2008, Cybercrime and Hacking - Cyber Security Informer

From Cybercrime Saul Goodman to the Russian GRU

Krebs on Security

FEBRUARY 7, 2024

In 2021, the exclusive Russian cybercrime forum Mazafaka was hacked. Launched in 2001 under the tagline “Network terrorism,” Mazafaka would evolve into one of the most guarded Russian-language cybercrime communities. Some of those photos date back to 2008. One representation of the leaked Mazafaka database.

Cybercrime

Cybercrime Accountability Identity Theft Hacking

Inside ‘Evil Corp,’ a $100M Cybercrime Menace

Krebs on Security

DECEMBER 16, 2019

Justice Department this month offered a $5 million bounty for information leading to the arrest and conviction of a Russian man indicted for allegedly orchestrating a vast, international cybercrime network that called itself “ Evil Corp ” and stole roughly $100 million from businesses and consumers. LOW FRIENDS IN HIGH PLACES.

Cybercrime

Cybercrime Banking Small Business Accountability

FBI Arrests Alleged Owner of Deer.io, a Top Broker of Stolen Accounts

Krebs on Security

MARCH 10, 2020

District Court for the Southern District of California allege Firsov was the administrator of deer.io, an online platform that hosted more than 24,000 shops for selling stolen and/or hacked usernames and passwords for a variety of top online destinations. ru , a cybercrime forum in its own right that called itself “ The Antichat Mafia.”

Accountability

Accountability Advertising Hacking Cybercrime

Man Who Mass-Extorted Psychotherapy Patients Gets Six Years

Krebs on Security

APRIL 30, 2024

A 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leaking tens of thousands of patient therapy records, and attempting to extort the clinic and patients. After being charged with the attack in October 2022, Kivimäki fled the country.

DDOS

DDOS Cybercrime Hacking Passwords

Canada Charges Its “Most Prolific Cybercriminal”

Krebs on Security

DECEMBER 8, 2021

According to cyber intelligence firm Intel 471 , that dark_cl0ud6@hotmail.com address has been used in conjunction with the handle “ DCReavers2 ” to register user accounts on a half-dozen English-language cybercrime forums since 2008, including Hackforums , Blackhatworld, and Ghostmarket.

Cybercrime

Cybercrime Ransomware Accountability Advertising

REvil Ransom Arrest, $6M Seizure, and $10M Reward

Krebs on Security

NOVEMBER 8, 2021

” These last two nicknames correspond to accounts on several top cybercrime forums way back in 2013, where a user named “Yaroslav2468” registered using the email address yarik45@gmail.com. Prosecutors say Vasinskyi also used the monikers “ Yarik45 ,” and “ Yaroslav2468.” 3 was Lublin, Poland.

Ransomware

Ransomware Cybercrime System Administration Passwords

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

One of Megatraffer’s ads on an English-language cybercrime forum. Megatraffer has continued to offer their code-signing services across more than a half-dozen other Russian-language cybercrime forums, mostly in the form of sporadically available EV and non-EV code-signing certificates from major vendors like Thawte and Comodo.

Malware

Malware Cybercrime Software Accountability

Russian authorities arrested the kingpin of cybercrime Infraud Organization

Security Affairs

JANUARY 24, 2022

’ In February 2008, the US authorities dismantled the global cybercrime organization tracked as Infraud Organization, which was involved in stealing and selling credit card and personal identity data. Russia’s FSB and law enforcement have detained four members of the Infraud Organization hacking group. Pierluigi Paganini.

Cybercrime

Cybercrime Hacking Cryptocurrency Ransomware

Finland’s Most-Wanted Hacker Nabbed in France

Krebs on Security

FEBRUARY 5, 2023

A notorious hacker convicted of perpetrating tens of thousands of cybercrimes, Kivimäki had been in hiding since October 2022, when he failed to show up in court and Finland issued an international warrant for his arrest. Kivimäki was ultimately convicted of orchestrating more than 50,000 cybercrimes.

Cybercrime

Cybercrime DDOS Hacking Accountability

PLAYFULGHOST backdoor supports multiple information stealing features

Security Affairs

JANUARY 5, 2025

The PLAYFULGHOST backdoor shares functionality with Gh0stRAT whose source code was publicly released in 2008. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,malware)

Malware

Malware Encryption Phishing Hacking

Stark Industries Solutions: An Iron Hammer in the Cloud

Krebs on Security

MAY 23, 2024

At least a dozen patriotic Russian hacking groups have been launching DDoS attacks since the start of the war at a variety of targets seen as opposed to Moscow. He also co-runs SURBL , an anti-abuse service that flags domains and Internet address ranges that are strongly associated with spam and cybercrime activity, including DDoS.

DDOS

DDOS Internet Internet Government

The Link Between AWM Proxy & the Glupteba Botnet

Krebs on Security

JUNE 28, 2022

That same day, AWM Proxy — a 14-year-old anonymity service that rents hacked PCs to cybercriminals — suddenly went offline. Launched in March 2008, AWM Proxy quickly became the largest service for crooks seeking to route their malicious Web traffic through compromised devices. ru , and the website web-site[.]ru

Passwords

Passwords Malware Internet Internet

Mariposa Botnet Author, Darkcode Crime Forum Admin Arrested in Germany

Krebs on Security

OCTOBER 1, 2019

A Slovenian man convicted of authoring the destructive and once-prolific Mariposa botnet and running the infamous Darkode cybercrime forum has been arrested in Germany on request from prosecutors in the United States, who’ve recently re-indicted him on related charges. issued international arrest warrant for his extradition.

Cybercrime

Cybercrime Malware Antivirus Banking

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

JUNE 21, 2023

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. biz , a long-running crypting service that is trusted by some of the biggest names in cybercrime.

Malware

Malware Antivirus Cybercrime Hacking

Who Is the Network Access Broker ‘Babam’?

Krebs on Security

DECEMBER 3, 2021

Since the beginning of 2020, Babam has set up numerous auctions on the Russian-language cybercrime forum Exploit , mainly selling virtual private networking (VPN) credentials stolen from various companies. Verified was hacked at least twice in the past five years, and its user database posted online. com and wwwpexpay[.]com.

Ransomware

Ransomware Passwords Accountability Cybercrime

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. Image: Lumen’s Black Lotus Labs. Usually, these users have no idea their systems are compromised.

Malware

Malware VPN Internet Internet

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

In 2020, the United States brought charges against four men accused of building a bulletproof hosting empire that once dominated the Russian cybercrime industry and supported multiple organized cybercrime groups. From January 2005 to April 2013, there were two primary administrators of the cybercrime forum Spamdot (a.k.a

Cybercrime

Cybercrime Banking Computers and Electronics DDOS

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

Security Affairs

JANUARY 18, 2022

Europol this week announced the shutdown of VPNLab, a VPN service that is very popular in the cybercrime ecosystem. An international operation conducted by law enforcement bodies from 10 countries took down VPNLab.net, a VPN service provider that is very popular in the cybercrime ecosystem. SecurityAffairs – hacking, VPNLab).

VPN

VPN Cybercrime Ransomware Advertising

Police seized 50,000 Bitcoin from operator of the now-defunct piracy site movie2k

Security Affairs

JANUARY 31, 2024

It was operating between 2008 and 2013. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – cybercrime, Apple) According to German media , one of the two operators was also involved in the operations of the site mega-downloads.net.

Media

Media Cybercrime Advertising Information Security

GUEST ESSAY: Restore Us Institute (RUI) aims to protect Americans from online harms and crimes

The Last Watchdog

OCTOBER 3, 2022

The Internet’s co-designer, Vint Cerf, in a 2008 Guardian interview , explained how the Internet’s 1974, essential enabling Internet-protocol had a design flaw in not enabling packet authentication, security, or privacy at scale. Utopia meet reality. “It was actually an oversight.

Internet

Internet Internet Government Technology

Qakbot is back and targets the Hospitality industry

Security Affairs

DECEMBER 18, 2023

Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, malware) The malware spreads via malspam campaigns, it inserts replies in active email threads.

Malware

Malware Phishing Ransomware Hacking

Black Basta ransomware operators leverage QBot for lateral movements

Security Affairs

JUNE 7, 2022

QBot, aka Qakbot and Pinkslipbot , has been active since 2008, it is used by threat actors for collecting browsing data and banking credentials and other financial information from the victims. SecurityAffairs – hacking, Black Basta ransomware). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Ransomware

Ransomware Backups Malware Firewall

Qakbot operations continue to evolve to avoid detection

Security Affairs

JULY 13, 2022

Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. SecurityAffairs – hacking, malware). Experts warn that operators behind the Qakbot malware operation are improving their attack chain in an attempt to avoid detection. Follow me on Twitter: @securityaffairs and Facebook.

Malware

Malware Hacking Cybercrime Information Security

QakBot threat actors are still operational after the August takedown

Security Affairs

OCTOBER 7, 2023

Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. In August, the FBI announced that the Qakbot botnet was dismantled as a result of an international law enforcement operation named Operation ‘Duck Hunt.’

Malware

Malware Ransomware Phishing Hacking

Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022

Security Affairs

DECEMBER 1, 2023

Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, ransomware) The malware spreads via malspam campaigns, it inserts replies in active email threads.

Ransomware

Ransomware Malware Retail Insurance

Security Affairs newsletter Round 291

Security Affairs

NOVEMBER 29, 2020

SecurityAffairs – hacking, newsletter). Pierluigi Paganini. The post Security Affairs newsletter Round 291 appeared first on Security Affairs.

Data breaches

Data breaches Social Engineering Ransomware Malware

Avast released a free decryptor for the Windows version of the Akira ransomware

Security Affairs

JULY 1, 2023

Files are encrypted by Chacha 2008 ( D. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Akira ransomware ) The post Avast released a free decryptor for the Windows version of the Akira ransomware appeared first on Security Affairs. Bernstein’s implementation ).”

Ransomware

Ransomware Encryption Malware Hacking

New Kraken botnet is allowing operators to earn USD 3,000 every month

Security Affairs

FEBRUARY 17, 2022

Experts pointed out that despite having the same name, this botnet should not be confused with the Kraken botnet that was spotted in 2008. SecurityAffairs – hacking, Kraken botnet). Kraken is a new Golang-based botnet discovered in late October 2021 by researchers from threat intelligence firm ZeroFox Intelligence. Pierluigi Paganini.

VPN

VPN Cryptocurrency Hacking Cybercrime

FBI: Operation ‘Duck Hunt’ dismantled the Qakbot botnet

Security Affairs

AUGUST 30, 2023

’ Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. The FBI announced that the Qakbot botnet has been dismantled as a result of an international law enforcement operation named Operation ‘Duck Hunt.’

Malware

Malware Manufacturing Data breaches Cyber threats

New QBot campaign delivered hijacking business correspondence

Security Affairs

APRIL 17, 2023

QBot has been active since 2008, it is used by threat actors for collecting browsing data and banking credentials, and other financial information from the victims. Kaspersky researchers warn of a new QBot campaign leveraging hijacked business emails to deliver malware.

Malware

Malware Education Banking Media

A look at the 2020–2022 ATM/PoS malware landscape

SecureList

OCTOBER 6, 2022

Recovering from the 2020 slump, the number of attacks continued to grow steadily, and we expect cybercrime activity to increase further. This country maintains a relatively outdated fleet of ATMs, making it a “piece of cake” for perpetrators to hack and a consistent target throughout the period in question.

Malware

Malware Banking Software Cybercrime

CVE-2019-1132 Windows Zero-Day exploited by Buhtrap Group in government attack

Security Affairs

JULY 11, 2019

The second one, tracked as CVE-2019.0880, affects Windows 7 and Server 2008. The first vulnerability, tracked as CVE-2019-1132, affects the Win32k component and could be exploited to run arbitrary code in kernel mode. The issue resides in the way splwow64 (Thunking Spooler APIs) handles certain calls.

Government

Government Advertising Passwords Banking

Global Cyber Threats Persistent as Bad Actor Motivations Evolve

SecureWorld News

JULY 14, 2022

The reasons for hacking have certainly shifted over time. We collected the most data ever from 87 organizations that were victims of cyberattacks, and between the original report in 2008 and this year, the biggest shift we' ve seen is the growing importance of end-users whom bad actors prey on for system access.

Cyber threats

Cyber threats Ransomware Phishing Accountability

Why Do I Need Website Security?

SiteLock

AUGUST 27, 2021

Cybercrime is a big business and cybercriminals are actively looking to cash in, no matter the website’s size or purpose. SiteLock was founded in 2008 with one mission: to protect every website on the internet. Q: I’ve never been hacked/I haven’t been hacked in years. No website is too small or too unknown to be hacked.

Malware

Malware Backups Engineering Small Business

Growing Cyber Threats to the Energy and Industrial Sectors

NopSec

DECEMBER 7, 2016

SCADA Access As A Service (SAaaS) Cybercrime is a business. It gives the example of Hacking Team, based in Italy, and Vupen Security, based in France. Ransomware can be spread through campaigns that target specific individuals or companies. More often, though, it is spread indiscriminately via spam networks.

Cyber threats

Cyber threats Ransomware Cyber Attacks Government

Who is the Network Access Broker ‘Wazawaka?’

Krebs on Security

JANUARY 11, 2022

This post examines some of the clues left behind by “ Wazawaka ,” the hacker handle chosen by a major access broker in the Russian-speaking cybercrime scene. Wazawaka has been a highly active member of multiple cybercrime forums over the past decade, but his favorite is the Russian-language community Exploit.

DDOS

DDOS Accountability Cybercrime Ransomware

SEO Expert Hired and Fired By Ashley Madison Turned on Company, Promising Revenge

Krebs on Security

JULY 13, 2023

[This is Part II of a story published here last week on reporting that went into a new Hulu documentary series on the 2015 Ashley Madison hack.] on Sunday, July 19, when I received a message through the contact form on KrebsOnSecurity.com that the marital infidelity website AshleyMadison.com had been hacked. It was around 9 p.m.

Hacking

Hacking Accountability Engineering Media

At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates

Krebs on Security

JANUARY 14, 2022

million), 500,000 euros, and 20 “premium cars” purchased with funds obtained from cybercrime. Just months later, a multi-country law enforcement operation allowed investigators to hack into the REvil gang’s operations and force the group offline. “Be afraid and expect the worst,” the message warned.

Ransomware

Ransomware Government Media Cybercrime

The Hacker Mind Podcast: The Fog of Cyber War

ForAllSecure

JULY 6, 2022

Mikko Hypponen joins The Hacker Mind to discuss cybercrime unicorns, the fog of cyber war that surrounds the Ukrainian war with its much larger neighbor, and of course Mikko’s new book, If it’s Smart, it’s Vulnerable. It’s about challenging our expectations about the people who hack for a living.

Cybercrime

Cybercrime Government Ransomware Hacking

Cyber CEO: The History Of Cybercrime, From 1834 To Present

Herjavec Group

AUGUST 26, 2021

We can learn a lot from the cybercrime of the past…the history of cybercrime is a glimpse into what we can expect in the future. In the past 18 months, we’ve experienced the beginning of an era that has seen cybersecurity and cybercrime at the center of it all. Dateline Cybercrime . Robert Herjavec.

Cybercrime

Cybercrime Computers and Electronics Banking Hacking

History of Computer Hacking and Cybersecurity Threats: From the 50s to Today

ForAllSecure

APRIL 21, 2023

Hacking has gone through several eras over the years, each with its own unique characteristics and motivations. Understanding the history of computer hacking is important for understanding its impact on technology and society, the current state of cybersecurity, and for developing effective strategies for protecting against cyber threats.

Hacking

Hacking Cybersecurity Internet Internet

Why Were the Russians So Set Against This Hacker Being Extradited?

Krebs on Security

NOVEMBER 18, 2019

When Israeli authorities turned down requests to send him back to Russia — supposedly to face separate hacking charges there — the Russians then imprisoned an Israeli woman for seven years on trumped-up drug charges in a bid to trade prisoners. A screen shot from the Mazafaka cybercrime forum, circa 2011. court last week.

Cybercrime

Cybercrime Government Hacking Banking

New Cyberthreats for 2021

Adam Levin

DECEMBER 7, 2020

While it is crucial to protect against more well-established hacking techniques, to invest in security training, and to follow good data hygiene, it is also necessary to look ahead to possible forms of cyberattack from newer and still developing vectors. AI and Machine Learning Hacking. It is harder to dupe informed people.

IoT

IoT Artificial Intelligence Technology Scams

From Cybercrime Saul Goodman to the Russian GRU

Inside ‘Evil Corp,’ a $100M Cybercrime Menace

Trending Sources

FBI Arrests Alleged Owner of Deer.io, a Top Broker of Stolen Accounts

Man Who Mass-Extorted Psychotherapy Patients Gets Six Years

Canada Charges Its “Most Prolific Cybercriminal”

REvil Ransom Arrest, $6M Seizure, and $10M Reward

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Russian authorities arrested the kingpin of cybercrime Infraud Organization

Finland’s Most-Wanted Hacker Nabbed in France

PLAYFULGHOST backdoor supports multiple information stealing features

Stark Industries Solutions: An Iron Hammer in the Cloud

The Link Between AWM Proxy & the Glupteba Botnet

Mariposa Botnet Author, Darkcode Crime Forum Admin Arrested in Germany

Why Malware Crypting Services Deserve More Scrutiny

Who Is the Network Access Broker ‘Babam’?

Who and What is Behind the Malware Proxy Service SocksEscort?

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

Police seized 50,000 Bitcoin from operator of the now-defunct piracy site movie2k

GUEST ESSAY: Restore Us Institute (RUI) aims to protect Americans from online harms and crimes

Qakbot is back and targets the Hospitality industry

Black Basta ransomware operators leverage QBot for lateral movements

Qakbot operations continue to evolve to avoid detection

QakBot threat actors are still operational after the August takedown

Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022

Security Affairs newsletter Round 291

Avast released a free decryptor for the Windows version of the Akira ransomware

New Kraken botnet is allowing operators to earn USD 3,000 every month

FBI: Operation ‘Duck Hunt’ dismantled the Qakbot botnet

New QBot campaign delivered hijacking business correspondence

A look at the 2020–2022 ATM/PoS malware landscape

CVE-2019-1132 Windows Zero-Day exploited by Buhtrap Group in government attack

Global Cyber Threats Persistent as Bad Actor Motivations Evolve

Why Do I Need Website Security?

Growing Cyber Threats to the Energy and Industrial Sectors

Who is the Network Access Broker ‘Wazawaka?’

SEO Expert Hired and Fired By Ashley Madison Turned on Company, Promising Revenge

At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates

The Hacker Mind Podcast: The Fog of Cyber War

Cyber CEO: The History Of Cybercrime, From 1834 To Present

History of Computer Hacking and Cybersecurity Threats: From the 50s to Today

Why Were the Russians So Set Against This Hacker Being Extradited?

New Cyberthreats for 2021

Stay Connected