Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Dark web marketplace. Show all posts
kiberphant0m
BSNL data breach CERT-In Critical Data cyberattack on BSNL cybercriminals Dark web marketplace Data Breach Data protection data security kiberphant0m

U.S. soldier linked to BSNL data breach: Arrest reveals cybercrime

 

The arrest of Cameron John Wagenius, a U.S. Army communications specialist, has unveiled potential connections to a significant data breach targeting India’s state-owned telecom provider, BSNL. The breach highlights the global reach of cybercrime networks and raises concerns about the security of sensitive data across continents. 

Wagenius, stationed in South Korea, was apprehended on December 20, 2023, for allegedly selling hacked data from U.S. telecom companies. According to cybersecurity experts, he may also be the individual behind the alias “kiberphant0m” on a dark web marketplace. In May 2023, “kiberphant0m” reportedly attempted to sell 278 GB of BSNL’s critical data, including subscriber details, SIM numbers, and server snapshots, for $5,000. Indian authorities confirmed that one of BSNL’s servers was breached in May 2023. 

While the Indian Computer Emergency Response Team (CERT-In) reported the intrusion, the identity of the perpetrator remained elusive until Wagenius’s arrest. Efforts to verify the hacker’s access to BSNL servers through Telegram communication and sample data proved inconclusive. The breach exposes vulnerabilities in telecom providers’ security measures, as sensitive data such as health records, payment details, and government-issued identification was targeted. 

Additionally, Wagenius is accused of selling call records of prominent U.S. political figures and data from telecom providers across Asia. The arrest also sheds light on Wagenius’s links to a broader criminal network led by Connor Riley Moucka. Moucka and his associates reportedly breached multiple organizations, extorting millions of dollars and selling stolen data. Wagenius’s involvement with this network underscores the organized nature of cybercrime operations targeting telecom infrastructure. 

Cybersecurity researchers, including Allison Nixon of Unit 221B, identified Wagenius as the individual behind illicit sales of BSNL data. However, she clarified that these activities differ from state-sponsored cyberattacks by groups such as Salt Typhoon, a Chinese-linked advanced persistent threat actor known for targeting major U.S. telecom providers. The case has also exposed challenges in prosecuting international cybercriminals. Indian authorities have yet to file a First Information Report (FIR) or engage with U.S. counterparts on Wagenius’s case, limiting legal recourse. 

Experts suggest leveraging international treaties and cross-border collaboration to address such incidents. As the investigation unfolds, the breach serves as a stark reminder of the growing threat posed by insider actions and sophisticated cybercriminal networks. It underscores the urgent need for robust data protection measures and international cooperation to counter cybercrime.
Read more »
Stolen Data
cyber espionage tools Cyber Security CyberCrime Cybercrime Markets Dark web marketplace Department of Justice Marketplace Personal Data Stolen Data

U.S. Justice Department Shuts Down Rydox Cybercrime Marketplace

 

The U.S. Justice Department announced on Thursday the successful seizure and dismantling of Rydox, a notorious online marketplace for trafficking stolen personal information and cybercrime tools. In a coordinated operation with international law enforcement agencies, three individuals allegedly responsible for administering the site were arrested.

Since its inception in 2016, Rydox has been linked to over 7,600 illicit sales, generating significant profits by selling sensitive data such as credit card details, login credentials, and personally identifiable information (PII). Authorities reported that the platform offered 321,372 cybercrime products to a user base of more than 18,000 registered buyers, earning over $230,000 in revenue.

The Coordinated Crackdown

This operation involved multiple law enforcement agencies, including:

  • FBI’s Pittsburgh Office
  • Albania’s Special Anti-Corruption Body (SPAK)
  • National Bureau of Investigation (BKH)
  • Kosovo Special Prosecution Office
  • Kosovo Police
  • Royal Malaysian Police

Authorities apprehended two Kosovo nationals, Ardit Kutleshi (26) and Jetmir Kutleshi (28), in Kosovo. Both suspects will be extradited to the Western District of Pennsylvania to face charges including identity theft and money laundering. A third individual, Shpend Sokoli, was arrested in Albania and will face prosecution in his home country.

As part of the operation, law enforcement seized the domain Rydox.cc and its associated servers located in Kuala Lumpur, Malaysia. Additionally, U.S. authorities confiscated approximately $225,000 in cryptocurrency linked to the defendants, effectively dismantling the infrastructure supporting Rydox’s operations.

Global Cooperation in Combating Cybercrime

Eric Olshan, U.S. Attorney for the Western District of Pennsylvania, emphasized the importance of international collaboration in tackling cybercrime networks. “The harms can be devastatingly local,” Olshan stated, underlining how these crimes, though orchestrated globally, impact individuals and communities directly. He reiterated the Justice Department’s commitment to holding cybercriminals accountable.

Rydox has long symbolized the darker side of digital innovation, where stolen data is exploited for illicit profit. By providing a marketplace for cybercrime tools and sensitive information, it enabled thousands of buyers to commit fraudulent activities that affected both individuals and organizations.

Implications of the Takedown

The successful takedown of Rydox marks a significant victory in the fight against global cybercrime. It highlights the importance of multinational efforts in addressing online criminal networks. However, it also serves as a reminder of the persistent threats posed by similar platforms.

The arrests and dismantling of Rydox send a strong message to cybercriminals: no one is beyond the reach of international law enforcement agencies. This operation underscores the commitment of global authorities to combat cybercrime and protect victims from its devastating consequences.

Read more »
Password Theft
AI Gaming Cyber Security Cybersecurity Dark Web Dark web marketplace Password Theft

Dark Web Sale Exposes 3.6 Crore Stolen AI Gaming Accounts


The widespread sale of credentials obtained from AI-based gaming platforms and services is a worrying trend in the cyber underworld, as shown by a new analysis by antivirus company Kaspersky. An astounding 3.6 crore credentials, including login and password information, have been stolen and sold on the dark web in the last three years. The increase in demand for online gaming and artificial intelligence (AI) services has unintentionally encouraged hackers to develop specialized malware known as info stealers to obtain user data.

Surge of info stealers: Threat to online security

Hackers aiming to take advantage of the growing demand for AI-driven services and online gaming platforms have turned to infostealers, a kind of malware that steals user login credentials covertly. These harmful applications use phishing assaults and other deceptive tactics, among other methods, to infect devices, both personal and corporate. 

Kaspersky reports that the majority of leaked credentials come from the popular gaming site Roblox, where almost 3.4 crore user accounts have been exposed due to malware-related data breaches. The research also reveals an astounding 33-fold rise in credentials that have been taken from OpenAI users, amounting to 6.64 lakh records, some of which are connected to ChatGPT, a popular chatbot service.

AI services under threat

The range of hacked AI services, which includes chatbots, voice generators, picture editing, and translation, highlights how widespread the problem is. The head of Kaspersky Digital Footprint Intelligence, Yuliya Novikova, emphasizes how important it is to have strong cybersecurity safeguards in place to thwart infostealer attacks and prevent the unauthorized use of user credentials.

Online precaution must against cyber threat

One of the biggest challenges to online security is the continued demand for stolen credentials, especially those related to artificial intelligence applications. The research notes that when ChatGPT's fourth version was released in March 2023, there was a noticeable increase in the attention of cybercriminals towards these accounts. The continued demand for credentials related to artificial intelligence, even after things have stabilized, highlights the persistent attraction of bad actors looking to profit from the mass use of these services.

It is crucial that people and organizations strengthen their defenses against infostealer attacks in light of these advancements. Proactive measures, such as strong security protocols and constant attention, are essential to reducing the risks posed by hostile actors operating in the shadows of the dark web as cyber threats continue to adapt and multiply.


Read more »
STYX
Cash-out Cyber Fraud Dark Web Dark web marketplace Financial crime Resecurity STYX

STYX Marketplace: An Emerging Platform Aiding Financial Crimes


STYX, a new dark web marketplace is turning into a booming hub for purchasing and selling illicit services or stolen data. STYX is a new dark web marketplace that was launched earlier this year, and it seems to be on the right track for turning into a booming hub for purchasing and selling illicit services or stolen data. 

The platform provided services facilitating  financial crime like money laundering, identity theft, distributed denial-of-service (DDoS), bypassing two-factor authentication (2FA), fake or stolen IDs and other personal data, renting malware, using cash-out services, email and telephone flooding, identity lookup, and much more. 

The marketplace was officially launched on January 19. However, cyber analysts at threat intelligence at Resecurity, a threat intelligence company, claims to have sighted mentions of STYX on the dark web since early 2022, when the founders were still creating the escrow module. 

Apparently, STYX accepts payments using a variety of cryptocurrencies and has a dedicated section for approved vendors, in an effort to gain trust in the platform. 

All Things Financial-crime

Following the discovery of the notorious platform, it was further noted that STYX was involved in the post-pandemic menace of cyber-enabled financial crime. Adding to this is the threat it posses to financial institutions and their customers. 

STYX was discovered at the same time as Resecurity financial crime risk analysts noticed a sharp rise in threat actors providing services for money laundering that target cryptocurrencies and digital banking accounts. 

Resecurity’s research also determines some of the most used cyber-crime tactics by threat actors, namely cybercriminal cash-outs, and the use of virtual credit cards (VCCs) and NFC merchant terminals that are illicitly operated to aid in cybercrime activities. 

Moreover, the investigation led to the discovery of 100 mules account. Following which, the firm shared these accounts to the victims, allowing them to speedily identify money mule rings and other linked criminal organizations that were previously undetected. 

“Resecurity also identified a group of trending cash-out vendors that charge commissions based on the exact BIN of the card and brand of gift card,” the researchers stated in a report. 

Apparently, STYX accommodates a great number of cash-out shops across the world, that offers “clean” funds via Apply Pay, PayPal business accounts with merchant terminals, and other financial institutions in the U.S., U.K., and Canada. 

The emergence of STYX as a new platform for financially motivated cybercriminals demonstrates the continued profitability of the black market for services. 

To reduce the effectiveness of the services offered in these criminal markets, digital banks, online payment platforms, and e-commerce systems must accept the challenge and improve their KYC checks and fraud defenses.  

Read more »
Subscribe to: Posts (Atom)