRIL 17, 2023

QBot has been active since 2008, it is used by threat actors for collecting browsing data and banking credentials, and other financial information from the victims. Kaspersky researchers warn of a new QBot campaign leveraging hijacked business emails to deliver malware.

Malware

Malware Education Banking Media

From Cybercrime Saul Goodman to the Russian GRU

Inside ‘Evil Corp,’ a $100M Cybercrime Menace

Trending Sources

Canada Charges Its “Most Prolific Cybercriminal”

Bulletproof hosting founder imprisoned for helping cybercrime gangs

Russian authorities arrested the kingpin of cybercrime Infraud Organization

FBI Arrests Alleged Owner of Deer.io, a Top Broker of Stolen Accounts

Ask Fitis, the Bear: Real Crooks Sign Their Malware

REvil Ransom Arrest, $6M Seizure, and $10M Reward

Man Who Mass-Extorted Psychotherapy Patients Gets Six Years

Stark Industries Solutions: An Iron Hammer in the Cloud

Finland’s Most-Wanted Hacker Nabbed in France

Mariposa Botnet Author, Darkcode Crime Forum Admin Arrested in Germany

BrandPost: Aligning security and business strategies

PLAYFULGHOST backdoor supports multiple information stealing features

Who Is the Network Access Broker ‘Babam’?

The Link Between AWM Proxy & the Glupteba Botnet

Why Malware Crypting Services Deserve More Scrutiny

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Fake Lawsuit Threat Exposes Privnote Phishing Sites

Who and What is Behind the Malware Proxy Service SocksEscort?

Police seized 50,000 Bitcoin from operator of the now-defunct piracy site movie2k

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

FBI Dismantles Qakbot Botnet in Landmark Cyber Op

Ragnar Locker Ransomware targets Greece Gas Company

Bulletproof Hosting Admins Admit Guilt

GUEST ESSAY: Restore Us Institute (RUI) aims to protect Americans from online harms and crimes

Cyber Insurance: The Good, the Bad, and the Ugly

Unmasking the Cracks of Today’s Cyber Defence

Qakbot is back and targets the Hospitality industry

Qakbot operations continue to evolve to avoid detection

Black Basta ransomware operators leverage QBot for lateral movements

Exposing a Portfolio of Pay Per Install Rogue and Fraudulent and Malicious Affiliate Network Domains – An OSINT Analysis

QakBot threat actors are still operational after the August takedown

Freedom Hosting operator gets 27 years for hosting Dark Web child abuse sites

Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022

Cybercriminals’ friend VPNLab.net shut down by law enforcement

Security Affairs newsletter Round 291

New Kraken botnet is allowing operators to earn USD 3,000 every month

News alert: NCA’s Data Privacy Week webinars highlight data protection for consumers, businesses

CVE-2019-1132 Windows Zero-Day exploited by Buhtrap Group in government attack

FBI: Operation ‘Duck Hunt’ dismantled the Qakbot botnet

A look at the 2020–2022 ATM/PoS malware landscape

Avast released a free decryptor for the Windows version of the Akira ransomware

New QBot campaign delivered hijacking business correspondence

Stay Connected