Author Archives: Jeff Stone

Pioneering spammer Peter Levashov is sentenced to time served after 33 months

Posted on by

A U.S. judge sentenced a Russian man who built a reputation as a global spam kingpin to time served in prison, over the wishes of prosecutors who hoped the defendant would spend more than a decade behind bars. Peter Levashov, known by the online alias “Severa,” who was arrested in Spain in 2017, faced up to 12 more years in prison after he pleaded guilty to operating one of the largest botnets ever. The botnet, an army of hacked computers used for fraud, was called Kelihos, and primarily trafficked in denial-of-service attacks and email spam. Levashov also admitted to running two other botnets, Storm Worm and Waledac, which prosecutors said sent up to 1.5 billion spam messages a day at its most prolific. A plea deal struck in 2018 pegged the number of estimated losses at $7 million, though such figures are notoriously unreliable. Levashov, a 40-year-old native of St. […]

The post Pioneering spammer Peter Levashov is sentenced to time served after 33 months appeared first on CyberScoop.

Continue reading Pioneering spammer Peter Levashov is sentenced to time served after 33 months

REvil ransomware gang sites go dark, for reasons that remain unclear

Posted on by

The ransomware gang behind a string of recent attacks that netted tens of millions of dollars may have been too successful for its own good. REvil, the Russian-speaking hacking crew that claimed responsibility for a hack at the IT firm Kaseya that yielded perhaps thousands of victims, largely went dark Tuesday morning, according to multiple security researchers. The dark web site where REvil typically posts victim data and a payment site suddenly went down, while one site apparently ceased responding to Domain Name System requests. The cause of the outages was not immediately clear. Ransomware gangs frequently shutter their operations, update their tradecraft or evolve into different extortion techniques after profitable periods. The White House recently said it reserves the right to “take any necessary action to defend its people and its critical infrastructure” in the face of costly digital extortion attacks. REvil, widely suspected to be based in Russia, […]

The post REvil ransomware gang sites go dark, for reasons that remain unclear appeared first on CyberScoop.

Continue reading REvil ransomware gang sites go dark, for reasons that remain unclear

SolarWinds says hackers used a zero-day flaw for ‘targeted attacks’ in a new breach

Posted on by

The federal contractor at the heart of a cyber-espionage campaign that caused months of consternation throughout the U.S. government says hackers have struck again. SolarWinds says an attacker leveraged a software vulnerability in a company product to carry out “limited, targeted attacks.” The unknown hacker used a zero-day flaw in SolarWinds’ Serv-U Managed File Transfer and Serv-U Secure FTP, which are used to transmit data, to target an unknown number of the firm’s customers. Such access would have allowed hackers to install programs; view, manipulate or delete data; or run their own software on an affected system, SolarWinds said in an advisory. “Microsoft has provided evidence of limited, targeted customer impact, though SolarWinds does not currently have an estimate of how many customers may be directly affected by the vulnerability,” the company statement added. “SolarWinds is unaware of the identity of the potentially affected customers.” The breach appears to be […]

The post SolarWinds says hackers used a zero-day flaw for ‘targeted attacks’ in a new breach appeared first on CyberScoop.

Continue reading SolarWinds says hackers used a zero-day flaw for ‘targeted attacks’ in a new breach

SolarWinds hackers had access to Denmark’s central bank for 7 months, report says

Posted on by

A group of Russian hackers is accused of compromising a Danish bank in the latest example of fallout involving cyber-espionage emanating from Moscow, according to a European media outlet that cites documents related to the incident. Denmark’s central bank, or Danmarks Nationalbank, was compromised by the same spies who used software made by the U.S. federal contractor SolarWinds to breach nine U.S. government agencies and dozens of companies, Version 2, a Danish new site, reported Tuesday. By leveraging the SolarWinds technology, hackers infiltrated the company’s partners and clients, spending at least seven months inside the networks of the Danish financial institution, the site reported based on internal emails sent to the bank from outside investigators. Investigators have suggested that the Russian hacking group known as Cozy Bear — thought to be associated with the SVR intelligence agency — corrupted a software update in the SolarWinds Orion product, using the seemingly […]

The post SolarWinds hackers had access to Denmark’s central bank for 7 months, report says appeared first on CyberScoop.

Continue reading SolarWinds hackers had access to Denmark’s central bank for 7 months, report says

International cops seize DoubleVPN, a service allegedly meant to shield ransomware attacks from investigators

Posted on by

A security tool that hackers used to disguise their ransomware attacks, email scams and other nefarious activity is offline following a global law enforcement action. Servers and web domains belonging to DoubleVPN, a virtual private network (VPN), were seized during an investigation by the Dutch National Police, the FBI, the U.K.’s National Crime Agency and Europol, authorities said Wednesday. Accused cybercriminals advertised DoubleVPN throughout Russian and English-speaking hacker markets as a means of helping customers hide their location and internet traffic from police for prices as low as $25. “Law enforcement gained access to the servers of DoubleVPN and seized personal information, logs and statistics kept by DoubleVPN about all of its customers,” a seizure notice on the site advised. “DoubleVPN’s owners failed to provide the services they promised.” The police announcement did not identify the specific ransomware gangs that allegedly used DoubleVPN. Internet users throughout the world rely on […]

The post International cops seize DoubleVPN, a service allegedly meant to shield ransomware attacks from investigators appeared first on CyberScoop.

Continue reading International cops seize DoubleVPN, a service allegedly meant to shield ransomware attacks from investigators

Russian hackers breached Microsoft customer support to try phishing targets in 36 countries

Posted on by

State-sponsored Russian hackers compromised a Microsoft customer support representative’s account, leveraging that access to try to hack other customers, the company said. The cyber-espionage group that Microsoft calls Nobelium — also known as APT 29 and Cozy Bear — obtained “basic account information” about a limited number of customers as part of the effort. The same group is the primary suspect in the data breach at federal contractor SolarWinds, a hack in which spies also breached nine U.S. federal agencies and scores of technology companies. “This recent activity was mostly unsuccessful, and the majority of targets were not successfully compromised — we are aware of three compromised entities to date,” said the Microsoft blog post. “All customers that were compromised or targeted are being contacted through our state-notification process.” The apparent Russian hackers used information-stealing malware to infect a customer support machine, then used data found on that device to […]

The post Russian hackers breached Microsoft customer support to try phishing targets in 36 countries appeared first on CyberScoop.

Continue reading Russian hackers breached Microsoft customer support to try phishing targets in 36 countries

Andrii Kolpakov, who supervised hackers for FIN7, sentenced to 7 years in prison

Posted on by

A U.S. court on Thursday sentenced Andrii Kolpakov, a Ukrainian national, to seven years in prison for his role in the FIN7 gang. Kolpakov, 33, functioned as a supervisor for a small team of hackers who between 2016 and 2018 breached victims including Chipotle, Red Robin, Arby’s and other U.S. corporations. Victims experienced “enormous” losses, according to the Justice Department, that by some estimates have exceeded $1 billion. Kolpakov pleaded guilty in November 2020 and faced up to 25 years behind bars. Spanish police arrested him in 2018, ultimately extraditing him to the U.S. “During the course of the scheme, [Kolpakov] received compensation for his participation in FIN7, which far exceeds comparable legitimate employment in Ukraine,” the plea deal noted. “For the purposes of this plea agreement, the parties agree that — during [Kolpakov’s] participation in the malware scheme — FIN7 illegal activity resulted in over $100 million in losses […]

The post Andrii Kolpakov, who supervised hackers for FIN7, sentenced to 7 years in prison appeared first on CyberScoop.

Continue reading Andrii Kolpakov, who supervised hackers for FIN7, sentenced to 7 years in prison

Tulsa police say 18,000 files are leaked after Conti ransomware hack

Posted on by

Citations and internal police department files from the city of Tulsa, Oklahoma are circulating on cybercriminal marketplaces after a ransomware incident in which hackers stole some 18,000 files, city officials say. A notice posted on a municipal website on June 22 warns that residents’ data including names, birth dates and driver’s license numbers is accessible to scammers following a hack carried out by the Conti ransomware gang. The digital extortionists breached the Tulsa police department in May, leaking stolen data about 22 officers and promising to publish more if the city refused to pay a ransom. “[O]ut of an abundance of caution, anyone who has filed a police report, received a police citation, made a payment with the City, or interacted with the City in any way where [personally identifiable information] was shared, whether online, in-person or on paper, prior to May 2021, is being asked to take monitoring precautions,” […]

The post Tulsa police say 18,000 files are leaked after Conti ransomware hack appeared first on CyberScoop.

Continue reading Tulsa police say 18,000 files are leaked after Conti ransomware hack

John McAfee found dead after Spanish court approved extradition to US, reports say

Posted on by

John McAfee, a cybersecurity industry pioneer who would go on to promote various cryptocurrencies and flee international law enforcement, has died in Spain, according to multiple news reports.
McAfee, 75, died in a jail cell in Barcelona while awaiting… Continue reading John McAfee found dead after Spanish court approved extradition to US, reports say

US seizes more than 30 websites connected to Iran, alleging disinformation and sanctions violations

Posted on by

The U.S. on Tuesday seized more than two dozen websites for allegedly violating sanctions and spreading disinformation on behalf of the Iranian government. The Department of Justice said Iran’s Islamic Radio and Television Union controlled 33 websites, months after the U.S. issued sanctions against the same organization for what officials described as spreading disinformation meant to influence Americans’ opinions prior to the presidential election in 2020. Press TV, Iran’s state-owned news broadcaster, and three other sites that the U.S. said are connected to Kata’ib Hizballah, a foreign terrorist organization, also broadcast messages saying the Justice Department had taken control of the domains. In what seems to be a coordinated action, a similar message appears on the websites of Iranian and regional television networks that claims the domains of the websites have been “seized by the United States Government.” pic.twitter.com/JloU56LvpL — Press TV (@PressTV) June 22, 2021 The Treasury Department issued […]

The post US seizes more than 30 websites connected to Iran, alleging disinformation and sanctions violations appeared first on CyberScoop.

Continue reading US seizes more than 30 websites connected to Iran, alleging disinformation and sanctions violations