U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Authorities in the United States and United Kingdom today levied financial sanctions against seven men accused of operating “Trickbot,” a cybercrime-as-a-service platform based in Russia that has enabled countless ransomware attacks and bank account takeovers since its debut in 2016. The U.S. Department of the Treasury says the Trickbot group is associated with Russian intelligence services, and that this alliance led to the targeting of many U.S. companies and government entities. Continue reading U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Actions Target Russian Govt. Botnet, Hydra Dark Market

The U.S. Federal Bureau of Investigation (FBI) says it has disrupted a giant botnet built and operated by a Russian government intelligence unit known for launching destructive cyberattacks against energy infrastructure in the United States and Ukraine. Separately, law enforcement agencies in the U.S. and Germany moved to decapitate “Hydra,” a billion-dollar Russian darknet drug bazaar that also helped to launder the profits of multiple Russian ransomware groups. Continue reading Actions Target Russian Govt. Botnet, Hydra Dark Market

Foreign spies use front companies to disguise their hacking, borrowing an old camouflage tactic

Professional hackers who already try to hide their activity through an array of technical means now seem to be trying on more corporate disguises, by creating front companies or working as government contractors to boost their legitimacy. U.S. law enforcement in September accused hackers based in Iran and China of conducting global espionage operations while appearing to exist as otherwise innocuous technology firms. While the public nature of the charges are proof the efforts weren’t entirely successful, the tactic marks an evolution of the use of dummy corporations since a group of financial scammers stole a reported $1 billion by posing as a cybersecurity testing firm. “It just makes it harder to figure out who’s doing what, and what are their motivations,” John Demers, the U.S. assistant attorney general for national security, said of the apparent motivation in a recent interview. “For a company that’s suffered a breach, it may […]

The post Foreign spies use front companies to disguise their hacking, borrowing an old camouflage tactic appeared first on CyberScoop.

Continue reading Foreign spies use front companies to disguise their hacking, borrowing an old camouflage tactic

US sanctions Russian agent for 2020 election interference efforts, alleged IRA trolls

The Trump administration sanctioned four Russia-linked individuals for their efforts to interfere in the 2020 U.S. elections, the Treasury Department announced Thursday. The Treasury’s Office of Foreign Assets Control (OFAC) is specifically sanctioning Andriy Derkach, a Ukrainian politician who has been an “active Russian agent for over a decade,” for his efforts to interfere in the 2020 U.S. presidential elections in the U.S., it said in a release. Derkach waged a covert influence campaign that relied on edited audio taps and other materials meant to discredit U.S. officials, and sway public opinion, prior to Election Day, according to the Treasury Department. “Derkach has directly or indirectly engaged in, sponsored, concealed, or otherwise been complicit in foreign interference in an attempt to undermine the upcoming 2020 U.S. presidential election,” OFAC said in the release. OFAC is also sanctioning three members of the Russian government’s social media troll farm, the Internet Research Agency, […]

The post US sanctions Russian agent for 2020 election interference efforts, alleged IRA trolls appeared first on CyberScoop.

Continue reading US sanctions Russian agent for 2020 election interference efforts, alleged IRA trolls

EU sanctions Russian intelligence, Chinese nationals and a North Korean front company for alleged hacks

The European Union has sanctioned six people and three organizations in Russia, China and North Korea in connection with three major cyberattacks dating back to 2017. EU officials announced Thursday they would enact restrictive measures against the people it deemed responsible for the WannaCry ransomware outbreak in 2017, the NotPetya campaign and Operation Cloud Hopper, a Chinese cyber-espionage effort. Penalties include a travel ban, asset freeze and prohibit people and organizations in the EU from “making funds available” to the sanctioned individuals and entities. The move follows previous U.S. allegations against many of the same parties. “Sanctions are one of the options available in the EU’s cyber diplomacy toolbox to prevent, deter and respond to malicious cyber activities directed against the EU or its member states, and today is the first time the EU has used this tool,” officials said in a statement. The sanctions name unit 74455 of Russia’s […]

The post EU sanctions Russian intelligence, Chinese nationals and a North Korean front company for alleged hacks appeared first on CyberScoop.

Continue reading EU sanctions Russian intelligence, Chinese nationals and a North Korean front company for alleged hacks

The case for a National Cyber Director

Although the aftershocks of COVID-19 will last for years, one result is already clear — shifting more activity online has increased our society’s digital dependence even faster than expected. The federal government’s cybersecurity capabilities need to keep pace. Although some Federal agencies, particularly the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security (DHS), have made significant improvements over the last few years, at least three factors impede government-wide progress. First, cybersecurity’s cross-cutting nature does not fit with the U.S. government’s bureaucratic structure. Second, agencies are not incentivized to sustain the degree of coordination required for effective cybersecurity. Third, a lack of central leadership hinders effective incident response. No single policy action will solve these problems, but creating a National Cyber Director along the lines of what the Cyberspace Solarium Commission recommends would be a good start. Bureaucracies prefer issues that fit neatly into one organization’s mission. […]

The post The case for a National Cyber Director appeared first on CyberScoop.

Continue reading The case for a National Cyber Director

Treasury Department sanctions six Nigerians after email scam nabs millions of dollars

U.S. officials have sanctioned six Nigerian men for their involvement in email fraud schemes resulting in the theft of more than $6 million from American businesses and individuals. The Department of Treasury announced on Tuesday it had taken action against the accused scammers as part of an effort to stifle business email compromise efforts, in which attackers pose as co-workers, family members or romantic partners. In this case, suspects impersonated executives and potential love interests to obtain victims’ bank account information, usernames and passwords, Treasury officials said. More than 19,000 Americans reported being victimized by such crimes in 2019, leading to $1.5 billion in known theft, according to the most recent figures from the FBI. Reported losses have increased every year since the bureau started tracking BEC figures in 2013, officials said. “Cybercriminals prey on vulnerable Americans and small businesses to deceive and defraud them,” Treasury Secretary Steven Mnuchin said […]

The post Treasury Department sanctions six Nigerians after email scam nabs millions of dollars appeared first on CyberScoop.

Continue reading Treasury Department sanctions six Nigerians after email scam nabs millions of dollars

North Korea issues blanket denial to US hacking accusations

The North Korean government issued a statement denying U.S. allegations that hackers used cyberattacks to raise money on Pyongyang’s behalf. U.S. and international cybersecurity officials, along with private sector specialists, have accused North Korean hackers of infiltrating global financial networks, stealing from ATMs, and demanding ransoms in bitcoin as part of a wider effort to help the government evade sanctions. The FBI, along with the departments of Homeland Security, Treasury and State, issued an advisory in May warning that North Korean hackers had used an array of malicious software tools to continue their operations. “We know well that the ulterior intention of the United States is to tarnish the image of our state and create a moment for provoking us by employing a new leverage called ‘cyber threat’ together with the issues of nuke, missiles, ‘human rights,’ ‘sponsoring of terrorism’ and ‘money laundering,’” North Korea’s Ministry of Foreign Affairs said […]

The post North Korea issues blanket denial to US hacking accusations appeared first on CyberScoop.

Continue reading North Korea issues blanket denial to US hacking accusations

Cloudflare may have provided service to terrorists, drug traffickers in violation of U.S. sanctions

Internet services and cybersecurity provider Cloudflare has acknowledged it may have violated U.S. sanctions by doing business with terrorist groups and international drug traffickers, an admission that comes as the San Francisco company prepares to go public as soon as this week. Cloudflare voluntarily disclosed the possible economic and trade sanction violations to the U.S. Department of Treasury in its S-1 filing, amended to stipulate that Cloudflare technology was “used by, or for the benefit of, certain individuals or entities” named on the Office of Foreign Assets Control’s list of Specially Designated Nationals, as the Wall Street Journal first reported. The filing does not name specific parties, saying only that the group includes “entities identified in OFAC’s counter-terrorism and counter-narcotics trafficking sanctions programs, or affiliated with governments currently subject to comprehensive U.S. sanctions.” A small number of those entities also made payments to Cloudflare. The updated regulatory filing also notes […]

The post Cloudflare may have provided service to terrorists, drug traffickers in violation of U.S. sanctions appeared first on CyberScoop.

Continue reading Cloudflare may have provided service to terrorists, drug traffickers in violation of U.S. sanctions

Criminals made off with $301 million per month last year via business email compromise scams

If your boss sends you an email asking for a wire transfer, you should think twice. Hackers are using compromised corporate email accounts to steal more money than ever, according to new findings from a federal anti-money laundering watchdog. Business email compromise scams, in which scammers impersonate corporate executives to request money transfers, cost organizations an average of $301 million every month last year, according to a report released Tuesday by the Financial Crime Enforcement Network (FinCEN), a U.S. Department of Treasury unit. The federal anti-money laundering watchdog said it received roughly 14,000 suspicious activity reports related to BEC scams last year, compared to about 6,000 in 2016. The findings add more evidence to the notion that, despite more corporate training, stronger anti-phishing and anti-spoofing measures, and more security attention, thieves from around the world are continuing to siphon dollars from U.S. businesses of all sizes. “BEC continues to be […]

The post Criminals made off with $301 million per month last year via business email compromise scams appeared first on CyberScoop.

Continue reading Criminals made off with $301 million per month last year via business email compromise scams