Krebs on Security

JUNE 1, 2023

One of Megatraffer’s ads on an English-language cybercrime forum. Megatraffer has continued to offer their code-signing services across more than a half-dozen other Russian-language cybercrime forums, mostly in the form of sporadically available EV and non-EV code-signing certificates from major vendors like Thawte and Comodo.

Malware 301

Malware Cybercrime Software Accountability 301

Krebs on Security

MARCH 15, 2021

The biggest potential gold mine for de-anonymizing Maza members is the leak of user numbers for ICQ, an instant messaging service formerly owned by AOL that was widely used by cybercrime forum members up until around 2010. That’s about when AOL sold the platform in 2010 to Russian investor DST for $187.5

Passwords 344

Passwords Accountability Hacking Data breaches 344

Krebs on Security

JUNE 21, 2023

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. biz , a long-running crypting service that is trusted by some of the biggest names in cybercrime.

Malware 271

Malware Antivirus Cybercrime Hacking 271

Krebs on Security

JULY 8, 2019

“In one year, people who worked with us have earned over US $2 billion,” read the farewell post by the eponymous GandCrab identity on the cybercrime forum Exploit[.]in That email address and nickname had been used since 2009 to register multiple identities on more than a half dozen cybercrime forums. Vpn-service[.]us

Ransomware 277

Ransomware Accountability Cybercrime Passwords 277

Security Affairs

APRIL 19, 2019

Djevair Ametovski was sentenced to 90 months in prison for operating an international cybercrime marketplace named Codeshop. Macedonian national Djevair Ametovski (32) was sentenced to 90 months in prison by US DoJ authorities for operating an international cybercrime marketplace named Codeshop. Codeshop.su Pierluigi Paganini.

Cybercrime 107

Cybercrime Identity Theft Banking Advertising 107

Krebs on Security

FEBRUARY 9, 2023

Authorities in the United States and United Kingdom today levied financial sanctions against seven men accused of operating “ Trickbot ,” a cybercrime-as-a-service platform based in Russia that has enabled countless ransomware attacks and bank account takeovers since its debut in 2016. companies and government entities.

Hacking 235

Hacking Cybercrime Ransomware Government 235

Krebs on Security

MARCH 9, 2023

A Croatian national has been arrested for allegedly operating NetWire , a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. ” In 2010, someone using the email address dugidox@gmail.com registered the domain dugidox[.]com.

DNS 307

DNS Cybercrime Passwords Accountability 307

Krebs on Security

OCTOBER 1, 2019

A Slovenian man convicted of authoring the destructive and once-prolific Mariposa botnet and running the infamous Darkode cybercrime forum has been arrested in Germany on request from prosecutors in the United States, who’ve recently re-indicted him on related charges. issued international arrest warrant for his extradition.

Cybercrime 45

Cybercrime Malware Antivirus Banking 45

Krebs on Security

SEPTEMBER 24, 2022

A native of Omsk, Russia, Kloster came into focus after KrebsOnSecurity followed clues from the RSOCKS botnet master’s identity on the cybercrime forums to Kloster’s personal blog , which featured musings on the challenges of running a company that sells “security and anonymity services to customers around the world.”

Cybercrime 251

Cybercrime Data breaches Malware Ransomware 251

Krebs on Security

NOVEMBER 15, 2022

Wanted Ukrainian cybercrime suspect Vyacheslav “Tank” Penchukov (right) was arrested in Geneva, Switzerland. Ultimately, Penchukov’s political connections helped him evade prosecution by Ukrainian cybercrime investigators for many years. This was enough to positively identify Tank as Penchukov, Warner said.

Banking 324

Banking Small Business Accountability Malware 324

Krebs on Security

JUNE 29, 2023

A 2010 indictment out of New Jersey accuses Ieremenko and six others with siphoning nonpublic information from the U.S. ” FACCT says on its website that it is a “Russian developer of technologies for combating cybercrime,” and that it works with clients to fight targeted attacks, data leaks, fraud, phishing and brand abuse.

Cybersecurity 298

Cybersecurity Cybercrime Hacking Government 298

Krebs on Security

MAY 4, 2023

government this week put a $10 million bounty on the head of a Russian man who for the past 18 years operated Try2Check , one of the cybercrime underground’s most trusted services for checking the validity of stolen credit card data. According to cybersecurity firm Constella Intelligence , the address polkas@bk.ru

Marketing 292

Marketing Cybercrime Accountability Hacking 292

Krebs on Security

MAY 13, 2024

This post examines the activities of Khoroshev’s many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years. was used by a Russian-speaking member called Pin on the English-language cybercrime forum Opensc. Dmitry Yuryevich Khoroshev.

Ransomware 296

Ransomware Cybercrime Accountability Malware 296

Krebs on Security

JANUARY 8, 2024

In 2020, the United States brought charges against four men accused of building a bulletproof hosting empire that once dominated the Russian cybercrime industry and supported multiple organized cybercrime groups. From January 2005 to April 2013, there were two primary administrators of the cybercrime forum Spamdot (a.k.a

Cybercrime 261

Cybercrime Banking Computers and Electronics DDOS 261

Krebs on Security

DECEMBER 3, 2021

Since the beginning of 2020, Babam has set up numerous auctions on the Russian-language cybercrime forum Exploit , mainly selling virtual private networking (VPN) credentials stolen from various companies. Babam has authored more than 270 posts since joining Exploit in 2015, including dozens of sales threads. com and wwwpexpay[.]com.

Ransomware 346

Ransomware Passwords Accountability Cybercrime 346

Krebs on Security

JUNE 22, 2022

.” The DOJ’s statement doesn’t mention that RSOCKS has been in operation since 2014, when access to the web store for the botnet was first advertised on multiple Russian-language cybercrime forums. Even today, the RUSdot Mailer is advertised for sale at the top of the RUSdot community forum.

Advertising 317

Advertising Cybercrime System Administration Hacking 317

Krebs on Security

SEPTEMBER 26, 2024

The United States today unveiled sanctions and indictments against the alleged proprietor of Joker’s Stash , a now-defunct cybercrime store that peddled tens of millions of payment cards stolen in some of the largest data breaches of the past decade. The answer involved Bitcoin, but also Taleon’s new service.

Cryptocurrency 292

Cryptocurrency Cybercrime Retail Government 292

Krebs on Security

APRIL 18, 2023

” MRMURZA Faceless is a project from MrMurza , a particularly talkative member of more than a dozen Russian-language cybercrime forums over the past decade. MrMurza’s Faceless advertised on the Russian-language cybercrime forum ProCrd. Image: Darkbeast/Ke-la.com. In 2013, U.S.

Malware 292

Malware Passwords Accountability Advertising 292

Security Affairs

DECEMBER 22, 2020

VPN bulletproof services are widely adopted by cybercrime organizations to carry out malicious activities, including ransomware and malware attacks, e-skimming breaches, spear-phishing campaigns, and account takeovers. ” The three services were advertised on both Russian and English-speaking cybercrime forums. day to $190/year.

VPN 138

VPN Cybercrime Advertising Ransomware 138

Krebs on Security

AUGUST 26, 2020

For several years beginning around 2010, a lone teenager in Vietnam named Hieu Minh Ngo ran one of the Internet’s most profitable and popular services for selling “ fullz ,” stolen identity records that included a consumer’s name, date of birth, Social Security number and email and physical address.

Identity Theft 355

Identity Theft Computers and Electronics Hacking Accountability 355

Security Affairs

APRIL 8, 2021

A threat actor has sold almost 900,000 gift cards and over 300,000 payment cards on a cybercrime forum on the dark web. ” The investigation of the cybercriminal actor selling the gift cards and payment cards revealed that he is a prolific Russian-speaking hacker who was engaged in similar activities since 2010.

Cybercrime 143

Cybercrime Hacking Banking Information Security 143

Security Affairs

AUGUST 1, 2020

Chiochiu was a member of the Infraud global cybercrime organization involved in stealing and selling credit card and personal identity data. The group is active since 2010, when it created in Ukraine by Svyatoslav Bondarenko. The main website was a crime forum that was founded in 2010, it first operated at infraud.cc

Malware 113

Malware Advertising Cybercrime Hacking 113

Security Affairs

NOVEMBER 26, 2019

Security firms have monitored the activities of a dozen groups at least since 2010. The Magecart group used a generic phishing technique to gather and sell full sets of an individual’s personally identifying information along with financial data (identified with the slang term fullz in the cybercrime underground).

Phishing 133

Phishing Cybercrime Advertising Software 133

Security Affairs

SEPTEMBER 26, 2023

. “The personal health information that was copied was collected from a large network of mostly Ontario health care facilities and providers regarding fertility, pregnancy, newborn and child health care offered between January 2010 and May 2023.”

Data breaches 130

Data breaches Healthcare Ransomware Hacking 130

Security Affairs

OCTOBER 31, 2018

The campaign was carried out at least from January 2010 to May 2015. According to the indictment, the hackers hired by the Chinese intelligence were also involved in cybercriminal activities, a circumstance that highlights the thin line between nation-state hacking and cybercrime.

Hacking 110

Hacking Manufacturing Engineering Cybercrime 110

Security Affairs

DECEMBER 10, 2021

In 2010, Volvo Cars became a subsidiary of the Chinese manufacturer Geely Holding Group, which confirmed that it “has become aware that one of its file repositories has been illegally accessed by a third party.” Swedish automotive manufacturer Volvo Cars revealed that threat actors have stolen R&D data from its systems.

Data breaches 139

Data breaches Ransomware Manufacturing Hacking 139

Security Boulevard

MAY 5, 2021

According to the Message Anti-Abuse Working Group , about 88–92% of total email messages in 2010 are spam. However, they are vulnerable to cybercrimes themselves and have already experienced previous attacks. Some of them use spam which is in the form of unsolicited and inappropriate messages.

Data privacy 140

Data privacy Cyber Attacks Digital transformation Artificial Intelligence 140

Security Affairs

OCTOBER 8, 2019

Researchers from MalwareBytes and HYAS Threat Intelligence linked one of the hacking groups under the Magecart umbrella to the notorious Cobalt cybercrime Group. Security firms have monitored the activities of a dozen groups at least since 2010.

Cybercrime 106

Cybercrime Banking Advertising Accountability 106

Security Affairs

APRIL 29, 2020

When Keys left Tribune Company-owned Sacramento KTXL Fox 40 in 2010, he shared login credentials of the CMS used by the website with members of Anonymous. Keys was accused of providing Anonymous login credentials that allowed the group to deface access and deface the website of the Los Angeles Times in 2013.

Hacking 129

Hacking Advertising Accountability Media 129

Security Affairs

OCTOBER 22, 2019

Security experts linked the Magecart group 5 to the infamous Dridex banking Trojan and the Carbanak cybercrime group. Security firms have monitored the activities of a dozen groups at least since 2010. . SecurityAffairs – Magecart Group 5, cybercrime ). Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Cybercrime 74

Cybercrime Phishing Advertising Banking 74

Security Affairs

FEBRUARY 9, 2023

“Today, the United States, in coordination with the United Kingdom, is designating seven individuals who are part of the Russia-based cybercrime gang Trickbot.” The operation aimed at disrupting Russian cybercrime and ransomware. ” reads the press release published by the US Treasury. and allies and partners.

Banking 98

Banking Ransomware Cybercrime Malware 98

Security Affairs

OCTOBER 5, 2019

Cybercrime gangs under the Magecart umbrella continue to compromise e-commerce platforms to steal payment card data from users worldwide. Security firms have monitored the activities of a dozen groups at least since 2010.

Advertising 98

Advertising Software Hacking Cybercrime 98

Krebs on Security

JULY 28, 2022

According to the cyber intelligence company Intel 471 , a user named Acidut with the email address iulyan87_4u@gmail.com had an active presence on almost a dozen shadowy money-making and cybercrime forums from 2010 to 2017, including BlackHatWorld , Carder[.]pro pro , Hackforums , OpenSC , and CPAElites.

Advertising 269

Advertising Software Computers and Electronics Internet 269

Security Affairs

AUGUST 6, 2023

The company added that the incident may have impacted those that attended a public institution of higher education in Colorado between 2007-2020, attended a Colorado public high school between 2004-2020, individuals with a Colorado K-12 public school educator license between 2010-2014, participated in the Dependent Tuition Assistance Program from 2009-2013, (..)

Education 98

Education Data breaches Ransomware Hacking 98

Security Affairs

JANUARY 20, 2019

Zhukov, aka Nastra, was arrested in Bulgaria, where he had lived since 2010, in November. The experts discovered that crooks used over 60,000 accounts selling ad inventory generating a record of 3 to 12 billion of daily ad bid requests. ” reported the AFP. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Advertising 108

Advertising Architecture Malware Hacking 108

Malwarebytes

DECEMBER 7, 2021

The group’s activities have been traced back to 2010 when it performed a cyberespionage campaign directed at diplomatic organizations and missions in Europe. Others in the security community who have researched this group of actors refer to the group by other names, including KE3CHANG, APT15, Vixen Panda, Royal APT, and Playful Dragon.

Hacking 121

Hacking Malware Surveillance Data collection 121

SC Magazine

MARCH 3, 2021

Malaysia Airlines faces the daunting task of investigating over nine years’ worth of compromised data after learning of a “data security incident” at a third-party IT service provider that exposed Enrich frequent flyer program member data from March 2010 through June 2019. Airline loyalty program data is a popular target among cybercriminals.

Scams 117

Scams Media Risk Phishing 117