Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Sanctions. Show all posts
Sanctions
Crypto Exchange cryptocurrency cryptocurrency security Cyber Security financial risks Garantex Russian Crypto Sanctions

Sanctioned Russian Crypto Exchange Garantex Allegedly Rebrands as Grinex

 

International efforts to dismantle illicit financial networks are facing new challenges, as the recently sanctioned Russian cryptocurrency exchange Garantex appears to have rebranded and resumed operations under a new name—Grinex. Reports from blockchain analytics firm Global Ledger suggest that Grinex may be a direct successor to Garantex, which was shut down earlier this month in a joint operation by law enforcement agencies from the U.S., Germany, and Finland. 

Despite the crackdown, Global Ledger researchers have identified on-chain movements linking the two exchanges, including the transfer of Garantex’s holdings in a ruble-backed stablecoin, A7A5, to wallets controlled by Grinex. Off-chain clues further support the connection, such as the sudden surge in trading volume—Grinex reportedly handled over $40 million in transactions within two weeks of its launch. According to Lex Fisun, CEO of Global Ledger, social media activity also suggests a direct relationship between the platforms.

In a Telegram post, Sergey Mendeleev, a known figure associated with Garantex, downplayed the similarities between the two exchanges while making light of the situation. Meanwhile, reports indicate that former Garantex users have been transferring funds at the exchange’s physical offices in Europe and the Middle East, strengthening claims that Grinex is simply a rebranded version of the defunct platform. While leading blockchain analytics firms such as Chainalysis and TRM Labs have yet to verify these findings, Andrew Fierman, Head of National Security Intelligence at Chainalysis, acknowledged that early indicators point to a connection between Garantex and Grinex. 

However, a full assessment of Grinex’s infrastructure is still underway. If Grinex is indeed a rebranded Garantex, it would not be the first time a sanctioned exchange has attempted to evade regulatory scrutiny through rebranding. Similar cases have been observed in the past—BTC-E, a Russian exchange taken down by U.S. authorities in 2017, later reemerged as WEX, only to collapse due to internal conflicts. Likewise, Suex, another Russian exchange sanctioned for facilitating illicit transactions, resurfaced as Chatex before facing renewed enforcement actions. 

The reappearance of Garantex in another form underscores the persistent difficulties regulators face in enforcing financial sanctions. Despite the seizure of its servers and domain, the exchange’s infrastructure appears to have been quickly reestablished under a new identity. Experts warn that non-compliant exchanges operating in high-risk regions will continue to find ways to circumvent restrictions. Before its takedown, Garantex had been identified as a hub for money laundering and illicit financial transactions. 

The U.S. Treasury’s Office of Foreign Assets Control (OFAC) sanctioned the exchange in 2022, citing its involvement in facilitating payments for ransomware groups such as Black Basta and Conti, as well as its ties to darknet marketplaces like Hydra. Court documents also revealed that Garantex provided financial services to North Korea’s Lazarus Group, a state-backed hacking organization responsible for some of the largest cryptocurrency heists in history, including the $1.4 billion Bybit hack.

Additionally, Russian oligarchs reportedly used the platform to bypass economic sanctions imposed after Russia’s invasion of Ukraine. Two individuals linked to Garantex’s operations, Lithuanian national and Russian resident Aleksej Besciokov and Russian citizen Aleksandr Mira Serda, have been charged with conspiracy to commit money laundering. Besciokov was arrested in India earlier this month while on vacation with his family and is expected to be extradited to the U.S. to face trial. 

While authorities work to contain illicit financial activity in the crypto space, the rapid emergence of Grinex serves as a reminder of how easily such operations can adapt and reappear under new identities. Analysts warn that other high-risk exchanges in Russia, such as ABCEX and Keine-Exchange, are poised to take advantage of regulatory loopholes and fill the void left by Garantex’s shutdown.
Read more »
US Treasury Department
Cyber Security Intellexa Predator Sanctions Spyware US Treasury Department

US Steps up Pressure on Intellexa Spyware Maker with New Sanctions

 


The US Treasury Department imposed further sanctions on five individuals and one entity connected to the Intellexa Consortium, a reportedly tainted holding company behind notorious spyware known as Predator. US officials say that even though more sanctions were imposed last year and again this year, additional steps were necessary because of the complicated network of corporate entities Intellexa had established to avoid responsibility.

Most notably, the sanctions talk around the activities of the Intellexa Consortium, who, while placing money through holding companies, continued to move funds and sell its Predator spyware into multiple holding companies. The new sanctions target these loopholes that enable companies such as Intellexa to engage in such activities, thus according to one senior administration official. To that extent, the sanctions prove consistent on the part of the U.S. government in an attempt to hold accountable all those entities that threaten the nation's security and violate civil liberties.

How Predator Spyware Works

Known to steal sensitive information from devices via one-click and zero-click attacks that require little to no activity from the victim, predator spyware can trace people, monitor phone calls, and obtain access to the data of smartphones and other devices. Since 2019, this malware has spread to Android and iPhone devices globally, even affecting the U.S. government.

As recently confirmed, the Biden administration has made it a fact that over 50 US government employees have been affected by commercial spyware, like Predator, in countries counted in more than 10. Though the exact location of the attacks is not made public, such threats are under close observation by the administration.

Key Individuals and Entities Impacted By Sanctions

The new wave of sanctions hits key players in the company of Intellexa. Felix Bitzios, owner of one of the companies that sold Predator spyware to foreign governments, is among them. Another, Andrea Nicola Constantino Hermes Gambazzi, is accused of facilitating other Intellexa entities to make financial transactions. Other sentences will be handed down for Merom Harpaz, Panagiota Karaoli, and Artemis Artemiou. The organisation, Aliada Group Inc. operating in the British Virgin Islands, was sanctioned due to its provision to transfer millions of dollars to Intellexa.

In March, Tal Jonathan Dilian, a founder of Intellexa, was already sanctioned; however, the corporation was not restricted due to its action of continuing to sell spyware to governments worldwide.

Intellexa reaches quite far, with Predator spyware said to be used by state-sponsored actors and governments in a majority of countries around the world, including such ones as Egypt, Indonesia, Saudi Arabia, and the Philippines. According to recent reports, while US sanctions did seem to place a brake on its sales and adoption, they were unable to halt the spyware so entirely that it was at all times held in check. Instead, researchers found that Predator continues to rebound. New clients include government officials and representatives from Angola, Madagascar, and the Democratic Republic of Congo.

More recently, Google disclosed that the Russian government was also using the vulnerabilities created by Intellexa, sending concerns about the company's activities flying across the globe.

While there are many moves in the plan, U.S. sanctions against the government are part of it. Several companies already received the axe, while the State Department banned the visas of those individuals who have been linked to the misuse of spyware. Such is the case for Israeli firms, like the NSO Group, a manufacturer of notorious Pegasus spyware, blacklisted last 2021.

In the near future, the U.S. will, at the UN General Assembly, host a high-level meeting intended to bring more countries on board to fight misuse of commercial spyware. The officials believe that sanctions imposed so far already challenge Intellexa to move money and conduct its business.

A Warning to Spyware Vendors

According to the U.S. Treasury, sanctions represent an undoubtedly clear message of consequences not just for the likes of Intellexa spyware vendors but for the corporate structures or shell companies that may wrap up their operations no matter how deep. The efforts help comprise both the prevention of exploitative technologies and the promotion of responsible development in cybersecurity solutions that follow international standards.

As the U.S. moves to increase its restrictions on spyware, a rising call to reconsider involvement in these businesses has been made for companies operating in that area. Experts believe that skilled cyber professionals have shunned the spyware business to avoid possible legal and financial implications.




Read more »
Sanctions
APT cryptocurrency Cyber Crime lazarus Sanctions

North Korea Linked APT: US Sanctions Crypto Mixer Tornado Cash


The U.S Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned the crypto mixer service Tornado Cash. It was used by North Korean hackers linked to Lazarus APT Group. 

What is Crypto Mixers?

The mixers are crucial elements for threat actors that use it for money laundering, the mixer was used in laundering the funds stolen from victims. 

As per OFAC, cybercriminals used Tornado Cash to launder more than $7 Billion worth of virtual currency, which was created in 2019. The Lazarus APT group laundered more than $455 million money and stole in the biggest ever virtual currency heist to date. 

About the attack

It was also used in laundering over $96 million of malicious actors' funds received from the 24th June 2022 Harmony Bridge Heist and around $7.8 million from Nomad crypto heist recently. The sanction has been taken in accordance with Executive Order (E.O) 13694. 

"Today, Treasury is sanctioning Tornado Cash, a virtual currency mixer that launders the proceeds of cybercrimes, including those committed against victims in the United States,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson. “Despite public assurances otherwise, Tornado Cash has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risks.”

The Sanctions

In May, the US department of treasury sanctioned another cryptocurrency mixer, Blender.io, it was used by Lazarus APT, a hacking group linked to North Korea. It was used for laundering money from Axie Infinity's Ronin Bridge. The treasury has for the first time sanctioned a virtual currency mixer. 

"Virtual currency mixers that assist criminals are a threat to U.S. national security. Treasury will continue to investigate the use of mixers for illicit purposes and use its authorities to respond to illicit financing risks in the virtual currency ecosystem.” concludes the announcement published by the U.S. Treasury Department. “Criminals have increased their use of anonymity-enhancing technologies, including mixers, to help hide the movement or origin of funds.”



Read more »
Subscribe to: Posts (Atom)