Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. One of Megatraffer’s ads on an English-language cybercrime forum. WHO IS MEGATRAFFER?

Malware 301

Malware Cybercrime Software Accountability 301

Krebs on Security

SEPTEMBER 13, 2023

In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle “ USDoD ” had infiltrated the FBI ‘s vetted information sharing network InfraGard , and was selling the contact information for all 80,000 members. But on Sept. defense contractors. USDoD’s avatar used to be the seal of the U.S.

Cybercrime 338

Cybercrime Passwords Authentication Malware 338

SecureList

OCTOBER 6, 2022

During the pandemic, lockdowns forced people to stay at home and do their shopping online, which was mirrored in point-of-sale (PoS) and ATM malware activity, as certain regions saw malicious transactions drop significantly. Perpetrators continue to spread already-existing, widely used malware to attack PoS terminals and ATMs.

Malware 143

Malware Banking Software Cybercrime 143

Security Affairs

SEPTEMBER 2, 2022

Researchers attribute the Raspberry Robin malware to the Russian cybercrime group known as Evil Corp group. IBM Security X-Force researchers discovered similarities between a component used in the Raspberry Robin malware and a Dridex malware loader, which was part of the malicious operations of the cybercrime gang Evil Corp.

Cybercrime 122

Cybercrime Malware Backups Manufacturing 122

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware 236

Malware VPN Internet Internet 236

Krebs on Security

AUGUST 29, 2023

government today announced a coordinated crackdown against QakBot , a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. Qakbot/Qbot was once again the top malware loader observed in the wild in the first six months of 2023.

Hacking 308

Hacking Malware Ransomware Government 308

Krebs on Security

MAY 28, 2024

Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5 , an online anonymity service that for many years was the easiest and cheapest way to route one’s Web traffic through malware-infected computers around the globe. The 911 S5 botnet-powered proxy service, circa July 2022.

VPN 276

VPN Banking Cybercrime Internet 276

SecureList

JUNE 15, 2023

Money is the root of all evil, including cybercrime. Thus, it was inevitable that malware creators would one day begin not only to distribute malicious programs themselves, but also to sell them to less technically proficient attackers, thereby lowering the threshold for entering the cybercriminal community.

Malware 144

Malware Ransomware Cybercrime Hacking 144

Security Affairs

OCTOBER 27, 2024

They were convicted of illegal payment handling, with Puzyrevsky and Khansvyarov also found guilty of malware use and distribution. They were found guilty of illegal payment handling, while Puzyrevsky and Khansvyarov were also convicted of using and distributing malware. in March 2022. “On Friday, October 25, the St.

Ransomware 142

Ransomware Hacking Malware Cybercrime 142

Security Affairs

AUGUST 28, 2024

million reward for information leading to the arrest of a Belarusian cybercriminal involved in the mass malware distribution. million reward for information leading to the arrest of Volodymyr Kadariya (38), a Belarusian national allegedly involved in a significant malware organization. The US Department of State offers a $2.5

Malware 128

Malware Computers and Electronics Cybercrime Internet 128

Malwarebytes

FEBRUARY 4, 2025

When ChatGPT was unveiled to the public in late 2022, security experts looked on with cautious optimism, excited about the new technology but concerned about its use in cyberattacks. This warning comes from our 2025 State of Malware report, which compiled a years worth of intelligence to identify the most pressing cyberattacks on the horizon.

Artificial Intelligence 144

Artificial Intelligence Small Business Malware Technology 144

Krebs on Security

MARCH 31, 2023

FlyHosting first advertised on cybercrime forums in November 2022, saying it was a Germany-based hosting firm that was open for business to anyone looking for a reliable place to host malware, botnet controllers, or DDoS-for-hire infrastructure. In mid-December 2022, the U.S. Image: Ke-la.com.

DDOS 306

DDOS Internet Internet Cybercrime 306

Krebs on Security

JANUARY 7, 2025

” Perm is the current administrator of Star Fraud , one of the more consequential cybercrime communities on Telegram and one that has emerged as a foundry of innovation in voice phishing attacks. As we’ll see in a moment, that phishing kit is operated and rented out by a cybercriminal known as “ Perm ” a.k.a.

Phishing 337

Phishing Cryptocurrency Accountability Social Engineering 337

Krebs on Security

JULY 10, 2024

The Russia-based cybercrime group dubbed “ Fin7 ,” known for phishing and malware attacks that have cost victim organizations an estimated $3 billion in losses since 2013, was declared dead last year by U.S. A 2022 deep dive on Fin7 from the Swiss threat intelligence firm Prodaft (PDF). authorities.

Phishing 313

Phishing Cybercrime Malware Software 313

Security Affairs

FEBRUARY 17, 2025

“During a 2022 search of a known LockBit affiliate, Canadian law enforcement uncovered a laptop operating a virtual machine that was connected to a Zservers subleased IP address and running a programming interface used to operate LockBit malware. .” reads the announcement published by the US Treasury.

Cybercrime 69

Cybercrime Ransomware Hacking Advertising 69

Krebs on Security

JANUARY 24, 2023

Denis Emelyantsev , a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. A copy of the passport for Denis Emelyantsev, a.k.a.

Cybercrime 276

Cybercrime Advertising IoT Malware 276

Krebs on Security

JANUARY 28, 2022

“ BlackCat “), considered to be the first professional cybercrime group to create and use a ransomware strain written in the Rust programming language. One concern about more malware shifting to Rust is that it is considered a much more secure programming language compared to C and C++, writes Catalin Cimpanu for The Record.

Ransomware 328

Ransomware Accountability Cybercrime Malware 328

The Last Watchdog

AUGUST 1, 2023

1, 2023 – Guardz , the cybersecurity company securing and insuring SMEs, today disclosed the existence of a Hidden Virtual Network Computing (hVNC) malware targeting macOS devices. While cybercriminals have predominantly designed malware to target Microsoft Windows devices at scale, they are now increasingly developing tools for macOS.

Malware 189

Malware Insurance Cyber Insurance Small Business 189

Security Affairs

DECEMBER 1, 2022

Redigo is a new Go-based malware employed in attacks against Redis servers affected by the CVE-2022-0543 vulnerability. Researchers from security firm AquaSec discovered a new Go-based malware that is used in a campaign targeting Redis servers. In March 2022, the U.S. ” reads the analysis published by AquaSec.

Malware 145

Malware DDOS Architecture Cryptocurrency 145

SecureList

NOVEMBER 23, 2021

Finally, we will make some forecasts about financial attacks in 2022. The COVID-19 pandemic is likely to cause a massive wave of poverty, and that invariably translates into more people resorting to crime, including cybercrime. Cracking down hard on the cybercrime world. Analysis of forecasts for 2021.

Cryptocurrency 141

Cryptocurrency Banking Cybercrime Ransomware 141

Security Affairs

JUNE 24, 2024

The cybercrime group ExCobalt targeted Russian organizations in multiple sectors with a previously unknown backdoor known as GoRed. Positive Technologies researchers reported that a cybercrime gang called ExCobalt targeted Russian organizations in multiple sectors with a previously unknown Golang-based backdoor known as GoRed.

Cybercrime 116

Cybercrime Telecommunications DNS Technology 116

SecureList

JUNE 28, 2023

Introduction Andariel, a part of the notorious Lazarus group, is known for its use of the DTrack malware and Maui ransomware in mid-2022. Their campaign introduced several new malware families, such as YamaBot and MagicRat, but also updated versions of NukeSped and, of course, DTrack.

Malware 145

Malware Cybercrime Ransomware Phishing 145

Security Affairs

JUNE 12, 2022

Ransomware gangs are actively exploiting CVE-2022-26134 remote code execution (RCE) flaw in Atlassian Confluence Server and Data Center. Multiple ransomware groups are actively exploiting the recently disclosed remote code execution (RCE) vulnerability, tracked as CVE-2022-26134 , affecting Atlassian Confluence Server and Data Center.

Ransomware 145

Ransomware Encryption Malware Hacking 145

Security Affairs

MAY 30, 2022

The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion. Experts pointed out that the malware is being actively developed. The botnet was first discovered by Fortinet in March, the DDoS botnet targeted several routers and web servers by exploiting known vulnerabilities.

Malware 145

Malware DDOS IoT Cybercrime 145

SecureList

NOVEMBER 1, 2022

This is our latest installment, focusing on activities that we observed during Q3 2022. We can confirm a Maui ransomware incident in 2022, but we would expand their “first seen” date from the reported May 2021 to April 15, 2021, and the geolocation of the target to Japan and India. The most remarkable findings.

Malware 145

Malware Ransomware Spyware Encryption 145

Krebs on Security

SEPTEMBER 24, 2022

A native of Omsk, Russia, Kloster came into focus after KrebsOnSecurity followed clues from the RSOCKS botnet master’s identity on the cybercrime forums to Kloster’s personal blog , which featured musings on the challenges of running a company that sells “security and anonymity services to customers around the world.”

Cybercrime 251

Cybercrime Data breaches Malware Ransomware 251

Krebs on Security

DECEMBER 5, 2022

The defendants, who initially pursued a strategy of counter suing Google for interfering in their sprawling cybercrime business, later brazenly offered to dismantle the botnet in exchange for payment from Google. 2022 by Google researcher Luca Nagy. Another slide from Google researcher Luca Nagy’s September 2022 talk on Glupteba.

Cybercrime 293

Cybercrime Malware Internet Internet 293

Krebs on Security

FEBRUARY 9, 2023

Authorities in the United States and United Kingdom today levied financial sanctions against seven men accused of operating “ Trickbot ,” a cybercrime-as-a-service platform based in Russia that has enabled countless ransomware attacks and bank account takeovers since its debut in 2016. companies and government entities.

Hacking 235

Hacking Cybercrime Ransomware Government 235

SecureList

MARCH 29, 2023

However, traditional financial threats – such as banking malware and financial phishing, continue to take up a significant share of such financially-motivated cyberattacks. In 2022, we saw a major upgrade of the notorious Emotet botnet as well as the launch of massive campaigns by Emotet operators throughout the year.

Banking 110

Banking Phishing Cryptocurrency Mobile 110

SecureList

NOVEMBER 10, 2022

Cryptocurrency prices were dropping from the end of 2021 and throughout the first half of 2022. Cybercriminals pay neither for equipment, nor for electricity, which is rather expensive in 2022. If the cryptomining malware is installed successfully on the victim’s computer, it delivers its operator stable earnings.

Cryptocurrency 135

Cryptocurrency Malware Software Ransomware 135

SecureList

MAY 11, 2022

Ahead of the Anti-Ransomware Day, we summarized the tendencies that characterize ransomware landscape in 2022. This year, ransomware is no less active than before: cybercriminals continue to threaten nationwide retailers and enterprises , old variants of malware return while the new ones develop. Conti parameters (Linux ESXi).

Ransomware 141

Ransomware Encryption Malware Cybercrime 141

Security Affairs

DECEMBER 4, 2024

Black Basta ransomware-as-a-service (RaaS) has been active since April 2022, it impacted several businesses and critical infrastructure entities across North America, Europe, and Australia. Black Basta is a ransomware-as-a-service (RaaS) variant, first identified in April 2022. reads the CSA.

Ransomware 123

Ransomware Telecommunications Healthcare Insurance 123

SecureList

APRIL 27, 2022

This is our latest installment, focusing on activities that we observed during Q1 2022. Disclaimer: when referring to APT groups as Russian-speaking, Chinese-speaking or other-“speaking” languages, we refer to various artefacts used by the groups (such as malware debugging strings, comments found in scripts, etc.)

Malware 145

Malware Firmware Government Phishing 145

Krebs on Security

JULY 29, 2022

The 911 service as it existed until July 28, 2022. These services can be used in a legitimate manner for several business purposes — such as price comparisons or sales intelligence — but they are massively abused for hiding cybercrime activity because they can make it difficult to trace malicious traffic to its original source.

Cybercrime 317

Cybercrime Software VPN Backups 317

SecureList

MAY 27, 2022

IT threat evolution in Q1 2022. IT threat evolution in Q1 2022. IT threat evolution in Q1 2022. Our analysis of the rogue firmware, and other malicious artefacts from the target’s network, revealed that the threat actor behind it had tampered with the firmware to embed malware that we call MoonBounce.

Phishing 134

Phishing Spyware Firmware Malware 134

Security Affairs

AUGUST 25, 2024

Researchers spotted a new stealthy Linux malware named sedexp that uses Linux udev rules to achieve persistence and evade detection. Aon’s Cyber Solutions spotted a new malware family, called sedexp, that relies on a lesser-known Linux persistence technique. Sedexp uses udev rules to maintain persistence. ” concludes the report.

Malware 141

Malware Hacking Ransomware Cybercrime 141

Security Affairs

NOVEMBER 1, 2022

Compared to the second quarter of 2022, the activity decreased by 8%, falling from July to August but increasing from August to September. In Q3 2022, the most prolific ransomware and data leak actors in Q3 were LockBit , Black Basta , Hive , Alphv(aka BlackCat) and the new entry BianLian group. SecurityAffairs – hacking, cybercrime).

Ransomware 118

Ransomware Cybercrime Hacking Information Security 118