Collaborate Disseminate
International law enforcement continues to dismantle the LockBit ransomware gang’s infrastructure.
Read more in my article on the Tripwire State of Security blog.
Continue reading Tick tock.. Operation Cronos arrests more LockBit ransomware gang suspects
Previously seized LockBit websites have been used to announce more arrests, charges and infrastructure disruptions.
The post More LockBit Hackers Arrested, Unmasked as Law Enforcement Seizes Servers appeared first on SecurityWeek.
Continue reading More LockBit Hackers Arrested, Unmasked as Law Enforcement Seizes Servers
The Russian government today handed down a treason conviction and 14-year prison sentence on Iyla Sachkov, the former founder and CEO of one of Russia’s largest cybersecurity firms. Sachkov, 37, has been detained for nearly two years under charges that the Kremlin has kept classified and hidden from public view, and he joins a growing roster of former Russian cybercrime fighters who are now serving hard time for farcical treason convictions. Continue reading Russia Sends Cybersecurity CEO to Jail for 14 Years
Researchers found a number of similarities between Evil Corp and a new group of attackers.
The post Evil Corp affiliates are using off-the-shelf ransomware to evade sanctions appeared first on CyberScoop.
Continue reading Evil Corp affiliates are using off-the-shelf ransomware to evade sanctions
A Twitter account known as ContiLeaks debuted to much fanfare in late February, with people around the globe watching as tens of thousands of leaked chats between members of the Russia-based ransomware gang Conti hit the web. In the days after the leaks, many celebrated what they thought would be a devastating blow to Conti, which a Ukrainian security researcher had apparently punished by leaking the internal chats because the gang threatened to “strike back” at any entities that organized “any war activities against Russia.” But ten days after the leaks began, Conti appears to be thriving. Experts say the notorious ransomware gang has pivoted all too easily, replacing much of the infrastructure that was exposed in the leaks while moving quickly to hit new targets with ransom demands. According to Vitali Kremez, CEO of the cybersecurity firm AdvIntel, by Monday morning Conti had successfully completed two new data breaches at […]
The post Ransomware gang Conti has already bounced back from damage caused by chat leaks, experts say appeared first on CyberScoop.
A phishing campaign using a well-known malware families is employing a pair of particularly devious methods to trick targets into opening an infected file: fake employee termination notices and phony omicron-variant exposure warnings. A threat researcher going by the name of “TheAnalyst” posted a screenshot of the fake employment termination notice Dec. 22, attributing it to a Dridex affiliate. The suspicious email told the target that their employment would cease as of Dec. 24, and that the decision was not reversible. An attached password-protected Excel file promised additional details. Once a recipient opened a file, a blurred form appeared with a button to “Enable Content,” which enabled the file to run an automated script through its macros feature, a technique intended to help automation that simultaneously has been abused for years for malicious purposes. After the button was clicked, a pop-up window appeared: “Merry X-Mas Dear Employees!” Dridex is a […]
The post Fake Christmas Eve termination notices used as phishing lures appeared first on CyberScoop.
Continue reading Fake Christmas Eve termination notices used as phishing lures
Joe Tidy, technology reporter at BBC News rather bravely did something that many other journalists would probably balk at doing.
He decided he wanted to talk to Russian hackers face-to-face, on their home turf, and ask them their side of the story. Continue reading On the trail of Russia’s $100 million Evil Corp hacking gang
A ransomware group known as Grief claimed on Wednesday to have hacked the National Rifle Association, releasing 13 documents allegedly belonging to the organization and threatening to release more if the NRA doesn’t pay an extortion fee of an undisclosed sum. The documents previewed on Grief’s leak site include grant applications and minutes from a meeting. The group claims to possess more documents. However, ransomware actors have been known to exaggerate the amount of data obtained in a hack. CyberScoop has not independently verified the documents. An NRA spokesperson declined to comment when reached by phone. Multiple researchers have said that Grief is affiliated with the Russian ransomware group Evil Corp. Evil Corp.’s involvement could potentially put the NRA at risk of violating U.S. sanctions if it pays the attackers after the Treasury Department sanctioned that gang in 2019. The Justice Department also charged two Evil Corp. members with criminal […]
The post A Russian-speaking ransomware gang says it hacked the National Rifle Association appeared first on CyberScoop.
Continue reading A Russian-speaking ransomware gang says it hacked the National Rifle Association
Evil Corp., one of the most notorious and prolific Russian cybercrime groups in recent years with a leader who has been accused of working with Russian intelligence, was reportedly behind last weekend’s cyberattack on Sinclair Broadcast Group. The revelation, first reported by Bloomberg Wednesday, is noteworthy because the U.S. Treasury department sanctioned the group in December, 2o19, making any U.S. company’s transactions with it illegal. The group used a new strain of malware called Macaw in the Sinclair attack, said Allan Liska, a senior threat analyst at Recorded Future. The Justice Department also announced a sealed indictment against Evil Corp. leader Maksim Yakubets in 2019 the same day as the Treasury sanctions. The U.S. government accused Yakubets and another Russian national, Igor Turashev, of being behind malware strains known as Bugat and Dridex, which authorities say hackers employed to target hundreds of banks in more than 40 countries and net the […]
The post Notorious Russian ransomware gang Evil Corp. reportedly hit Sinclair Broadcast Group appeared first on CyberScoop.
Eastern Europe remains a hotbed for illicit cryptocurrency activity, new research shows. Between June 2020 and July 2021, Eastern Europe-based cryptocurrency addresses sent $815 million to investment ponzi scams that lure users with false promises of high returns, according to Chainalysis data published Wednesday. Ukraine, in particular, drove a significant amount of the region’s traffic to the fraud websites, trouncing second-place United States by roughly 20 million visits. Half the money sent in the region went to just one apparent fraud effort. Between December 2019 and August 2021, users sent over $1.5 billion worth of bitcoin to Finiko, a Russia-based ponzi-scheme whose founders are under arrest or have fled Russia. The company marketed itself as a referral network that would reward investors with high returns, only to come under scrutiny from authorities in Moscow for allegedly defrauding users. The report highlights that while Eastern Europe is largely seen as the recipient […]
The post Cryptocurrency payments to scams outpace ransomware jackpots in Eastern Europe, Chainalysis finds appeared first on CyberScoop.