Krebs on Security

FEBRUARY 9, 2023

Authorities in the United States and United Kingdom today levied financial sanctions against seven men accused of operating “ Trickbot ,” a cybercrime-as-a-service platform based in Russia that has enabled countless ransomware attacks and bank account takeovers since its debut in 2016. companies and government entities.

Hacking 235

Hacking Cybercrime Ransomware Government 235

Adam Levin

JULY 24, 2020

Barely a day goes by without news of an elite hacking team creating a more stealth exploit– malware , elaborate spear-phishing attacks, trojans, and a killer array of ransomware that can take factories and other organizations offline, or even hobble entire cities. Cyberattacks are constantly getting more sophisticated.

Hacking 237

Hacking Phishing Risk Accountability 237

Krebs on Security

JANUARY 20, 2020

Preston was featured in the 2016 KrebsOnSecurity story DDoS Mitigation Firm Has History of Hijacks , which detailed how the company he co-founded — BackConnect Security LLC — had developed the unusual habit of hijacking Internet address space it didn’t own in a bid to protect clients from attacks.

DDOS 346

DDOS Internet Internet System Administration 346

Krebs on Security

FEBRUARY 12, 2019

Attacks that seek to completely destroy data and servers without any warning or extortion demand are not as common as, say, ransomware infestations , but when they do occur they can be devastating (the 2014 Sony Pictures hack and the still-unsolved 2016 assault on U.S.-based based ISP Staminus come to mind).

Hacking 275

Hacking DDOS Backups Accountability 275

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. 2016 sales thread on Exploit. One of Megatraffer’s ads on an English-language cybercrime forum. “Why do I need a certificate?”

Malware 301

Malware Cybercrime Software Accountability 301

The Last Watchdog

JUNE 21, 2020

Balaban This ransomware was doing the rounds over spam generated by the Gameover ZeuS botnet, which had been originally launched in 2011 as a toolkit for stealing victim’s banking credentials and was repurposed for malware propagation. The infamous Locky ransomware was first spotted in the wild in February 2016.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Security Affairs

APRIL 15, 2021

Over $760 million worth of Bitcoin that were stolen from cryptocurrency exchange Bitfinex in 2016 were moved to new accounts. More than $760 million worth of Bitcoin, stolen from Asian cryptocurrency exchange Bitfinex in 2016 , were moved on Wednesday to new accounts. SecurityAffairs – hacking, bitcoin). Pierluigi Paganini.

Cryptocurrency 126

Cryptocurrency Hacking Accountability Marketing 126

Krebs on Security

APRIL 7, 2022

The DOJ said it did not seek to disinfect compromised devices; instead, it obtained court orders to remove the Cyclops Blink malware from its “command and control” servers — the hidden machines that allowed the attackers to orchestrate the activities of the botnet. energy facilities. ” HYDRA. ” HYDRA. .

Marketing 301

Marketing Energy and Utilities Malware Ransomware 301

SecureList

OCTOBER 20, 2021

We also review what pushed cybercriminals to transform their operations into the now well-known malware-as-a-service model — the use of cloud servers, the decreasing relevance of custom malware and the subsequent emergence of small, agile teams. This browser attack chain, popular in 2016, is no longer possible.

Cybercrime 145

Cybercrime Banking Malware Ransomware 145

Security Affairs

MARCH 28, 2025

The Trojan has been active since 2016, it initially targeted Brazil but expanded to Mexico, Portugal, and Spain since 2020. The malware uses a custom URI Client and unusual port numbers to communicate with the server. Grandoreiro Banking Trojan resurfaces, targeting users in Latin America and Europe in new phishing campaigns.

Banking 86

Banking Phishing Malware Passwords 86

Security Affairs

JANUARY 31, 2023

TrickGate is a shellcode-based packer offered as a service to malware authors to avoid detection, CheckPoint researchers reported. TrickGate is a shellcode-based packer offered as a service, which is used at least since July 2016, to hide malware from defense programs. ” concludes the report.

Malware 98

Malware Antivirus Manufacturing Healthcare 98

Security Affairs

MARCH 29, 2020

The source code of the infamous Dharma ransomware is now available for sale on two Russian-language hacking forums. The source code of one of the most profitable ransomware families, the Dharma ransomware , is up for sale on two Russian-language hacking forums. SecurityAffairs – Dharma ransomware, malware). Pierluigi Paganini.

Ransomware 143

Ransomware Hacking Advertising Malware 143

Krebs on Security

JUNE 22, 2022

last week said they dismantled the “ RSOCKS ” botnet, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer. ” In 2016, Deniskloster.com featured a post celebrating three years in operation.

Advertising 317

Advertising Cybercrime System Administration Hacking 317

Krebs on Security

DECEMBER 19, 2018

Satnam Narang , senior research engineer at Tenable , said the vulnerability affects the following installations of IE: Internet Explorer 11 from Windows 7 to Windows 10 as well as Windows Server 2012, 2016 and 2019; IE 9 on Windows Server 2008; and IE 10 on Windows Server 2012.

Internet 255

Internet Internet Software Engineering 255

Krebs on Security

MARCH 2, 2020

A large number of French critical infrastructure firms were hacked as part of an extended malware campaign that appears to have been orchestrated by at least one attacker based in Morocco, KrebsOnSecurity has learned.

DNS 298

DNS Penetration Testing Malware Hacking 298

Security Affairs

MARCH 31, 2020

For the third time in a few weeks, the FBI has issued an alert about supply chain attacks carried out by nation-state actors using the Kwampirs malware. The FBI has issued an alert about supply chain attacks using the Kwampirs malware as part of a hacking campaign carried out on a global scale by state-sponsored hackers.

Malware 139

Malware Healthcare Advertising Hacking 139

Security Affairs

DECEMBER 4, 2021

Cuba ransomware has been actively distributed through the Hancitor malware , a commodity malware that partnered with ransomware gangs to help them gain initial access to target networks. The Hancitor downloader has been active since at least 2016 for dropping Pony and Vawtrak. SecurityAffairs – hacking, ransomware).

Ransomware 145

Ransomware Hacking Malware Encryption 145

Krebs on Security

AUGUST 12, 2018

The FBI said unlimited operations compromise a financial institution or payment card processor with malware to access bank customer card information and exploit network access, enabling large scale theft of funds from ATMs. million from accounts at the National Bank of Blacksburg in two separate ATM cashouts between May 2016 and January 2017.

Banking 228

Banking Accountability Retail Phishing 228

Security Affairs

DECEMBER 2, 2020

Russian-linked cyberespionage group Turla employed a new malware toolset, named Crutch, in targeted attacks aimed at high-profile targets. The Crutch framework was employed in attacks since 2015 to siphon sensitive data and transfer them to Dropbox accounts controlled by the Russian hacking group. SecurityAffairs – hacking, Crutch).

Malware 145

Malware Accountability Hacking Government 145

Krebs on Security

APRIL 22, 2019

The owner of a Swedish company behind a popular remote administration tool (RAT) implicated in thousands of malware attacks shares the same name as a Swedish man who pleaded guilty in 2015 to co-creating the Blackshades RAT , a similar product that was used to infect more than half a million computers with malware, KrebsOnSecurity has learned.

Advertising 242

Advertising Antivirus Software Malware 242

Security Affairs

DECEMBER 31, 2022

Crooks have had access to the medical records of 42 million Americans since 2016 as the number of hacks on healthcare organizations doubled. Medical records of 42 million Americans are being sold on the dark web since 2016, this information comes from cyberattacks on healthcare providers. million in 2016 to close to 16.5

Healthcare 98

Healthcare Ransomware Backups Hacking 98

The Hacker News

FEBRUARY 22, 2021

On August 13, 2016, a hacking unit calling itself "The Shadow Brokers" announced that it had stolen malware tools and exploits used by the Equation Group, a sophisticated threat actor believed to be affiliated to the Tailored Access Operations (TAO) unit of the U.S. National Security Agency (NSA).

Hacking 120

Hacking Malware 120

Krebs on Security

SEPTEMBER 10, 2021

Qrator says Meris has launched even bigger attacks since: A titanic and ongoing DDoS that hit Russian Internet search giant Yandex last week is estimated to have been launched by roughly 250,000 malware-infected devices globally, sending 21.8 By comparison, the 2016 Mirai DDoS generated approximately 450,000 requests-per-second.

IoT 342

IoT DDOS Internet Internet 342

The Last Watchdog

FEBRUARY 3, 2020

Samide and other experts say what’s coming next is very likely to be a series of varied attacks as combatants on all sides leverage footholds gained from ongoing intelligence gathering and malware planting. It’s notable that hacks to gain access to, and maintain control of, industrial control systems are a recurring theme in cyber warfare.

Energy and Utilities 330

Energy and Utilities Malware Hacking Passwords 330

Security Affairs

NOVEMBER 2, 2020

North Korea-linked APT group Kimsuky was recently spotted using a new piece of malware in attacks on government agencies and human rights activists. The new malware appears to have been developed recently, but threat actors might have used Backdating, or timestomping to thwart analysis attempts (anti-forensics).

Malware 132

Malware Advertising Spyware Government 132

Security Affairs

JUNE 17, 2020

A CIA elite hacking unit that developed cyber-weapons failed in protecting its operations, states an internal report on the Vault 7 data leak. In March, Joshua Schulte , a former CIA software engineer that was accused of stealing the agency’s hacking tools and leaking them to WikiLeaks, was convicted of only minor charges.

Hacking 144

Hacking Engineering Data breaches Advertising 144

Krebs on Security

FEBRUARY 3, 2022

The trouble is, there’s little to stop criminals from leveraging newly registered or hacked LinkedIn business accounts to create their own ad campaigns using Slinks. Way back in 2016, security firm Fortinet blogged about LinkedIn’s redirect being used to promote phishing sites and online pharmacies.

Phishing 358

Phishing Marketing Scams Accountability 358

Security Affairs

MARCH 4, 2020

Chinese security firm Qihoo 360 revealed that the US CIA has hacked Chinese organizations in various sectors for the last 11 years. Chinese security firm Qihoo 360 is accusing that the US Central Intelligence Agency (CIA) of having hacked Chinese organizations for the last 11 years. SecurityAffairs – hacking, CIA).

Hacking 145

Hacking Advertising Government Engineering 145

Krebs on Security

JANUARY 14, 2019

Also last week, a 30-year-old in the United Kingdom was sentenced to 32 months in jail for using an army of hacked devices to crash large portions of Liberia’s Internet access in 2016. The Boston Globe reports that Gottesfeld and his wife in 2016 tried to flee to Cuba in a rented boat, but the trip didn’t go as planned.

DDOS 221

DDOS Internet Internet Spyware 221

Security Affairs

MARCH 13, 2025

ScarCruft has been active since at least 2012, it made the headlines in early February 2018 when researchers revealed that the APT group leveraged a zero-day vulnerability in Adobe Flash Player to deliver malware to South Korean users. Kaspersky first documented the operations of the group in 2016. These include naverfiles[.]com

Spyware 77

Spyware Surveillance Encryption Malware 77

Security Affairs

AUGUST 13, 2020

The FBI and NSA issue joint alert related to new Linux malware dubbed Drovorub that has been used by the Russia-linked APT28 group. The FBI and NSA have published a joint security alert containing technical details about a new piece of Linux malware, tracked as Drovorub , allegedly employed by Russia-linked the APT28 group.

Malware 143

Malware Advertising IoT Government 143

Security Affairs

JANUARY 26, 2024

The Russian national malware developer Vladimir Dunaev was sentenced to more than 5 years in prison for his role in the TrickBot operation. The Russian national Vladimir Dunaev (40) has been sentenced in the US to 64 months in prison for his role in the development and distribution of the TrickBot malware. in October 2021.

Malware 132

Malware Identity Theft Banking Ransomware 132

Security Affairs

JUNE 3, 2024

Russia-linked APT28 used the HeadLace malware and credential-harvesting web pages in attacks against networks across Europe. The group was involved also in the string of attacks that targeted 2016 Presidential election. The campaigns targeted at least thirteen separate nations.

Malware 140

Malware Phishing Surveillance Internet 140

Security Affairs

MARCH 12, 2020

Cybercriminals continue to exploit the fear in the coronavirus outbreak to spread malware and steal sensitive data from victims. Experts from cybersecurity Reason reported cybercrimnals are using new coronavirus -themed attacks to deliver malware. To make sure the malware can persist and keep operating, it uses the “Task Scheduler”.”

Malware 144

Malware Advertising Passwords Cryptocurrency 144

Security Affairs

OCTOBER 16, 2021

The operators behind the infamous TrickBot (ITG23 and Wizard Spider) malware have resurfaced with new distribution channels to deliver malicious payloads, such as Conti ransomware. “As of mid-2021, X-Force observed ITG23 partner with two additional malware distribution affiliates — Hive0106 (aka TA551) and Hive0107. .

Malware 131

Malware Cybercrime DDOS Social Engineering 131

Security Affairs

SEPTEMBER 15, 2023

The Russian national Dariy Pankov (28), aka dpxaker, is the author of the NLBrute malware. The NLBrute malware allows operators to compromise protected computers by decrypting login credentials. The powerful malware was capable of compromising protected computers by decrypting login credentials, such as passwords.

Malware 123

Malware Marketing Passwords Hacking 123

Security Affairs

JULY 19, 2020

The four malware families are named Guildma, Javali, Melcoz, and Grandoreiro, experts believe are the result of a Brazilian banking group/operation that is evolving its capabilities targeting banking users abroad. Experts noticed that the malware uses the BITSAdmin tool to download the additional modules. ” continues Kaspersky.

Banking 139

Banking Malware Phishing Advertising 139