Krebs on Security

MARCH 17, 2023

Federal Bureau of Investigation (FBI) this week arrested a New York man on suspicion of running BreachForums , a popular English-language cybercrime forum where some of the world biggest hacked databases routinely show up for sale. In April 2022, U.S. FBI agents carting items out of Fitzpatrick’s home on March 15.

Data breaches 334

Data breaches Cybercrime Insurance Internet 334

Krebs on Security

JANUARY 30, 2024

technology companies during the summer of 2022. stole at least $800,000 from at least five victims between August 2022 and March 2023. 2022 that an intrusion had exposed a “limited number” of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials.

Social Engineering 340

Social Engineering Mobile Passwords Cybercrime 340

Krebs on Security

MAY 29, 2024

.” The arrest coincided with the seizure of the 911 S5 website and supporting infrastructure, which the government says turned computers running various “free VPN” products into Internet traffic relays that facilitated billions of dollars in online fraud and cybercrime. The prices page for 911 S5, circa July 2022. $28

VPN 317

VPN Government Cybercrime Internet 317

Security Affairs

JULY 18, 2024

The cybercrime group FIN7 is advertising a security evasion tool in multiple underground forums, cybersecurity company SentinelOne warns. On May 19th, 2022, a user named “goodsoft” advertised an AV killer tool for $4,000 on the exploit[.]in Later, on June 14th, 2022, a user named “lefroggy” posted a similar ad on the xss[.]is

Advertising 143

Advertising Cybercrime Hacking Ransomware 143

Security Affairs

JUNE 24, 2024

The cybercrime group ExCobalt targeted Russian organizations in multiple sectors with a previously unknown backdoor known as GoRed. Positive Technologies researchers reported that a cybercrime gang called ExCobalt targeted Russian organizations in multiple sectors with a previously unknown Golang-based backdoor known as GoRed.

Cybercrime 126

Cybercrime Telecommunications DNS Technology 126

Krebs on Security

MAY 16, 2023

A Russian man identified by KrebsOnSecurity in January 2022 as a prolific and vocal member of several top ransomware groups was the subject of two indictments unsealed by the Justice Department today. prosecutors say Mikhail Pavolovich Matveev , a.k.a. “Mother Russia will help you,” Wazawaka concluded. 17, 1992). .

Ransomware 297

Ransomware Cybercrime VPN Healthcare 297

Krebs on Security

OCTOBER 31, 2022

A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon , a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims. According to those sources, U.S.

Malware 329

Malware Identity Theft Cybercrime Accountability 329

Krebs on Security

DECEMBER 4, 2024

In January 2022, KrebsOnSecurity identified a Russian man named Mikhail Matveev as “ Wazawaka ,” a cybercriminal who was deeply involved in the formation and operation of multiple ransomware groups. Matveev’s hacker identities were remarkably open and talkative on numerous cybercrime forums.

Cybercrime 201

Cybercrime Ransomware Cryptocurrency Government 201

Krebs on Security

SEPTEMBER 13, 2023

In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle “ USDoD ” had infiltrated the FBI ‘s vetted information sharing network InfraGard , and was selling the contact information for all 80,000 members. But on Sept. defense contractors. USDoD’s avatar used to be the seal of the U.S.

Cybercrime 323

Cybercrime Passwords Authentication Malware 323

Joseph Steinberg

JUNE 9, 2022

When it comes to cybercrimes, state and local law enforcement officials are rarely a match for cybercriminals; Tenafly’s police chief himself admitted that handling the investigation of the ransomware attack is “way above our capabilities.”

Ransomware 362

Ransomware Artificial Intelligence Education Cybercrime 362

Krebs on Security

JANUARY 25, 2023

23, 2022, KrebsOnSecurity alerted big-three consumer credit reporting bureau Experian that identity thieves had worked out how to bypass its security and access any consumer’s full credit report — armed with nothing more than a person’s name, address, date of birth, and Social Security number. 9, 2022 and Dec.

Cybercrime 331

Cybercrime Web Fraud Data breaches 331

Krebs on Security

MAY 28, 2024

KrebsOnSecurity identified one of the three men in a July 2022 investigation into 911 S5, which was massively hacked and then closed ten days later. The 911 S5 botnet-powered proxy service, circa July 2022. 911 built its proxy network mainly by offering “free” virtual private networking (VPN) services.

VPN 259

VPN Banking Cybercrime Internet 259

Krebs on Security

FEBRUARY 5, 2023

A notorious hacker convicted of perpetrating tens of thousands of cybercrimes, Kivimäki had been in hiding since October 2022, when he failed to show up in court and Finland issued an international warrant for his arrest. Kivimäki was ultimately convicted of orchestrating more than 50,000 cybercrimes.

Cybercrime 259

Cybercrime DDOS Hacking Accountability 259

Krebs on Security

MARCH 31, 2023

FlyHosting first advertised on cybercrime forums in November 2022, saying it was a Germany-based hosting firm that was open for business to anyone looking for a reliable place to host malware, botnet controllers, or DDoS-for-hire infrastructure. In mid-December 2022, the U.S. Image: Ke-la.com.

DDOS 287

DDOS Internet Internet Cybercrime 287

Security Affairs

AUGUST 20, 2024

Toyota has confirmed a data breach after a threat actor leaked 240GB of data stolen from its infrastructure on a cybercrime forum. Toyota disclosed a data breach after a threat actor leaked an archive of 240GB of data stolen from its systems on a cybercrime forum, BleepingComputer reported.

Data breaches 125

Data breaches Cybercrime Financial Services Hacking 125

Krebs on Security

DECEMBER 13, 2022

Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. Pompompurin has been a thorn in the side of the FBI for years.

Hacking 363

Hacking Energy and Utilities Cybercrime Accountability 363

Krebs on Security

AUGUST 2, 2022

The underground cybercrime forums are now awash in pleas from people who are desperately seeking a new supplier of abundant, cheap, and reliably clean proxies to restart their businesses. Further reading: July 29, 2022: 911 Proxy Service Implodes After Disclosing Breach. July 28, 2022: Breach Exposes Users of Microleaves Proxy Service.

Malware 298

Malware Cybercrime Internet Internet 298

Security Affairs

DECEMBER 22, 2022

. “South Korea’s main spy agency, the National Intelligence Service, said North Korea’s capacity to steal digital assets is considered among the best in the world because of the country’s focus on cybercrimes since U.N. economic sanctions were toughened in 2017 in response to its nuclear and missile tests.” Citing the U.S.

Cryptocurrency 143

Cryptocurrency Cybercrime Media Government 143

Krebs on Security

MAY 9, 2023

Ten of the domains are reincarnations of DDoS-for-hire services the FBI seized in December 2022, when it charged six U.S. In December 2022, the feds seized four-dozen booter domains and charged six U.S. However, at least one of the defendants from the 2022 booter bust-up — John M. This is the third in a series of U.S.

DDOS 254

DDOS Cybercrime Internet Internet 254

Krebs on Security

JULY 29, 2022

The 911 service as it existed until July 28, 2022. These services can be used in a legitimate manner for several business purposes — such as price comparisons or sales intelligence — but they are massively abused for hiding cybercrime activity because they can make it difficult to trace malicious traffic to its original source.

Cybercrime 302

Cybercrime Software VPN Backups 302

Krebs on Security

AUGUST 29, 2023

government today announced a coordinated crackdown against QakBot , a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. Researchers at AT&T Alien Labs say the crooks responsible for maintaining the QakBot botnet have rented their creation to various cybercrime groups over the years.

Hacking 294

Hacking Malware Ransomware Government 294

SecureList

DECEMBER 14, 2022

At this point, it has become cliché to say that nothing in 2022 turned out the way we expected. Similarly, at the beginning of February 2022, we noticed a huge spike in the amount of activity related to Gamaredon C&C servers. Taking sides: professional ransomware groups, hacktivists, and DDoS attacks.

DDOS 144

DDOS Ransomware Government Energy and Utilities 144

Krebs on Security

JANUARY 24, 2023

First advertised in the cybercrime underground in 2014, RSOCKS was the web-based storefront for hacked computers that were sold as “proxies” to cybercriminals looking for ways to route their Web traffic through someone else’s device. A copy of the passport for Denis Emelyantsev, a.k.a. Denis Kloster, as posted to his Vkontakte page in 2019.

Cybercrime 259

Cybercrime Advertising IoT Malware 259

Krebs on Security

JULY 10, 2024

The Russia-based cybercrime group dubbed “ Fin7 ,” known for phishing and malware attacks that have cost victim organizations an estimated $3 billion in losses since 2013, was declared dead last year by U.S. A 2022 deep dive on Fin7 from the Swiss threat intelligence firm Prodaft (PDF). authorities.

Phishing 294

Phishing Cybercrime Malware Software 294

Krebs on Security

DECEMBER 19, 2024

Silent Push said Araneida is being advertised by an eponymous user on multiple cybercrime forums. Araneida Scanner’s Telegram channel bragging about how customers are using the service for cybercrime. In 2022, Araneida told fellow Breached members they could be reached on Discord at the username “ Ornie#9811.”

Hacking 149

Hacking Cybercrime Advertising Data breaches 149

Krebs on Security

SEPTEMBER 30, 2024

A California man accused of failing to pay taxes on tens of millions of dollars allegedly earned from cybercrime also paid local police officers hundreds of thousands of dollars to help him extort, intimidate and silence rivals and former business partners, the government alleges. In December 2022, Troy Woody Jr. We know what E.Z.

Cryptocurrency 290

Cryptocurrency Government Internet Internet 290

Security Affairs

JULY 18, 2024

The cybercrime group FIN7 is advertising a security evasion tool in multiple underground forums, cybersecurity company SentinelOne warns. On May 19th, 2022, a user named “goodsoft” advertised an AV killer tool for $4,000 on the exploit[.]in Later, on June 14th, 2022, a user named “lefroggy” posted a similar ad on the xss[.]is

Advertising 98

Advertising Cybercrime Hacking Ransomware 98

Schneier on Security

JANUARY 31, 2023

Chainalysis reports that worldwide ransomware payments were down in 2022. million from victims in 2022, down from $765.6 Ransomware attackers extorted at least $456.8 million the year before.

Ransomware 306

Ransomware Cryptocurrency Cybercrime 306

Krebs on Security

JANUARY 10, 2024

Rasch said it could be that Dellone’s stolen crypto was seized as part of a government asset forfeiture, but that either way there is no reason Uncle Sam should hold some cybercrime victims’ life savings indefinitely. The law firm DLAPiper writes that in November 2022, the U.S. federal court.” million cyberheist. .”

Cryptocurrency 308

Cryptocurrency Government Cybercrime Accountability 308

Security Affairs

NOVEMBER 21, 2024

Justice Department charged five suspects linked to the Scattered Spider cybercrime gang with wire fraud conspiracy. Justice Department charged five alleged members of the cybercrime gang Scattered Spider (also known as UNC3944 , 0ktapus ) with conspiracy to commit wire fraud. ” reads the press release published by DoJ.

Cybercrime 73

Cybercrime Identity Theft Cryptocurrency Phishing 73

Krebs on Security

SEPTEMBER 24, 2022

A native of Omsk, Russia, Kloster came into focus after KrebsOnSecurity followed clues from the RSOCKS botnet master’s identity on the cybercrime forums to Kloster’s personal blog , which featured musings on the challenges of running a company that sells “security and anonymity services to customers around the world.”

Cybercrime 228

Cybercrime Data breaches Malware Ransomware 228

Krebs on Security

AUGUST 16, 2022

Earlier this month, the administrator of the cybercrime forum Breached received a cease-and-desist letter from a cybersecurity firm. Such responses generally accomplish nothing, except unnecessarily upping the stakes for everyone involved while displaying a dangerous naiveté about how the cybercrime underground works.

Data breaches 302

Data breaches Banking Cybercrime Marketing 302

Krebs on Security

JANUARY 17, 2023

Proprietors of these so-called “booter” or “stresser” services — designed to knock websites and users offline — have long operated in a legally murky area of cybercrime law. ” In December 2022, the U.S. Dobbs’s booter service, IPStresser, in June 2020. Image: archive.org.

DDOS 261

DDOS Cybercrime Engineering Government 261

SecureList

AUGUST 1, 2024

For example, Key Group, aka keygroup777, has used no fewer than eight different ransomware families throughout their relatively short history (since April 2022) – see the image below. Mallox Mallox is another relatively new ransomware variant that first came to light in 2021 and kicked off an affiliate program in 2022.

Ransomware 118

Ransomware Cybercrime Education Malware 118

Krebs on Security

JANUARY 19, 2023

5, 2022, and that an investigation determined the bad actor started abusing the API beginning around Nov. That breach came to light after a hacker began selling the records on a cybercrime forum. In October, mobile provider Optus disclosed that hackers abused a poorly secured API to steal data on 10 million customers in Australia.

Mobile 339

Mobile Accountability Data breaches Identity Theft 339

Krebs on Security

FEBRUARY 9, 2023

Authorities in the United States and United Kingdom today levied financial sanctions against seven men accused of operating “ Trickbot ,” a cybercrime-as-a-service platform based in Russia that has enabled countless ransomware attacks and bank account takeovers since its debut in 2016. companies and government entities.

Hacking 208

Hacking Cybercrime Ransomware Government 208

The Hacker News

OCTOBER 10, 2024

The Dutch police have announced the takedown of Bohemia and Cannabia, which has been described as the world's largest and longest-running dark web market for illegal goods, drugs, and cybercrime services. The marketplace

Marketing 137

Marketing Cybercrime 137