Author Archives: Jeff Stone

Feds indict ‘fxmsp’ in connection with million-dollar hacking operation

Posted on by

The U.S. Department of Justice has charged a man with hacking-related crimes as part of an investigation into a group of foreign scammers accused of targeting more than 300 organizations throughout the world. Prosecutors in the Western District of Washington charged Andrey Turchin, who resides in Kazakhstan, with five felony counts in connection with a year-long fraud effort. Last known to be in Kazakhstan, Turchin allegedly sold remote access hacking tools on cybercriminal forums, typically charging tens of thousands of dollars for access to data that would cost victims tens of millions of dollars. Turchin went by a series of aliases, including “fxmsp,” according to the Justice Department. He was initially charged in December 2018, though the indictment was kept under seal until Tuesday, one month after security vendor Group-IB released its own research documenting the work of a hacker known by the “fxmsp” alias. “U.S. authorities have reason to […]

The post Feds indict ‘fxmsp’ in connection with million-dollar hacking operation appeared first on CyberScoop.

Continue reading Feds indict ‘fxmsp’ in connection with million-dollar hacking operation

German police seize DDoSecrets server distributing ‘BlueLeaks’ files

Posted on by

German law enforcement officials have seized a server belonging to an anti-secrecy organization that recently published a trove of data stolen from U.S. police agencies, the group’s co-founder says. Emma Best, who helps lead the Distributed Denial of Secrets group, said in a tweet Tuesday that prosecutors in the municipality of Zwickau have taken the group’s “primary public download server.” In an advisory that Best tweeted, police said the server was seized by the department of public prosecution. “Please understand that we are not allowed to provide any further information regarding this case,” note states. The move comes weeks after DDoSecrets published the BlueLeaks files, a 269 GB collection of materials taken from U.S. law enforcement bodies, including police training materials, safety guides and instructions on how to contain demonstrations. DDoSecrets published BlueLeaks amid ongoing U.S. protests following the police killing of George Floyd and other unarmed Black Americans. German […]

The post German police seize DDoSecrets server distributing ‘BlueLeaks’ files appeared first on CyberScoop.

Continue reading German police seize DDoSecrets server distributing ‘BlueLeaks’ files

Magecart-related group hits 570 websites, taking 184,000 card numbers

Posted on by

Hackers who targeted 570 e-commerce sites to steal customer financial information compromised more than 180,000 payment cards as part of a covert fraud effort, according to new research analysis. The group, known as “Keeper,” inserted malicious computer code onto the sites, typically by exploiting weaknesses in technology provided by the sites’ third-party software suppliers. The attack technique, broadly known as Magecart, has struck many thousands of merchants in recent years, ranging from British Airways and NurtiBullet to smaller stores. Gemini Advisory, a threat intelligence startup that scans criminal forums for stolen payment card data, announced the latest campaign in a report published Tuesday. Since April 2017, the Keeper group has aimed to infect 570 websites based in 55 countries, most often in the U.S., U.K. and the Netherlands. Researchers found an unsecured access log belonging to the Keeper group containing 184,000 compromised payment cards from between July 2018 until April […]

The post Magecart-related group hits 570 websites, taking 184,000 card numbers appeared first on CyberScoop.

Continue reading Magecart-related group hits 570 websites, taking 184,000 card numbers

Researchers tie email fraud campaign aimed at Fortune 500 firms to Russian scammers

Posted on by

An emerging group of scammers masquerading as legitimate business executives is behind more than 200 email-based attacks that aim to swindle hundreds of thousands of dollars from companies, according to new findings. Dubbed “Cosmic Lynx” in research published Tuesday by the email security firm Agari, the group has targeted individuals in 46 countries since July 2019, often victimizing senior leaders in Fortune 500 or Global 2000 firms. It’s the latest in a long line of business email compromise (BEC) gangs, which impersonate trusted associates to request wire transfers or other payments. Unlike alleged operators often identified in U.S. indictments, the Cosmic Lynx group is likely made up of attackers based in Russia, researchers said, in what Agari described as the first-ever Russian crime ring of this kind. More often, prosecutions of accused BEC scammers are against suspects with roots in Nigeria. American victims reported $1.7 billion in BEC-related losses to the FBI last […]

The post Researchers tie email fraud campaign aimed at Fortune 500 firms to Russian scammers appeared first on CyberScoop.

Continue reading Researchers tie email fraud campaign aimed at Fortune 500 firms to Russian scammers

FCC officially names Huawei, ZTE as national security risks

Posted on by

The U.S. Federal Communications Commission has designated Chinese telecommunication providers Huawei and ZTE as national security risks, a decision that officially prohibits American phone companies from purchasing their equipment with government subsidies. The announcement Tuesday comes after U.S. intelligence agencies have repeatedly warned that Huawei and ZTE could conduct espionage against the U.S. and its allies on Beijing’s behalf. The FCC’s decision takes effect immediately. It prevents U.S. companies regulated by the agency from spending federal funds obtained through the $8.3 billion Universal Service Fund (USF) — which is designed to promote universal access to phone services — on equipment or services from Huawei or ZTE. The companies are subject to a Chinese law that requires firms to provide authorities with sensitive data, even if they’re unwilling to do so. FCC Chairman Ajit Pai said in a statement that both companies “have close ties to the Chinese Communist Party and China’s military apparatus,” […]

The post FCC officially names Huawei, ZTE as national security risks appeared first on CyberScoop.

Continue reading FCC officially names Huawei, ZTE as national security risks

US Cyber Command highlights Palo Alto Networks security patch, citing foreign espionage

Posted on by

U.S. cyber officials are urging American companies and individuals who rely on a popular security product to update their systems immediately, before foreign hackers can exploit a flaw in the technology to steal protected information. The Department of Homeland Security and U.S. Cyber Command said Monday that a “critical” flaw in technology from Palo Alto Networks, a multinational security firm based in California, could enable attackers “with network access” to obtain sensitive information. The flaw exists in PAN-OS, the operating system on firewalls and corporate virtual private network application products. Cyber Command said in a tweet that advanced hacking groups “will likely attempt exploit soon.” Palo Alto Networks issued a patch on Monday for the security flaw, the start of a weeks or months-long process in which corporate security teams will start updating their technologies to fend off hacking groups. The software flaw, officially dubbed CVE-2020-2021, was designated a 10.0 […]

The post US Cyber Command highlights Palo Alto Networks security patch, citing foreign espionage appeared first on CyberScoop.

Continue reading US Cyber Command highlights Palo Alto Networks security patch, citing foreign espionage

Internet freedom activists are concerned a Trump appointee could threaten pro-democracy work abroad

Posted on by

Internet freedom advocates are urging U.S. lawmakers to protect a small government-backed nonprofit that’s funded a generation of secure technologies meant to safeguard data in repressive countries. The organization, the Open Technology Fund, is an 8-year-old outfit that helps develop open and accessible technologies with an eye on promoting human rights abroad. It’s a subsidiary of the U.S. Agency for Global Media, overseer of the government operations designed to beam American news into foreign countries via outlets like Voice of America and Radio Free Asia. After a generation of quietly investing in technologies like encrypted messaging app Signal and anonymity tools like Tails and Tor, the future of the Open Technology Fund suddenly is in doubt. The new CEO of the Agency for Global Media, Michael Pack, a Trump administration appointee and a longtime ally of Steve Bannon, has fired the head of the OTF and the heads of four […]

The post Internet freedom activists are concerned a Trump appointee could threaten pro-democracy work abroad appeared first on CyberScoop.

Continue reading Internet freedom activists are concerned a Trump appointee could threaten pro-democracy work abroad

California university pays $1 million ransom amid coronavirus research

Posted on by

A university in California previously reported to be conducting COVID-19 research has paid $1.14 million to digital scammers who locked the schools’ systems and demanded an extortion fee. The University of California, San Francisco said on Friday it paid the ransom after malicious software infected a “limited number of servers” in an attack detected on June 1 at the university’s School of Medicine. While it remains unclear what, exactly, was affected, the school said the incident did not affect its patient care system, the campus network or the school’s research on the coronavirus. Scientists at the university are conducting trials into whether anti-malarial drugs may help mitigate the COVID-19 pandemic, as Bloomberg first reported. “Our investigation is ongoing but, at this time, we believe that the malware encrypted our servers opportunistically, with no particular area being targeted,” university officials said in an announcement Friday. “The attackers obtained some data as […]

The post California university pays $1 million ransom amid coronavirus research appeared first on CyberScoop.

Continue reading California university pays $1 million ransom amid coronavirus research

Admitted Russian scammer Aleksei Burkov sentenced to 9 years by US court

Posted on by

A U.S. judge has sentenced an admitted Russian scammer to nine years in prison, marking the likely end of a years-long legal saga that has involved secretive cybercriminal forums, high-level political negotiations and a proposed prisoner swap. Aleksei Burkov, 30, appeared in federal court in Alexandria, Va., to hear his sentence. The normally clean-cut Burkov appeared unshaven and with longer hair and wearing a mask as he spoke to the court through a translator. “I repent for my actions and regret my behavior in the past,” he said in a low voice. “In my childhood I met some hackers and I chose the wrong path. Only in jail did I realize how much of a wrong path my life took.” The 108-month sentence will incorporate time already served, meaning Burkov likely will spend another four and a half years in prison before he is released. The Russian man pleaded guilty in January to […]

The post Admitted Russian scammer Aleksei Burkov sentenced to 9 years by US court appeared first on CyberScoop.

Continue reading Admitted Russian scammer Aleksei Burkov sentenced to 9 years by US court

Don’t expect Huawei on DHS’s supply chain task force any time soon

Posted on by

A U.S. cybersecurity task force dedicated to protecting data throughout American networks aims to have a diverse set of opinions. That doesn’t mean just anyone is invited. Since 2018, the Department of Homeland Security’s Information and Communications Technology Supply Chain Task Force has been charged with developing strategies to ensure that government agencies and companies aren’t made vulnerable by partners, vendors, contractors, suppliers or other organizations in their business orbit. Members include a range of government bodies, telecommunication giants like Verizon and AT&T, and global tech firms including Microsoft and Cisco. DHS officials assess potential task force members based on a risk assessment that includes whether an entity might add value to ongoing conversations, and whether possible damage from including that organization outweighs the possible benefits. It’s the kind of criteria that makes the addition of a company like Huawei, the Chinese telecom that U.S. intelligence officials say represents a […]

The post Don’t expect Huawei on DHS’s supply chain task force any time soon appeared first on CyberScoop.

Continue reading Don’t expect Huawei on DHS’s supply chain task force any time soon