2016, Cybercrime and Information Security

ExCobalt Cybercrime group targets Russian organizations in multiple sectors

Security Affairs

JUNE 24, 2024

The cybercrime group ExCobalt targeted Russian organizations in multiple sectors with a previously unknown backdoor known as GoRed. Positive Technologies researchers reported that a cybercrime gang called ExCobalt targeted Russian organizations in multiple sectors with a previously unknown Golang-based backdoor known as GoRed.

Cybercrime

Cybercrime Telecommunications DNS Technology

DoJ charged 19 individuals in a transnational cybercrime investigation xDedic Marketplace

Security Affairs

JANUARY 8, 2024

19 individuals worldwide were charged in a transnational cybercrime investigation of the now defunct xDedic marketplace. The black marketplace has been active since 2014, it was first analyzed by experts at Kaspersky Lab in 2016. At the time, the domain (xdedic[.]biz) The website quickly reappeared in the Tor network.

Cybercrime

Cybercrime Identity Theft Government Hacking

Personal health information of 42M Americans leaked between 2016 and 2021

Security Affairs

DECEMBER 31, 2022

Crooks have had access to the medical records of 42 million Americans since 2016 as the number of hacks on healthcare organizations doubled. Medical records of 42 million Americans are being sold on the dark web since 2016, this information comes from cyberattacks on healthcare providers. million in 2016 to close to 16.5

Healthcare

Healthcare Ransomware Backups Hacking

Married couple pleaded guilty to laundering billions in cryptocurrency stolen from Bitfinex in 2016

Security Affairs

AUGUST 4, 2023

A married couple from New York pleaded guilty this week to laundering billions of dollars stolen from Bitfinex in 2016. The couple pleaded guilty to money laundering charges in connection with the hack of the cryptocurrency stock exchange Bitfinex that took place in 2016. Law enforcement also seized over $3.6

Cryptocurrency

Cryptocurrency Hacking Accountability Banking

TrickGate, a packer used by malware to evade detection since 2016

Security Affairs

JANUARY 31, 2023

TrickGate is a shellcode-based packer offered as a service, which is used at least since July 2016, to hide malware from defense programs. TrickGate is a shellcode-based packer offered as a service to malware authors to avoid detection, CheckPoint researchers reported.

Malware

Malware Antivirus Manufacturing Healthcare

US seizes $3.6 billion worth of cryptocurrency stolen in 2016 Bitfinex hack

Security Affairs

FEBRUARY 8, 2022

billion worth of cryptocurrency linked to the 2016 Bitfinex cryptocurrency exchange hack. Billion in stolen cryptocurrency stolen during the 2016 hack of Bitfinex. billion worth of cryptocurrency stolen in 2016 Bitfinex hack appeared first on Security Affairs. The law enforcement seized $3.6 Pierluigi Paganini.

Cryptocurrency

Cryptocurrency Hacking Accountability Marketing

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs

OCTOBER 15, 2019

Chinese-speaking cybercrime gang Rocke that carried out several large-scale cryptomining campaigns, has now using news tactics to evade detection. Chinese-speaking cybercrime gang Rocke, that carried out several large-scale cryptomining campaigns in past , has now using news tactics to evade detection. Pierluigi Paganini.

Cybercrime

Cybercrime DNS Malware Advertising

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

.” The DOJ’s statement doesn’t mention that RSOCKS has been in operation since 2014, when access to the web store for the botnet was first advertised on multiple Russian-language cybercrime forums. ” In 2016, Deniskloster.com featured a post celebrating three years in operation. ” the post enthuses.

Advertising

Advertising Cybercrime System Administration Hacking

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Krebs on Security

JANUARY 24, 2023

The plea comes just months after Emelyantsev was extradited from Bulgaria, where he told investigators, “America is looking for me because I have enormous information and they need it.” “Thanks to you, we are now developing in the field of information security and anonymity! RSOCKS, circa 2016. Image: archive.org.

Cybercrime

Cybercrime Advertising IoT Malware

Bitfinex hacker Ilya Lichtenstein was sentenced to 5 years in prison

Security Affairs

NOVEMBER 15, 2024

Bitfinex hacker, Ilya Lichtenstein , who stole 1 billion worth of Bitcoins from Bitfinex in 2016, has been sentenced to five years in prison. Billion in stolen cryptocurrency stolen during the 2016 hack of Bitfinex. ” reads the press release published by DoJ. Law enforcement also seized over $3.6

Cryptocurrency

Cryptocurrency Hacking Government Accountability

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

Krebs on Security

SEPTEMBER 24, 2022

A native of Omsk, Russia, Kloster came into focus after KrebsOnSecurity followed clues from the RSOCKS botnet master’s identity on the cybercrime forums to Kloster’s personal blog , which featured musings on the challenges of running a company that sells “security and anonymity services to customers around the world.”

Cybercrime

Cybercrime Data breaches Malware Ransomware

A Ukrainian man is the third FIN7 member sentenced in the United States

Security Affairs

APRIL 8, 2022

A Ukrainian man was sentenced in the US to 5 years in prison for his criminal activity in the cybercrime group FIN7. for high-level hacking activity in the cybercrime group FIN7 (aka Carbanak Group and the Navigator Group). Iarmak was involved in FIN7 criminal activities from approximately November 2016 through November 2018.

Cybercrime

Cybercrime Hacking Software Phishing

Operation TOURNIQUET: Authorities shut down dark web marketplace RaidForums

Security Affairs

APRIL 12, 2022

The illegal dark web marketplace RaidForums has been shut down and its infrastructure seized as a result of the international law enforcement Operation TOURNIQUET coordinated by Europol’s European Cybercrime Centre. Europol will continue working with its international partners to make cybercrime harder – and riskier –to commit.

Cybercrime

Cybercrime Banking Accountability Hacking

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Security Affairs

JULY 11, 2020

A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen data on cybercrime black marketplaces. The Russian criminal was arrested in Prague in October 2016 in an international joint operation with the FBI. SecurityAffairs – hacking, cybercrime).

Hacking

Hacking Cybercrime Data breaches Advertising

Trickbot spreads malware through new distribution channels

Security Affairs

OCTOBER 16, 2021

TrickBot operators are back and expand the distribution channels with partnership with cybercrime affiliates. The gang support other cybercrime groups such as known Hive0105, Hive0106 (aka TA551 or Shathak), and Hive0107, supporting them in expanding their malware campaigns. ” reads the post published by IBM X-Force.

Malware

Malware Cybercrime DDOS Social Engineering

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Security Affairs

MAY 13, 2024

New Jersey’s Cybersecurity and Communications Integration Cell (NJCCIC) reported that since April, threat actors used the the Phorpiex botnet to send millions of phishing emails as part of a LockBit Black ransomware campaign. In December 2021, experts at Check Point Research observed the resurgence of the Phorpiex botnet.

Phishing

Phishing Ransomware Security Awareness Authentication

UK and US sanctioned 11 members of the Russia-based TrickBot gang

Security Affairs

SEPTEMBER 11, 2023

governments sanctioned 11 more individuals who were alleged members of the Russia-based TrickBot cybercrime gang. The United States, in coordination with the United Kingdom, sanctioned eleven more individuals who are members of the Russia-based Trickbot cybercrime group. The sanctions were provided by the U.S. Government and U.S.

Cybercrime

Cybercrime Government Ransomware Banking

Russian national sentenced to 40 months for selling stolen data on the dark web

Security Affairs

AUGUST 16, 2024

Between July 2016 and May 2021, Kavzharadze listed over 626,100 stolen login credentials on Slilpp and sold more than 297,300 of them. The Russian man was sentenced to 40 months in prison and ordered to pay $1,233,521.47 in restitution. These credentials were linked to $1.2 million in fraudulent transactions.

Banking

Banking Accountability Retail Mobile

North Korea-linked hackers stole $626 million in virtual assets in 2022

Security Affairs

DECEMBER 22, 2022

. “South Korea’s main spy agency, the National Intelligence Service, said North Korea’s capacity to steal digital assets is considered among the best in the world because of the country’s focus on cybercrimes since U.N. sanctions imposed in 2016 and 1017, and the impact on its economy is dramatic. ” reported the AP agency.

Cryptocurrency

Cryptocurrency Cybercrime Media Government

Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

Security Affairs

APRIL 22, 2024

This is sensitive information that could lead to discrimination, persecution, or otherwise cause harm to individuals by violating their privacy and exposing them to various types of cyberattacks. In June 2016, security researcher Chris Vickery found a copy of the World-Check database dated 2014 that was accidentally exposed online.

Risk

Risk Spyware Hacking Accountability

Millions of Pixel devices can be hacked due to a pre-installed vulnerable app

Security Affairs

AUGUST 16, 2024

Threat actors could exploit this flaw to inject malicious code, execute commands with system privileges, and take over devices, potentially leading to serious cybercrimes and data breaches. The app has been present since August 2016 [ 1 , 2 ], but there is no evidence that this vulnerability has been exploited in the wild.

Hacking

Hacking Firmware Mobile Penetration Testing

Uber hacked, internal systems and confidential documents were allegedly compromised

Security Affairs

SEPTEMBER 16, 2022

We don’t have an estimate right now as to when full access to tools will be restored, so thank you for bearing with us,” Latha Maripuri, Uber’s chief information security officer, told NYT via email. This is not the first time that the company suffered a security breach.

Hacking

Hacking Data breaches Engineering Information Security

Members of GozNym gang sentenced for stealing $100 Million

Security Affairs

DECEMBER 22, 2019

Justice Department announced that three members of the cybercrime group behind the GozNym banking Trojan have been sentenced to prison. Justice Department announced that three members of the cybercrime group behind the GozNym banking Trojan have been sentenced to prison. Brady announced today.”

Computers and Electronics

Computers and Electronics Banking Cybercrime Malware

Source code of Dharma ransomware now surfacing on public hacking forums

Security Affairs

MARCH 29, 2020

The Dharma ransomware first appeared on the threat landscape in February 2016, at the time experts dubbed it Crysis. In November 2016, the master decryption keys for Crysis were released online, victims of CrySis versions 2 and 3 were able to recover their files.

Ransomware

Ransomware Hacking Advertising Malware

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Security Affairs

OCTOBER 29, 2020

The government agencies receive information about imminent attacks, threat actors are using the TrickBot botnet to deliver the infamous ransomware to the infected systems. “CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.

Healthcare

Healthcare Ransomware Cybercrime Advertising

QQAAZZ crime gang charged for laundering money stolen by malware gangs

Security Affairs

OCTOBER 18, 2020

QQAAZZ attempted to launder tens of millions stolen from victims starting with 2016 by the world’s foremost cybercriminals. SecurityAffairs – hacking, QQAAZZ cybercrime gang). The post QQAAZZ crime gang charged for laundering money stolen by malware gangs appeared first on Security Affairs. Pierluigi Paganini.

Malware

Malware Banking Cryptocurrency Cybercrime

No More Ransom helped ransomware victims to save almost €1B

Security Affairs

JULY 26, 2021

The “No More Ransom” website is an initiative launched in 2016 by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre, Kaspersky and McAfee to help victims of ransomware retrieve their encrypted data without having to pay the criminals.

Ransomware

Ransomware Encryption Cybercrime Hacking

A TrickBot malware developer sentenced to 64 months in prison

Security Affairs

JANUARY 26, 2024

The Seoul High Court Criminal Division 20 (Chief Judge Jeong Seon-jae Baek Suk-jong Lee Jun-hyun) charged Mr. A for being a developer for the TrickBot gang since 2016. A, this is the pseudonym used to identify the individual, was forced to live in Seoul waiting for the replacement of his passport from the local Russian embassy.

Malware

Malware Identity Theft Banking Ransomware

German BKA arrested the alleged operator of Deutschland im Deep Web darknet market

Security Affairs

OCTOBER 30, 2022

The Darknet marketplace was a crucial service for drug trafficking in the cybercrime underground for several years. . In 2016, the perpetrator of the shooting spree in Munich claimed to have bought the murder weapon and ammunition on the platform. “The arrest took place on Tuesday, October 25.

Marketing

Marketing Cybercrime Mobile Internet

Security Affairs newsletter Round 431 by Pierluigi Paganini – International edition

Security Affairs

AUGUST 6, 2023

Reptile Rootkit employed in attacks against Linux systems in South Korea New PaperCut flaw in print management software exposes servers to RCE attacks A cyberattack impacted operations of multiple hospitals in several US states Married couple pleaded guilty to laundering billions in cryptocurrency stolen from Bitfinex in 2016 Malicious packages in (..)

Malware

Malware Cybercrime Cryptocurrency Social Engineering

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The infamous Locky ransomware was first spotted in the wild in February 2016. CryptXXX, another major family discovered in April 2016 and later rebranded as UltraCrypter, relied on exploit kits that used software vulnerabilities to infiltrate systems. The first viable Mac ransomware called KeRanger was spotted in the spring of 2016.

Ransomware

Ransomware Hacking Encryption Penetration Testing

A member of the FIN7 group was sentenced to 10 years in prison

Security Affairs

APRIL 18, 2021

CARBANAK cybercrime gang was first uncovered in 2014 by Kaspersky Lab that dated its activity back to 2013 when the group leveraged the Anunak malware in targeted attacks on financial institutions and ATM networks. Between 2014 and 2016 the group used a new custom malware dubbed Carbanak that is considered a newer version of Anunak.

System Administration

System Administration Penetration Testing Malware Hacking

CISA and FBI warn of ongoing TrickBot attacks

Security Affairs

MARCH 19, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) warn of ongoing Trickbot attacks despite in October multiple security firms dismantled its C2 infrastructure in a joint operation. ” reads the advisory.

Phishing

Phishing Cybercrime Malware Ransomware

FBI links the Diavol ransomware to the TrickBot gang

Security Affairs

JANUARY 20, 2022

. “The FBI has not yet observed Diavol leak victim data, despite ransom notes including threats to leak stolen information.” ” TrickBot is a popular banking Trojan that has been around since October 2016, its authors have continuously upgraded it by implementing new features.

Ransomware

Ransomware Banking Malware Encryption

The Emotet botnet is back and hits 100K recipients per day

Security Affairs

DECEMBER 26, 2020

Emotet is back on Christmas Eve, cybercrime operators are sending out spam messages to deliver the infamous Trickbot Trojan. Emotet is back on Christmas Eve, after two months of silence, cybercrime operators are sending out spam messages to deliver the infamous Trickbot Trojan.

Cybercrime

Cybercrime Malware Banking Ransomware

Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering

Security Affairs

MAY 6, 2024

French authorities accused Vinnik of defrauding more than 100 people in six French cities between 2016 and 2018. French prosecutors believe Vinnik was one of the authors of the Locky ransomware that was also employed in attacks on French businesses and organizations between 2016 and 2018.

Cryptocurrency

Cryptocurrency Computers and Electronics Identity Theft Hacking

Russia-linked APT28 and crooks are still using the Moobot botnet

Security Affairs

MAY 3, 2024

The Moobot botnet has been active since at least 2016, it also includes other routers and virtual private servers (VPS). The threat actors used the botnet harvest credentials, collect NTLMv2 digests, proxy network traffic, and host spear-phishing landing pages and custom tools. ” concludes the report.

Phishing

Phishing Cryptocurrency Internet Internet

Data from Sephora and StreetEasy data breaches added to HIBP

Security Affairs

OCTOBER 7, 2019

The StreetEasy data breach took place in the mid-2016 and exposed 988k records that included names, usernames, email addresses and SHA-1 password hashes. The data has been available for sale in the cybercrime underground since February. “In approximately June 2016, the real estate website StreetEasy suffered a data breach.

Data breaches

Data breaches Passwords Advertising Cybercrime

Caketap, a new Unix rootkit used to siphon ATM banking data

Security Affairs

MARCH 18, 2022

Mandiant researchers discovered a new Unix rootkit named Caketap, which is used to steal ATM banking data, while investigating the activity of the LightBasin cybercrime group (aka UNC1945 ). The China-linked hacking group has been active since at least 2016, according to the CrowdStrike researchers it is using a very sophisticated toolset.

Banking

Banking Telecommunications System Administration Hacking

Phorpiex botnet is back, in 2021 it $500K worth of crypto assets

Security Affairs

DECEMBER 17, 2021

The botnet has been active since at least 2016, but in August the criminal organization behind the Phorpiex botnet have shut down their operations and put the source code of the bot for sale on a cybercrime forum in on a dark web. Experts estimated that in one year it allowed to steal crypto assets worth of 500,000 dollars.

Cryptocurrency

Cryptocurrency Cybercrime Malware Hacking

FIN8 Group spotted delivering the BlackCat Ransomware

Security Affairs

JULY 18, 2023

The cybercrime group FIN8 is using a revamped version of the Sardonic backdoor to deliver the BlackCat ransomware. The FIN8 group has been active since 2016, it leverages known malware such as PUNCHTRACK and BADHATCH to infect PoS systems and steal payment card data.

Ransomware

Ransomware Cybercrime Malware Hacking

Alexander Vinnik, the popular cyber criminal goes on trial in Paris

Security Affairs

OCTOBER 19, 2020

French authorities accused Vinnik of defrauding more than 100 people in six French cities between 2016 and 2018. SecurityAffairs – hacking, cybercrime). The post Alexander Vinnik, the popular cyber criminal goes on trial in Paris appeared first on Security Affairs. ” reported the AFP news. . Pierluigi Paganini.

Advertising

Advertising Hacking Cybercrime Cryptocurrency

Emsisoft releases free decryptor for the victims of the Diavol ransomware

Security Affairs

MARCH 19, 2022

TrickBot is a popular banking Trojan that has been around since October 2016, its authors have continuously upgraded it by implementing new features. In January, the FBI officially linked the Diavol ransomware operation to the infamous TrickBot gang , the group that is behind the TrickBot banking trojan.

Ransomware

Ransomware Encryption Malware Banking

Russian Alexander Vinnik sentenced in Paris to five years in prison for money laundering

Security Affairs

DECEMBER 8, 2020

The French court acquitted Vinnik of charges of extortion and association with a cybercrime organization. French authorities accused Vinnik of defrauding more than 100 people in six French cities between 2016 and 2018. In June, New Zealand police had frozen NZ$140 million (US$90 million) in assets linked to a Russian cyber criminal.

Cryptocurrency

Cryptocurrency Hacking Ransomware Cybercrime

ExCobalt Cybercrime group targets Russian organizations in multiple sectors

DoJ charged 19 individuals in a transnational cybercrime investigation xDedic Marketplace

Trending Sources

Personal health information of 42M Americans leaked between 2016 and 2021

Married couple pleaded guilty to laundering billions in cryptocurrency stolen from Bitfinex in 2016

TrickGate, a packer used by malware to evade detection since 2016

US seizes $3.6 billion worth of cryptocurrency stolen in 2016 Bitfinex hack

Chinese-speaking cybercrime gang Rocke changes tactics

Meet the Administrators of the RSOCKS Proxy Botnet

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Bitfinex hacker Ilya Lichtenstein was sentenced to 5 years in prison

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

A Ukrainian man is the third FIN7 member sentenced in the United States

Operation TOURNIQUET: Authorities shut down dark web marketplace RaidForums

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Trickbot spreads malware through new distribution channels

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

UK and US sanctioned 11 members of the Russia-based TrickBot gang

Russian national sentenced to 40 months for selling stolen data on the dark web

North Korea-linked hackers stole $626 million in virtual assets in 2022

Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

Millions of Pixel devices can be hacked due to a pre-installed vulnerable app

Uber hacked, internal systems and confidential documents were allegedly compromised

Members of GozNym gang sentenced for stealing $100 Million

Source code of Dharma ransomware now surfacing on public hacking forums

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

QQAAZZ crime gang charged for laundering money stolen by malware gangs

No More Ransom helped ransomware victims to save almost €1B

A TrickBot malware developer sentenced to 64 months in prison

German BKA arrested the alleged operator of Deutschland im Deep Web darknet market

Security Affairs newsletter Round 431 by Pierluigi Paganini – International edition

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

A member of the FIN7 group was sentenced to 10 years in prison

CISA and FBI warn of ongoing TrickBot attacks

FBI links the Diavol ransomware to the TrickBot gang

The Emotet botnet is back and hits 100K recipients per day

Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering

Russia-linked APT28 and crooks are still using the Moobot botnet

Data from Sephora and StreetEasy data breaches added to HIBP

Caketap, a new Unix rootkit used to siphon ATM banking data

Phorpiex botnet is back, in 2021 it $500K worth of crypto assets

FIN8 Group spotted delivering the BlackCat Ransomware

Alexander Vinnik, the popular cyber criminal goes on trial in Paris

Emsisoft releases free decryptor for the victims of the Diavol ransomware

Russian Alexander Vinnik sentenced in Paris to five years in prison for money laundering

Stay Connected