Eastern Europe – Page 2 – WindowsTechs.com

Bank heist with FIN7 traits went down while leaders were on the run, research suggests

Posted on June 4, 2019 by Jeff Stone

Digital thieves who spent more than two months lurking inside the networks of an Eastern European bank last year used the same techniques as the infamous cybercriminal gang known as FIN7 or Carbanak, according to new research. Romanian security vendor Bitdefender said Tuesday its researchers have uncovered new details about a bank heist in which hackers patiently collected employee credentials and other data meant to help them access banking data and control ATM networks. These findings coincide with previous researchers’ suggestion that FIN7 is a relatively large group made of perhaps a dozen individuals who have been able to weather law enforcement pressure while updating their hacking tactics. The 2018 breach at the bank, which Bitdefender declined to identify, occurred as international authorities were taking action against alleged members of FIN7, an organized crime group that threat intelligence researchers may have stolen $1 billion. The group carried out the attack detailed in […]

The post Bank heist with FIN7 traits went down while leaders were on the run, research suggests appeared first on CyberScoop.

Continue reading Bank heist with FIN7 traits went down while leaders were on the run, research suggests→

Researchers paint different portraits of hackers behind Ryuk ransomware

Posted on February 20, 2019 by Sean Lyngaas

Analysts poring over the Ryuk ransomware are coming to different conclusions about the hackers responsible and the victims they’re targeting, highlighting the subjective side of cyberthreat studies. One thing, however, is clear: the infectious malware pays. Newly published research from McAfee and Coveware finds that the average ransom payment involving Ryuk is more than 10 times that of other types of ransomware. Some victims of Ryuk “either lost their data or took on staggering financial risk to pay the ransom,” the researchers wrote. In some cases, Ryuk’s purveyors took big payouts of over 100 bitcoin (nearly $400,000 at current rates), in others they were satisfied with squeezing smaller sums from the victims, the McAfee-Coveware report said. The research follows a January report from another company, CrowdStrike, saying that hackers had earned $3.7 million from Ryuk since the ransomware emerged in August. Victims have reportedly included a North Carolina water utility and multiple […]

The post Researchers paint different portraits of hackers behind Ryuk ransomware appeared first on CyberScoop.

Continue reading Researchers paint different portraits of hackers behind Ryuk ransomware→

Facebook scrubs accounts spreading disinformation in Moldova ahead of heated election

Posted on February 14, 2019 by Jeff Stone

Facebook has removed nearly 200 accounts and pages for spreading fake news about Moldova ahead of an election that could deepen the divide between the country’s pro-Russian and pro-Western lawmakers. The social media company announced Wednesday it took 168 Facebook accounts, 28 pages and eight Instagram accounts offline for misleading users in Moldova about who they were. The pages posted frequently about political issues such as required Russian language education and Moldova’s supposed reunification with Romania posed as a fact-checking organization or spread doctored photos, Facebook said. “Although the people behind this activity attempted to conceal their identities, our manual review found that some of this activity was linked to employees of the Moldovan government,” Facebook said. Roughly 54,000 accounts followed at least one of the pages Facebook has removed, and some 1,300 accounts followed one of the Instagram pages. Moldova, one of the poorest countries in Europe, is scheduled to […]

The post Facebook scrubs accounts spreading disinformation in Moldova ahead of heated election appeared first on CyberScoop.

Continue reading Facebook scrubs accounts spreading disinformation in Moldova ahead of heated election→

Cobalt Group Pushes Revamped ThreadKit Malware

Posted on December 11, 2018 by Tom Spring

Threat actors have updated their malware to include a macro-based delivery framework. Continue reading Cobalt Group Pushes Revamped ThreadKit Malware→

Kaspersky: Physical devices used to steal ‘tens of millions’ from Eastern Europe banks

Posted on December 6, 2018 by Zaid Shoorbajee

Banks in Eastern Europe were targeted with cyberattacks that involved the planting of physical devices on premises, according to a report from Russian cybersecurity company Kaspersky Lab published Thursday. Researchers say the attacks have resulted in “tens of millions of dollars” in damage at at least eight banks. “In some cases, it was the central office, in others a regional office, sometimes located in another country,” the report says. Kaspersky says the attacks, dubbed “DarkVishnya,” were carried out by in-person by a third party who planted devices that connect directly to the banks’ networks. The attackers used one of three tools, the researchers say: a laptop, a Raspberry Pi computer or a Bash Bunny — a USB drive-looking device specifically designed to deliver a malicious payload. Sergey Golovanov, a security expert at Kaspersky, told CyberScoop in an email that the researchers realized that physical devices were being used because of a discrepancy between the number of authorized devices versus […]

The post Kaspersky: Physical devices used to steal ‘tens of millions’ from Eastern Europe banks appeared first on Cyberscoop.

Continue reading Kaspersky: Physical devices used to steal ‘tens of millions’ from Eastern Europe banks→

Symantec reveals state-sponsored group that doesn’t care for malware

Posted on October 10, 2018 by Sean Lyngaas

A newly revealed hacking group has been going after diplomatic and military targets in a malware-less campaign that researchers say makes it difficult to detect. Over the last 10 months, the so-called Gallmaker group has conducted what appear to be cyber-espionage operations against several embassies belonging to an Eastern European country, according to research from cybersecurity company Symantec published Wednesday. The group, which researchers say is likely state-sponsored, has also targeted military and defense organizations in the Middle East. “The type of targets seen in the attacks really fit that of what an espionage group would be interested in,” Jon DiMaggio, senior threat intelligence analyst at Symantec, told CyberScoop. “If simply for financial gain, it would be odd to restrict targets to diplomatic, military and defense personnel.” Gallmaker’s end goal appears to collecting intelligence on its targets in the form of documents and communications, according to DiMaggio. Gallmaker’s hackers use […]

The post Symantec reveals state-sponsored group that doesn’t care for malware appeared first on Cyberscoop.

Continue reading Symantec reveals state-sponsored group that doesn’t care for malware→

Cobalt Group Targets Banks in Eastern Europe with Double-Threat Tactic

Posted on August 30, 2018 by Tara Seals

The campaign uses double infection points and two command-and-control servers. Continue reading Cobalt Group Targets Banks in Eastern Europe with Double-Threat Tactic→