Cybercrime

April 12, 2022

Western law enforcement agencies have dismantled an online marketplace used to buy and sell hacked and stolen personal data belonging to millions of people, and have charged the platform’s founder and chief administrator, officials announced Tuesday. Authorities say the RaidForums website trafficked in hundreds of databases of sensitive data, including credit card and Social Security numbers ...

April 11, 2022

A banking trojan for Android that researchers call Fakecalls comes with a powerful capability that enables it to take over calls to a bank’s customer support number and connect the victim directly with the cybercriminals operating the malware. Disguised as a mobile app from a popular bank, Fakecalls displays all the marks of the entity it ...

April 11, 2022

Trend Micro Threat Research observed active exploitation of the Spring4Shell vulnerability assigned as CVE-2022-22965, which allows malicious actors to weaponize and execute the Mirai botnet malware. The exploitation allows threat actors to download the Mirai sample to the “/tmp” folder and execute them after permission change using “chmod”. Researchers began seeing malicious activities at the start ...

April 9, 2022

A new Android banking malware named Octo has appeared in the wild, featuring remote access capabilities that allow malicious operators to perform on-device fraud. Octo is an evolved Android malware based on ExoCompact, a malware variant based on the Exo trojan that quit the cybercrime space and had its source code leaked in 2018. The new variant ...

April 9, 2022

Cyberattacks took down Finnish government websites on Friday while Ukrainian President Volodymyr Zelenskyy addressed Finland’s members of parliament (MPs). Denial-of-service (DoS) attacks hit Finland’s ministries of Defense and Foreign Affairs’ websites around noon local time. About an hour later, both government agencies tweeted that the websites were back up and running. The Finnish Ministry of Foreign Affairs ...

April 9, 2022

A hacking group used the Conti’s leaked ransomware source code to create their own ransomware to use in cyberattacks against Russian organizations. While it is common to hear of ransomware attacks targeting companies and encrypting data, we rarely hear about Russian organizations getting attacked similarly. This lack of attacks is due to the general belief by Russian ...

April 8, 2022

A Ukrainian national has been sentenced as a member of the FIN7 hacking group. On Thursday, the US Department of Justice (DoJ) announced the sentencing of Denys Iarmak to five years in prison for working as a FIN7 penetration tester. FIN7, also known as Carbanak, is a prolific cybercriminal group that focuses on financial theft. Active since ...

April 7, 2022

In early December 2021, a new ransomware actor started advertising its services on a Russian underground forum. They presented themselves as ALPHV, a new generation Ransomware-as-a-Service (RaaS) group. Shortly afterwards, they dialed up their activity, infecting numerous corporate victims around the world. The group is also known as BlackCat. One of the biggest differences from other ...

April 6, 2022

The Conti ransomware gang is still actively running campaigns against victims around the world, despite the inner workings of the group being revealed by data leaks. One of the most prolific ransomware groups of the last year, Conti has encrypted networks of hospitals, businesses, government agencies and more – in many cases, receiving a significant ransom ...

April 5, 2022

US and German federal agencies came down hard on Hydra, the longest-running known dark-web marketplace trafficking in illegal drugs and money-laundering services, with a multi-pronged attack that aimed to cut off multiple heads of the nefarious online beast. First, German federal police in coordination with US law enforcement seized Hydra servers and cryptocurrency wallets containing $25 ...