Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Russian. Show all posts
User Data
Apple MacOS Apple Security Cyber Security Data Privacy data security Gatekeeper Malware Threat Personal Data Russian User Data

New macOS Malware Threat: What Apple Users Need to Know

 

Recently, the Moonlock Lab cybersecurity team discovered a macOS malware strain that can easily evade detection, posing a significant threat to users' data privacy and security. The infection chain for this malware begins when a Mac user visits a website in search of pirated software. 

On such sites, users might encounter a file titled CleanMyMacCrack.dmg, believing it to be a cracked version of the popular Mac cleaning software, CleanMyMac. When this DMG file is launched on the computer, it executes a Mach-O file, which subsequently downloads an AppleScript designed to steal sensitive information from the infected Mac. Once the malware infects a macOS computer, it can perform a variety of malicious actions. It collects and stores the Mac owner's username and sets up temporary directories to hold stolen data before exfiltration. The malware extracts browsing history, cookies, saved passwords, and other sensitive data from web browsers. It also identifies and accesses directories that commonly contain cryptocurrency wallets. 

Additionally, it copies macOS keychain data, Apple Notes data, and cookies from Safari, gathers general user information, system details, and metadata, and then exfiltrates all this stolen data to threat actors. Moonlock Lab has linked this macOS malware to a well-known Russian-speaking threat actor, Rodrigo4. This hacker has been active on the XSS underground forum, where he has been seen recruiting other hackers to help distribute his malware using SEO manipulation and online ads. This discovery underscores the growing threat of sophisticated malware targeting macOS users, a group often perceived as being less vulnerable to such attacks. 

Despite Apple's strong security measures, this incident highlights that no system is entirely immune to threats, especially when users are lured into downloading malicious software from untrustworthy sources. To protect yourself from such threats, it is essential to take several precautions. First and foremost, avoid downloading pirated software and ensure that you only use trusted and official sources for your applications. Pirated software often hides malware that can compromise your system's security. Installing reputable antivirus software and keeping it updated can help detect and block malware on macOS. Regularly updating your macOS and all installed applications is crucial to patch any security vulnerabilities that may be exploited by attackers. 

Additionally, exercise caution with downloads from unfamiliar websites or sources. Always verify the legitimacy of the website and the software before downloading and installing it. Enabling macOS’s built-in security features, such as Gatekeeper and XProtect, can also provide an additional layer of protection against malicious software. Gatekeeper helps ensure that only trusted software runs on your Mac, while XProtect provides continuous background monitoring for known malware. The Moonlock Lab's findings highlight the need for greater awareness and proactive measures to safeguard personal data and privacy. Users should remain vigilant and informed about the latest security threats and best practices for protecting their devices. 

By staying informed and cautious, Apple users can better protect their devices from malware and other cybersecurity threats. Awareness of the potential risks and implementing the recommended security practices can significantly reduce the likelihood of falling victim to such malicious activities. As cyber threats continue to evolve, maintaining robust security measures and staying updated on the latest threats will be crucial in ensuring the safety and integrity of personal data on macOS devices.
Read more »
Yahoo
Cyber Defence Cyber Security Digital World Geopolitical Protocols Russian Security Framework supply chain security Ukraine Yahoo

Russian Hackers Target Ukraine's Fighter Jet Supplier

 

A cyberattack on a Ukrainian fighter aircraft supplier has been reported, raising concerns about whether cybersecurity risks in the region are increasing. The incident—attributed to Russian hackers—highlights the need to have robust cyber defense strategies in a world where everything is connected.

According to a recent article in The Telegraph,  the cyber attack targeted Ukraine's key supplier for fighter jets. The attackers, suspected to have ties to Russian cyber espionage, aimed to compromise sensitive information related to defense capabilities. Such incidents have far-reaching consequences, as they not only threaten national security but also highlight the vulnerability of critical infrastructure to sophisticated cyber threats.

Yahoo News further reports that Ukrainian cyber defense officials are actively responding to the attack, emphasizing the need for a proactive and resilient cybersecurity framework. The involvement of top Ukrainian cyber defense officials indicates the gravity of the situation and the concerted efforts being made to mitigate potential damage. Cybersecurity has become a top priority for nations globally, with the constant evolution of cyber threats necessitating swift and effective countermeasures.

The attack on the fighter jet supplier raises questions about the motivations behind such cyber intrusions. In the context of geopolitical tensions, cyber warfare has become a tool for state-sponsored actors to exert influence and gather intelligence. The incident reinforces the need for nations to bolster their cyber defenses and collaborate on international efforts to combat cyber threats.

As technology continues to advance, the interconnectedness of critical systems poses a challenge for governments and organizations worldwide. The Telegraph's report highlights the urgency for nations to invest in cybersecurity infrastructure, adopt best practices, and foster international cooperation to tackle the escalating threat landscape.

The cyberattack on the supplier of fighter jets to Ukraine is an alarming indicator of how constantly changing the dangers to global security are. For countries to survive in the increasingly digital world, bolstering cybersecurity protocols is critical. The event emphasizes the necessity of a proactive approach to cybersecurity, where cooperation and information exchange are essential components in preventing cyberattacks by state-sponsored actors.
Read more »
Ukraine
attackers Cyber Attacks Data Data Safety data security Hackers Russian Safety Security Ukraine

SolarWinds Hackers Dangle BMWs to Eavesdrop on Diplomats

 

The Russia-backed group responsible for the SolarWinds attack, known as Cloaked Ursa or Nobelium/APT29, has shifted its tactics and is now targeting foreign diplomats working at embassies in Ukraine. Instead of using traditional political lures, the group is employing more personalized approaches to entice victims into clicking on malicious links.

Researchers from Palo Alto Networks' Unit 42 have been monitoring the activities of Cloaked Ursa and discovered that the initial lure in the campaign involved a legitimate flyer advertising the sale of a used BMW sedan in Kyiv. The flyer, which was originally shared by a diplomat within the Polish Ministry of Foreign Affairs, caught the attention of potential victims, particularly new arrivals to the region. 

Exploiting this opportunity, Cloaked Ursa created a counterfeit version of the flyer and sent it to multiple diplomatic missions as a bait for their malware campaign. The malicious message contained a link that promised additional photos of the car, but instead, it executed malware in the background when clicked.

The malware payload used by Cloaked Ursa is JavaScript-based and provides the attackers with a backdoor into the victim's system, enabling them to load further malicious code through a command-and-control connection. 

The group meticulously compiled its target list, using publicly available embassy email addresses for 80% of the victims and unpublished email addresses for the remaining 20%. This deliberate selection aimed to maximize their access to desired networks.

While the researchers observed the campaign being conducted against 22 out of the 80 foreign missions in Ukraine, they suspect that the actual number of targets is higher. The extensive scope of the attacks is remarkable for operations that are typically secretive and narrowly focused.

In a strategic shift, Cloaked Ursa has moved away from using job-related topics as bait and instead crafted lures that appeal to recipients' personal interests and desires. This change aims to increase the campaign's success rate by compromising not only the initial targets but also others within the same organization, extending its reach. 

The researchers noted that these unconventional lures have broad applicability across the diplomatic community and are more likely to be forwarded to other individuals within and outside the organization.

Cloaked Ursa, also known as Nobelium/APT29, is a state-sponsored group associated with Russia's Foreign Intelligence Service (SVR). The group gained notoriety for the SolarWinds attack, which involved a backdoor discovered in December 2020 and affected approximately 18,000 organizations through infected software updates.

Since then, the group has remained active, targeting foreign ministries, diplomats, and the US government, exhibiting sophistication in both tactics and custom malware development.

To mitigate APT cyberattacks like those conducted by Cloaked Ursa, the researchers provided some recommendations for diplomatic personnel. They advised administrators to educate newly assigned diplomats about cybersecurity threats specific to the region before their arrival. 

Additionally, individuals should exercise caution when downloading files, even from seemingly legitimate sources, and be vigilant about URL redirection when using URL-shortening services, as this could be indicative of a phishing attack. Verifying file extension types and avoiding files with mismatched or obfuscated extensions is crucial to prevent falling victim to phishing attempts. 

Finally, the researchers suggested that diplomatic employees disable JavaScript as a preventive measure, rendering JavaScript-based malware unable to execute.
Read more »
Technology
BTC-e cryptocurrency Cyberattacks CyberCrime Russian Technology

Accused Cybercriminals: Russians Charged with Hacking Mt. Gox Crypto Exchange and Manages BTC-e

 


In one of the earliest, biggest, and most widely publicized bitcoin robberies in the world, in the case of the collapsed cryptocurrency exchange Mt. Gox, the United States charged two Russian nationals. 

A criminal complaint was filed by the Department of Justice to investigate the hacking of the Bitcoin exchange carried out by Alexey Bilyuchenko, 43, and Aleksandr Verner, 29. They laundered 647,000 bitcoins, worth $17.2 billion today, thanks to their conspiracy. 

A second charge against Bilyuchenko is alleged to be a conspiracy to operate BTC-e, the "illicit exchange," from 2011 to 2017, in conjunction with Alexander Vinnik. Vinnik was extradited from Greece to the United States for a criminal investigation into BTC-e and money laundering charges against him in 2022. This was for his role in the operation of the exchange. 

This event proved to be one of the earliest indications that cryptocurrency exchanges which allow users to convert their digital assets into traditional cash via conversions of their digital assets were vulnerable to cybercriminals in the first place as a result of this event. There have been many thefts in the industry since then. 

In an attempt to contact Bilyuchenko or Verner to find their contact details, Reuters was unable to do so. Neither of them could be found, and it was unclear where they were located. 

It is also alleged that Bilyuchenko conspired with Russian national Alexander Vinnik between 2011 and 2017 to operate the unlicensed BTC-e Bitcoin trading platform that he set up with Vinnik. 

As one of Bilyuchenko's closest associates, he was arrested in Greece in 2017 and convicted of money laundering in France three years later. This made him a key associate of Alex Vinnik, an internationally recognized cybercrime kingpin. Now, Bilyuchenko is facing charges in California for operating BTC-e, an exchange that has since shut down out of business but has been accused by the Department of Justice of catering to cybercriminals. 

Additionally, it is alleged that the pair is also suspected of using an advertising contract with Bitcoin brokerage service New York Bitcoin Broker to launder more of the funds. To accomplish this, the latter must request the former to send wire transfers into offshore accounts, under the names of shell companies, in their names. 

There has been a lot of talk about Vinnik since he was arrested in Greece several years ago. He now finds himself in California awaiting his trial on charges that he ran a crypto exchange called BTC-e. He was arrested in France for money laundering charges. A threat known as Locky was also developed by him and has been credited with being a key factor in its development. 

If they are based in Russia, Bilyuchenko and Verner are unlikely to face trial at this time, since it is unclear where they are currently living. 

BTC-e funds are being moved on the blockchain as reported by CoinDesk in March. There was a transaction in November 2022 between a crypto wallet and BTC-e's wallet involving 3,299 bitcoin, which was the first time a transaction had been sent from the exchange wallet since 2017. Two unidentified recipients received over 10,000 bitcoins six years ago from a Chinese company. There is no clarification if Bilyuchenko and Verner were among those beneficiaries in the DOJ filing.

Before it was taken down, Bitcoin-e was believed to have helped cash out 95% of the ransomware payments before being taken down. It was used by cybercriminals in over 100 countries to facilitate the transfer, laundering, and storage of criminal proceeds.

There are currently over a million users using BTC-E, who handle billions of dollars worth of Bitcoin deposits and withdrawals, corresponding to millions of bitcoins. 

Mt Gox's longtime chief operating officer Mark Karpeles was convicted in Japan in 2019 of falsifying Mt Gox's financial data, but he was acquitted of embezzlement charges by a Japanese court as a result of the conviction. A suspension of his two-year and six-month sentence was imposed. 

Two Russian citizens have been charged for their involvement in the Mt. Gox hack, which serves as a significant landmark in the ongoing quest for redress for the victims of this well-known cyberattack, which has been deemed a severe cyberattack in the past few years. Law enforcement agencies are tirelessly working to investigate and prosecute those who are responsible for large-scale cryptocurrency breaches, and the indictment is a testament to the dedication of these agencies. 

Throughout the legal process, it will be important to keep track of the results and assess the potential costs and benefits for the global fight against cybercrime as the process unfolds. Due to this case, the need for robust cybersecurity measures and international cooperation has been highlighted to protect the integrity of digital assets. This will maintain public trust in crypto assets in general.
Read more »
Swiss
Amazon Web Services Cyber Crime Data Privacy FBI Russian Swiss

A Swiss Hacker Uncovered Confidential FBI Terrorism Screening Center File

Personal information of civilians who were on an outdated version of the US Government's No Fly List and Terrorist Screening Database was found on an open server by a 23-year-old Swiss hacker.

On January 12, Maia Arson Crimew, an influential hacker noted by the Department of Justice in a separate indictment, discovered the highly sensitive documents while browsing through a search engine full of unsecured servers. 

The text file "NoFly.csv," which refers to the subset of people in the Terrorist Screening Database who have been prohibited from flying because of suspected or known ties to terrorist organizations, was found after server analysis.

According to crimew, there were reportedly more than 1.5 million entries on the list overall. The data includes names and birthdates. The number of distinct people was significantly fewer than 1.5 million because it also contained many aliases.

According to the hacker, CommuteAir, an Ohio-based minor airline, maintained the insecure Amazon Web Services cloud server that contained the No Fly List as well as confidential data on roughly 1,000 of the airline's employees. Their passport numbers, addresses, and phone numbers were apparently included in this data.

Many of the names on the list appeared to be of Arabic or Middle Eastern ancestry, however, there were also Hispanic and Anglican-sounding names. The uncovered No-Fly list had several well-known names, including Viktor Bout, a Russian arms dealer who was recently released from a US prison in exchange for US basketball player Brittney Griner. Also included on the list were alleged IRA members, an Irish paramilitary group. Another person was listed as being 8 years old by crimew based on their birth year.

While those on the smaller No-fly list are known or suspected terrorists who are prohibited from traveling to or inside the US, those on the Terrorist Screening Database may be subject to enhanced security checks and inspections when traveling.

According to the FBI, a list of people shared among government agencies is the Terrorism Screening Database, which is intended to prevent the kind of intelligence failures that took place before 9/11. The more constrained, smaller No Fly List is contained within it. People who have been screened for terrorism may be subject to further security checks and limitations. No one from the No Fly List is allowed to board an airplane in the United States.
Read more »
Ukrainians
cyber attack Cyber Attacks Cyber Threats DDOS Attack Russian Ukrainians

Ukrainians DDoS Russian Vodka Supply Chains

 

According to the Russian news portal Vedomosti, Ukrainian cyber threat actors compromised Russia’s central alcohol distribution portal that is considered crucial for the distribution of alcoholic beverages in Russian regions called Unified State Automated Alcohol Accounting Information System or EGAIS.

EGAIS is a portal that plays important role in alcohol distribution in the nation. As per the law, for all alcohol producers and distributors, it is mandatory to register their shipments with EGAIS. Therefore, this attack caused extensive service blockage across Russia. 

The group hit the portal with DDoS attacks launched on May 2nd and 3rd. Through the DDoS or distributed denial of service attacks, the perpetrators overwhelm servers with superfluous requests in an attempt to overload systems and render some or all legitimate requests from being fulfilled. 

Also, according to the experts, sophisticated strategies have to be required against such types of attacks, as simply attempting to block a single source is insufficient. Three sites belonging to the platform have been hit by DDoS attacks. 

On May 4th, two EGAIS sites showed the error “the server stopped responding,” and the third didn’t work. The attacks took place on May 2nd and the next day system failures became more obvious about the attack. 

Wine trader Fort said that the site stopped working on May 4th, and the Union of Alcohol Producers, Igor Kosarev, and Ladoga representatives claimed the same. 

Fort further added that they had failed to upload about 70% of invoices to EGAIS due to the attack. Its supplies of wine to retail chains and restaurants in the region apparently failed to distribute on May 4 due to the incident. The outage impacted not only vodka distribution but wine companies faced disruption as well alongside purveyors of other types of alcohol. 

“Due to a large-scale failure, factories cannot accept tanks with alcohol, and customers, stores, and distributors cannot receive finished products that have already been delivered to them,” Vedomosti reported.

Ukrainian threat actors group, the Disbalancer took responsibility for the attack and announced their future plans to launch more attacks on the platform.
Read more »
Ukrainian Cyber Security
Cyber Attacks data security IT army Moscow Russia Russian Ukraine Ukrainian Cyber Security

Moscow Exchange Downed by Cyber-Attack

 

On Monday morning, the website for the Moscow Stock Exchange went down, becoming inaccessible. 
The Ukraine crowdsourced community of hackers operated by the Kyiv officials took responsibility for the outage in a message posted to Telegram while claiming the responsibility behind the attack.  

According to the officials early on Monday, the Kyiv officials called on its IT army members to launch attacks on the website. Following the attack, on Telegram, the IT Army claimed that it took only five minutes to knock the site down. However, as of now, its claims could not be verified. 

NetBlocks, a global internet connectivity tracking company reported that the site went offline on early Monday. However, the root cause behind the incident is still unknown. Mykhailo Fedorov, Ukraine’s deputy prime minister made a formal public statement on the incident and celebrated the formation of the IT army on Facebook. “The mission has been accomplished! Thank you!” the statement read. 

Also, last week Mykhailo Fedorov announced the formation of the IT Army and listed names of prominent Russian websites that the state-sponsored hackers could look to attack. 

In the middle of Monday afternoon, Sberbank, Russia’s largest lender website also went offline. The outage was reported by NetBlocks and celebrated by Fedorov, who declared: “Sberbank fell!” on social media. 

Further, Bloomberg reports that depositary receipts for Sberbank of Russia PJSC sank as much as 77%, while Gazprom PJSC dropped by 62%. 

Following the ongoing Russian war in Ukraine, the cyber threat Intelligence in their latest reports explained threats on cyberspace while saying that the outcome of this will affect every nation in the coming days, not just Ukraine. For now, the current situation changes the cybersecurity picture and worries the nations with the latest developments in cyberspace. 

Ultimately, critical infrastructures like power, banking, military infrastructures, and telecom are being targeted by the state actors, and the assets of several countries are increasingly coming under its grip. The US and UK have already issued warnings of potential cyber-attacks coming in the backdrop of the Russian military invasion in Ukraine.
Read more »
security threat
Cyber Crime Ransomware Gang REvil REvil Hacker group REvil Ransomware Russian security threat

BlackCat Ransomware Gang Employing Novel Techniques to Target Organizations

 

Last year in December, malware researchers from Recorded Future and MalwareHunterTeam unearthed ALPHV (aka BlackCat), the first professional ransomware strain that was designed in the Rust programming language. In this post, we will explore some of the methodologies employed by ransomware developers to target organizations.

According to an analysis published last month by Varonis, BlackCat was observed recruiting operators from multiple ransomware organizations, offering to allow affiliates to leverage the ransomware and keep 80-90% of the ransom payment.

“The group’s leak site, active since early December 2021, has named over twenty victim organizations as of late January 2022, though the total number of victims, including those that have paid a ransom to avoid exposure, is likely greater,” Varonis’s Jason Hill explained. 

The attackers leveraging BlackCat, often referred to as the "BlackCat gang,” employ multiple tactics that are becoming increasingly commonplace in the ransomware space. Notably, they use several extortion techniques in some cases, including the siphoning of victim data before ransomware deployment, threats to release data if the ransom is not paid, and distributed denial-of-service (DDoS) attacks.

According to cybersecurity researchers at Recorded Future, the ALPHV/BlackCat developer was previously involved with the REvil ransomware gang. Last month, the Russian government disclosed that at the United States’ request it arrested 14 individuals in Russia linked to the REvil ransomware gang.

Still, REvil rolls on despite these actions, according to Paul Roberts at ReversingLabs. “The recent arrests have NOT led to a noticeable change in detections of REvil malicious files,” Roberts wrote. “In fact, detections of files and other software modules associated with the REvil ransomware increased modestly in the week following the arrests by Russia’s FSB intelligence service.” 

Meanwhile, the U.S. State Department has a standing $10 million reward for information leading to the identification or location of any individuals holding key leadership positions in REvil. 

As of December 2021, BlackCat has the seventh-largest number of victims listed on their leak site among ransomware groups tracked by Unit 42 researchers. While Conti (ranked second) has been around in various guises for almost two years, it is surrounded at the top of the chart by emerging families.
Read more »
Russian
malware Russian

Russian businesses pay ransom more often to hackers due to ransomware viruses

 By the end of 2021, 16% of Russian companies paid ransom to hackers who attacked their business. For comparison, two years earlier, not a single company made a deal with ransomware.

According to Positive Technologies analysts, the business started paying ransoms because of the ransomware boom that began in 2020. As noted in Group-IB, the number of attacks using viruses that encrypt valuable files increased by more than 200% in 2021. Kaspersky Lab noted that from January to July, cryptographers attacked 9200 corporate users in Russia. In turn, hacker attacks have increased due to the development of cryptocurrencies, since, unlike transfers to bank cards, settlements with its help are more difficult to track.

Anton Shipulin, head of Kaspersky Lab's Industrial Cybersecurity Expert Center, is sure that hacker attacks using cryptographers occur more often in industry, and this is the area that pays the most to cybercriminals. At the same time, the size of the ransom varies from hundreds of thousands to tens of millions of rubles.

According to Oleg Skulkin, head of the Group-IB computer forensics laboratory, in two years hackers have attacked not only large corporations, but also representatives of medium and small businesses. On average, the attackers demanded about 3 million rubles ($42,000) from them.

The chief expert of Kaspersky Lab, Sergey Golovanov, added that most large companies refuse to pay and hire experts to respond to the incident. Small organizations agree to the ransom, especially if the requested amount does not exceed the amount of damage from data loss and the cost of restoring it.

A feature of the ransomware hacker approach in Russia is that none of the groups use public websites to host data from victims who have refused to pay the ransom. Also, according to experts, there was not a single open auction where stolen data would be put up for sale. Usually, attackers present evidence directly during negotiations with the victim.

Read more »
US Department Of Justice
Cyber Crime Infraud Organiztion Macedonain Russian US Department Of Justice

US Sentences Russian, Macedonian For Roles in Transantional Cybercrime Enterprise

 

The United States has sentenced nationals from Russia and North Macedonia to prison for their roles in a transnational cybercrime operation that was responsible for theft of $568 million worldwide, according to a Justice Department statement. 

Sergei Medvedev, 33, of Russia, pleaded guilty in the District of Nevada to one count of racketeering conspiracy in June 2020 and was sentenced on Friday to 10 years in prison. According to court documents, Medvedev was a co-founder of Infraud along with Syvatoslav Bondarenko of Ukraine. From November 2010 until Infraud was taken down by law enforcement in February 2018, Medvedev was an active participant in the Infraud online forum. 

Medvedev was running an “escrow” service to facilitate illegal transactions among Infraud members. For several years, Medvedev served as Infraud’s administrator, handling day-to-day management, deciding membership, and meting out discipline to those who violated the enterprise’s rules.

Mark Leopard, 31, of North Macedonia, pleaded guilty in the district of Nevada to one count of racketeering conspiracy in November 2019 and was sentenced today to five years in prison. According to court documents, Leopard joined Infraud in June 2011, offering his services as an ‘abuse immunity’ web hoster to Infraud members who wished to design websites to sell contraband. 

Unlike a legitimate host, Leopard would knowingly cater to websites offering illegal goods and services, ignoring any abusive reports from Internet users. He hosted a number of sites for Infraud members in this fashion, providing the infrastructure that allowed his co-conspirators to profit off their criminal activities.

The enterprise, which boasted over 10,000 members at its peak and operated for more than seven years under the slogan ‘IN Fraud We Trust’. Infraud was responsible for the sale and/or purchase of over four million compromised credit and debit card numbers and the actual loss associated with Infraud was in excess of $568 million, the Us Department of Justice said.

“Today’s sentence should serve as a warning to any web host who willingly looks the other way for a quick buck – and that the United States will hold these bad actors accountable, even when they operate behind a computer screen halfway across the world,” Acting Assistant Attorney General Nicholas McQuaid said.
Read more »
Russian
Bypass of Sensitive data. Data Breach Data Leak Russia Russian

Russian Hacking Forum Maza Hijacked, Suffers Data Breach

Cybercriminal forum Maza was recently hit by a data breach that led to the leak of user information. Earlier this week, experts at Flashpoint found the breach suffered by Maza, (earlier called Mazafaka) that has been on the web since 2003. It is a reserved and strictly restricted platform for Russian hackers. The group is involved in carding, which involves the selling of stolen credit card/financial information on the web, besides this, the forum discusses spam, exploits, malware, phishing attacks, money laundering, and much more. The hackers posted a warning message "This forum has been hacked/Your data has been leaked," after the successful breach of the platform.  

The leaked information includes usernames, user IDs, email IDs, links to messenger app that include- MSN, messenger, and login credentials (obfuscated and hashed). ZDNet reports, "In January, Russian forum Verified was taken over without warning. The introduction of new domains, temporary open registration, and the silence of old moderators has raised suspicion among some users as to the intentions of the new owners." According to Flashpoint, around 2000 user accounts were breached. Users discussing the breach said that they'll now have to find another forum, whereas other users believe that the breach is partial or old. 

As of now, the experts are unaware of who hijacked the forum besides the fact that hackers might have used an online translator to post the warning. It implies that the hackers may not be Russian speaking unless they did it intentionally to misguide.  This is not the first time Maza was hacked, back in 2011 by a rival group named DirectConnection, around 2000 user accounts were leaked. Soon, DirectConnection was compromised as a retaliation.  

Aleksei Burkov, known as alias 'Kopa,' is said to be the admin for both the forums. He was sentenced to prison for 9 years by US authorities against the charge of running the Cardplanet carding forum. "Users may be justified in such concerns, especially considering law enforcement is now posting 'friendly' warnings on hacking forums to discourage illegal activities," says ZDNet.As of now, no latest developments have appeared. Stay updated to know more.
Read more »
Spies
Chinese Cyber Security Czech EU Military Intelligence Russian Spies

Czech Republic's Intelligence Agency Reveal on Russian And Chinese Spies Posing an Imminent Threat to The EU Member's Security

 


The Czech Republic's intelligence agency recently revealed that Russian and Chinese spies posed an up and coming threat to the EU member's security and other key interests the previous year. 

The annual report of the Security Data Administration (BIS) said the intelligence services of Russia and China took up a rather significant role in further advancing their interests and options abroad.

All Russian intelligence services were rather active on Czech territory in 2019. Spies with a strategic and diplomatic cover zeroed in on further advancing Russia's interests and the Kremlin's views, just as boosting Russia's reputation in the Czech Republic. 

"The key difference is that Russia seeks to destabilise and disintegrate its opponents, while China is trying to build a Sinocentric global community wherein other nations acknowledge the legitimacy of China's interests," BIS said. 

The Chinese spies’ agents utilized covers as diplomats, journalists, or scientists and "utilized the receptiveness of the Czech environment to the offer of Chinese investment," BIS said. 

They focused on the tech area, the military, security, infrastructure, the health sector, the economy, and environmental protection and searched for ways to paint a positive portrait of China. 

BIS added that the foreign spies additionally focused on Czech cyberspace with attacks focused on the foreign ministry and diplomatic missions abroad, yet additionally the infrastructure of Czech anti-virus software maker Avast.

It said Russian and Chinese services were behind these attacks, adding that phishing and spear-phishing emails were the most frequently utilized tactic.
Read more »
Russian Hackers
Cyber Crime Cyber Crime Report Cyber Criminals Russian Russian Hackers

Russian citizen arrested in the United States on charges of organizing a cyber crime


According to the Ministry of Justice, 27-year-old Yegor Kryuchkov tried to pay $1 million to an employee of a company from Nevada in order to introduce malware into its computer network. When the FBI joined the investigation, the Russian tried to run from the United States

A Federal Court in Los Angeles has arrested a Russian citizen, Yegor Kryuchkov, on charges of conspiring to commit cybercrime. This was reported by the press service of the US Department of Justice.

According to the Department, 27-year-old Kryuchkov in the period from July 15 to August 22 this year tried to bribe an employee of an unnamed American company located in the state of Nevada. The statement claims that the Russian offered him $1 million for participation in the implementation of the fraudulent scheme.

The Ministry of Justice reported that Kryuchkov allegedly planned to load malicious software into the computer system of this company. This would allow him and his associates to gain unhindered access to company data.

Last week, Kryuchkov was contacted by the Federal Bureau of Investigation (FBI), after which he left Reno (Nevada) and went to Los Angeles in order to leave the United States. The Russian, according to the Department, asked his friend to buy him a plane ticket.

Kryuchkov was detained in Los Angeles on August 22. According to the Ministry of Justice, the Russian entered the United States on a tourist visa.

The Russian Embassy in the United States said that diplomats are aware of Kryuchkov's arrest. "We will contact the Russian in the near future to find out the problem. We will provide him with the necessary consular and legal assistance,” said the diplomatic mission.

Read more »
Russian Federation
Breach of Security and Privacy Privacy Privacy Breach Russian Russian Cyber Security Russian Federation

The Russian Federation leads in the number of users monitored via smartphones


In the first six months of 2020, the number of gadgets with Stalker software in Russia increased by 28% compared to the same period in 2019.

"This probably happened because as a result of self-isolation, many people began to spend much more time at home,” said Viktor Chebyshev, an expert on mobile threats at Kaspersky Lab.

He explained that such programs are often installed to spy on their loved ones, allowing them to access the contents of a mobile device, as well as to spy on a person through a smartphone camera in real-time. They are often used by initiators of domestic violence. All Stalker software is not free.

"There have always been jealous spouses and those who just want to look into someone else's life, and the development of IT has given such people additional opportunities," said Andrey Arsentiev, head of Analytics and special projects at InfoWatch Group.

According to Kaspersky Lab, the number of users on whose mobile devices Stalkerware is installed is increasing not only in Russia. In Europe, such programs are most often found in German, Italian and British users.

It is interesting to note that the anti-stalker software coalition was formed in November 2019. It was named Coalition Against Stalkerware. In addition to Kaspersky Lab, it includes 20 organizations. One part of them works in the field of information security, the other helps victims of domestic violence. The coalition is working to raise awareness among people about the threat of stalker software, as well as to counter the crimes that are committed using such programs. 

Read more »
Russian Cyber Security
Russian Russian Cyber Security

The database of millions of Telegram users from Russia and Iran appeared on the Darknet


On one of the forums in the Darknet, a database appeared with information about several million users of the Telegram messenger. The data file is about 900 megabytes. 

The Telegram press service confirmed the existence of the database, explaining that information is collected through the built-in contact import function even when the user registers. Representatives of the company added that not a single service that allows users to communicate with contacts from their phone book can completely exclude such a search.

Telegram also assured that most of the fused accounts are no longer relevant. In addition, the messenger has a function "Who can add me to contacts by phone number". This setting makes it difficult for regular users to communicate (they become invisible even to those who know their phone number), but it allows you to completely hide the connection between the account and the phone number.

It became known that the Telegram user contact database did not appear on the network as a result of a leak from the messenger, it was collected by parsing - collecting and analyzing publicly available information and is a compilation of other contact databases.

"This database is a compilation of various previous databases collected from different countries and different methods. The main method is collection via open systems, chatbots, authorization, and information about a person's registration by number. Even taking into account duplicates and incorrect data in the database, this is tens of millions of users," said the expert.

The expert believes that the database could somehow get all the user's public data-ID, username, first name, last name, photo, cell phone, public bio and website, in some cases, information was also included when the user was online, his approximate location – country/region, and others. Such databases are usually used for widespread non-targeted spam.
Read more »
Russian Federation
Russia Russian Russian Cyber Security Russian Federation

Experts fear an increase in the number of cyber attacks after the end of self-isolation


As 62% of respondents answered, when companies transferred employees to remote work at the beginning of the pandemic, the most concern was ensuring secure remote access and VPN. 47% of respondents reported that they were concerned about preventing attacks using social engineering methods, and 52% called the protection of endpoints and home Wi-Fi networks of employees one of the main challenges.

"Even before the introduction of self-isolation, many companies allowed employees to work remotely. As soon as the regime entered into force, organizations had no choice but to organize remote access for all their employees as soon as possible. Of course, these measures have led to the emergence of new opportunities for attackers to carry out attacks. Despite the fact that we are now gradually returning to the normal life, the threat of cyber attacks is not decreasing. Companies need to use comprehensive zero-day security solutions to avoid being hit by a large number of next-generation cyber attacks," explained Vasily Diaghilev, head of Check Point Software Technologies representative office in Russia and the CIS.

At the same time, 65% of information security experts noted that their companies are blocking the access of external computers to corporate VPNs. 51% of specialists said that the greatest threat comes from home devices, 33% see the main security threat in mobile devices of employees.

According to Dmitry Medvedev, Deputy Chairman of the Security Council of the Russian Federation, the number of cybercrimes in the past five months in Russia has exceeded 180 thousand, which is 85% more than in the same period of time in 2019.

He stressed the importance of taking into account that new schemes and techniques are being developed for cyber attacks.
Read more »
Russian
Russian

Russians were warned about the danger of installing banking apps on the phones



In some situations, the use of the program could lead to leakage of personal information. The specialist gave advice on how not to become a victim of fraud

Banking apps for smartphones have significantly simplified the lives of citizens. But sometimes they can cause serious harm. The head of the company Digital platform Arseny Shcheltsin shared recommendations in this regard.

First, the specialist urged people to install an antivirus program on their phone. Also, access to accounts with a lot of money should be blocked from the phone. Shcheltsin also reminded about the trick of hackers who send SMS messages from unknown numbers: people should not follow the link in any case.

According to him, the Bank's mobile app is one of the most popular apps that people install on their phones. This is due to the fact that in the mobile app, it is usually easier and more mobile to manage the account and communicate with the Bank. Regular communication using chat is even faster than communication with the Bank's call center.

The expert warned that people can accidentally download an unofficial Bank app to phone. It may be safe, but its usefulness is questionable. Most likely, the program is configured to collect personal data of a person for subsequent sale to large firms that provide services.

Mobile banks are constantly increasing their functionality, however, there is a risk that fraudsters or hackers can gain access to the Bank's mobile app by somehow placing a malicious app on the victim's phone. In the future, this malicious software gets access to application up to the ability to transfer money. 

Now banks are more serious about this issue, but despite the fact that the number of stolen money by this method is constantly decreasing, such cases still exist.

It is interesting to note that Alexei Krichevsky, an IT expert at the Academy of Finance and Investment Management, said that the owners of devices running on Android should install an antivirus application on a smartphone first. Unlike iOS, this system is more susceptible to hacker attacks.
Read more »
Russian
Cyber Crime FBI Online Russian

Russian-Based Online Platform Taken Down By the FBI


The Federal Bureau of Investigation as of late brought down the Russian-based online platform DEER.IO that said to have been facilitating different cybercrime products and services were being sold according to announcements by the Department of Justice.

The Russian-based cyber platform known as DEER.IO has for quite some time been facilitating many online shops where illicit products and services were being sold.

A little while back, there happened the arrest of Kirill Victorovich Firsov as revealed by authorities, he was the supposed main operator behind Deer.io, a Shopify-like stage that has been facilitating many online shops utilized for the sale of hacked accounts and stole user data. Convicts ware paying around $12/month to open their online store on the platform.

When the 'crooks' bought shop access through the DEER.IO platform, a computerized set-up wizard permitted the proprietor to upload the products and services offered through the shop and configure the payment procedure by means of cryptocurrency wallets.

Arrested at the John F. Kennedy Airport, in New York, on Walk 7, Firsov has been arrested for running the Deer.io platform since October 2013 and furthermore publicized the platform on other hacking forums.

“A Russian-based cyber platform known as DEER.IO was shut down by the FBI today, and its suspected administrator – alleged Russian hacker Kirill Victorovich Firsov – was arrested and charged with crimes related to the hacking of U.S. companies for customers’ personal information.” - the official statement distributed by the DoJ.

While Feds looked into around 250 DEER.IO stores utilized by hackers to offer for sales thousands of compromised accounts, including gamer accounts and PII documents containing user names, passwords, U.S. Social Security Numbers, dates of birth, and victim addresses.

A large portion of the casualties is in Europe and the US. The FBI agents effectively bought hacked information from certain stores facilitated on the Deer.io platform, offered data were authentic as indicated by the feds.

When asked to comment for the same FBI Special Agent in Charge Omer Meisel states, “Deer.io was the largest centralized platform, which promoted and facilitated the sale of compromised social media and financial accounts, personally identifiable information (PII) and hacked computers on the Internet. The seizure of this criminal website represents a significant step in reducing stolen data used to victimize individuals and businesses in the United States and abroad.”

Read more »
Russian Cyber Security
Cyber Security Cyber Security News National Cyber Security Protonmail Russian Russian Cyber Security

Roskomnadzor blocked the email service Protonmail


The FSB of the Russian Federation reported that it was possible to install another email service that was used by an "electronic terrorist" to send messages about mining of objects with a massive stay of people in Russia. On Wednesday, the FSB and the Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor) announced the blocking of the Swiss postal service Protonmail.com.

"This email service was used by hackers both in 2019 and especially actively in January 2020 to send false messages about mass mining of objects on the territory of the Russian Federation under the guise of reliable information," said the representative of Roskomnadzor.

In turn, the FSB of Russia reported that this service is used starting from January 24. Messages with threats of mining were sent to the email addresses of courts in four regions of the Russian Federation. Last year, the same service was also used to send false terrorist threats, but on a smaller scale.
"The texts also indicated allegedly mined 830 social and transport infrastructure objects. All threats were false," the FSB reported.

ProtonMail CEO Andy Yen recently announced his decision to go to court because he believes the block is unfounded. According to him, blocking the service is an inefficient and inappropriate tool to combat cyber attacks.

"This will not stop cybercriminals from sending threats from another email service and will not help if the criminals are located outside of Russia. Cybercriminals are also likely to be able to bypass the block using one of their many VPN services," Ian said.

The head of the company stressed that blocking mail will only harm private users and restrict access to private information for Russians.

Recall that this is the third foreign mail service blocked by Roskomnadzor for spreading false messages about mining facilities in Russia. On January 23, Roskomnadzor announced the blocking of the StartMail service. It was noted that mass mailings of messages about the mining of various objects on the territory of Russia were carried out through this mail service. Emails have been received since November 28, 2019.
Read more »
Russian
FaceApp FBI Russian

US Senator Chuck Schumer urges FBI to investigate FaceApp




Senate Minority Leader Chuck Schumer has suggested for an investigation into FaceApp, citing its privacy concern and fear over data transfer to the Russian government.

In a letter posted on Twitter, Mr. Schumer called the FBI and Federal Trade Commission to investigate the popular app. 

"I have serious concerns regarding both the protection of the data that is being aggregated as well as whether users are aware of who may have access to it," his letter to FBI Director Christopher Wray and FTC Chairman Joseph Simons.

‘’Furthermore, it is unclear how long FaceApp retains a user’s data or how a user may ensure their data is deleted after usage. These forms of “dark patterns,” which manifest in opaque disclosures and broader user authorizations, can be misleading to consumers and may even constitute a deceptive trade practice.’’

‘’In particular, FaceApp’s location in Russia raises questions regarding how and when the company provides access to the data of U.S. citizens to third parties, including potentially foreign governments,’’ the letter reads.

However, the app makers have previously denied the allegations. 

In the meantime, the Democratic National Committee has reportedly warned all its 2020 presidential candidates and their campaigners not to use the app. 

"It's not clear at this point what the privacy risks are, but what is clear is that the benefits of avoiding the app outweigh the risks," security officer Bob Lord reportedly told the staff.


In between all the controversies, the company has more than 80 million active users.

Read more »
Subscribe to: Posts (Atom)