Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label APT28. Show all posts

Microsoft Alerts Users as Russian Hackers Target Windows Systems

 

As advancements in AI technology continue to unfold, the specter of cybercrime looms larger each day. Among the chorus of cautionary voices, Microsoft, the eminent IT behemoth, adds its warning to the fray.

Microsoft's Threat Intelligence researchers have issued a stark advisory to Windows users regarding the targeted assaults orchestrated by Russian state-sponsored hackers wielding a sophisticated tool.

These hackers, known in some circles as APT28 or Fancy Bear, but tracked by Microsoft under the moniker Forest Blizzard, have close ties to Russia's GRU military intelligence agency.

GooseEgg, a tool wielded with the aim of siphoning data and surreptitiously establishing backdoors within computer systems. Forest Blizzard, alias APT28, has deployed GooseEgg in a series of calculated strikes targeting governmental entities, educational institutions, and transportation firms across the United States, Western Europe, and Ukraine.

Their modus operandi centers predominantly on the strategic acquisition of intelligence. Evidence suggests that the utilization of GooseEgg may have commenced as early as June 2020, with the possibility of earlier incursions dating back to April 2019.

In response to the threat landscape, a patch addressing a vulnerability identified as CVE-2022-38028 was released by Microsoft in October 2022. GooseEgg, the nefarious tool in the hackers' arsenal, exploits this particular weakness within the Windows Print Spooler service.

Despite its deceptively simple appearance, the GooseEgg program poses an outsized threat, granting attackers elevated permissions and enabling a litany of malicious activities. From the remote execution of malware to the surreptitious installation of backdoors and the seamless traversal of compromised networks, the ramifications are profound and far-reaching.

ChipMixer: Cryptocurrency Mixer Taken Down After ‘Laundering $3bn in Cryptocurrency’


Darknet cryptocurrency mixer, ChipMixer has been shut down as a result of a sting conducted by Europol, the FBI, and German police, which investigated servers, and internet domains and seized $46 million worth of cryptocurrency. 

During the raid, it was discovered that wallets connected to North Korean cybercriminals and Russian intelligence services had evidence of digital currencies. 

The US criminal prosecutors have booked a Vietnamese man they claim to have run the service since its August 2017 creation. Potentially contaminated funds are gathered by mixers and sent at random to destination wallets. 

Minh Quoc Nguyen, 49, of Hanoi has been accused of money laundering, operating an unlicensed money-transmitting business, and identity theft. The FBI has included him on the wanted criminal list. 

Criminals laundering more than $700 million in bitcoin from wallets identified as stolen funds, including money taken by North Korean hackers from Axie Infinity's Ronin Bridge and Harmony's Horizon Bridge, were among the service's customers. 

It has also been reported that APT28, the Russian military intelligence, and Fancy Bear also utilized ChipMixer in order to buy infrastructure used from Kremlin Drovorub malware. Moreover, according to Europol, the Russian RaaS group LockBit was also a patron. 

ChipMixer joins a relatively small group of crypto mixers that have been shut down or approved, enabling criminals to conceal the source of the cryptocurrency obtained illegally. The list presently includes Blender.io, which was probably renamed and relaunched as Sinbad, and Tornado Cash, a favorite of cybercriminals that helped hackers launder more than $7 billion between 2019 and 2022. 

The Federal Criminal Police Office of Germany seized two ChipMixer back-end servers and more than $46 million in cryptocurrencies, while American investigators seized two web domains that pointed to the company. 

According to court documents, ChipMixer has enabled customers to deposit Bitcoin, which would then be mixed with other users’ Bitcoin in order to anonymize the currency. 

Court records state that ChipMixer allowed users to deposit Bitcoin, which was then combined with Bitcoin from other users to make the currency anonymous. But, this mixer took things a step further by converting the deposited money into tiny tokens with an equal value called "chips," which were then combined, further anonymizing the currencies and obscuring the blockchain trails of the funds. This feature of the platform is what attracted so many criminals. 

The domain now displays a seizure notice, stating: “This domain has been seized by the FBI in accordance with a seizure warrant.” 

“Together, with our international partners, we are firmly committed to identifying and investigating cybercriminals who pose a serious threat to our economic security by laundering billions of dollars’ worth of cryptocurrency under the misguided anonymity of the darknet,” adds Scott Brown, special agent in charge of Homeland Securities Investigations (HSI) Arizona.