Lorenzo Franceschi-Bicchierai@techcrunch.com
//
The U.S. Secret Service, in collaboration with international law enforcement agencies, has seized the domain of the Russian cryptocurrency exchange Garantex. This action was part of an ongoing investigation and involved agencies such as the Department of Justice's Criminal Division, the FBI, Europol, the Dutch National Police, the German Federal Criminal Police Office, the Frankfurt General Prosecutor's Office, the Finnish National Bureau of Investigation, and the Estonian National Criminal Police. The Secret Service confirmed the seizure of website domains associated with Garantex's administration and operation.
The seizure warrant was obtained by the US Attorney's Office for the Eastern District of Virginia. Garantex had previously been sanctioned by the U.S. in April 2022, due to its association with illicit activities. Authorities have linked over $100 million in transactions on the exchange to criminal enterprises and dark web markets, including substantial sums connected to the Conti ransomware gang and the Hydra online drug marketplace.
References :
- bsky.app: The US Secret Service has seized the domain of the sanctioned Russian cryptocurrency exchange Garantex in collaboration with the Department of Justice's Criminal Division, the FBI, and Europol.
- The Register - Security: International cops seize ransomware crooks' favorite Russian crypto exchange
- infosec.exchange: UPDATE: Secret Service spokesperson told us that it "has seized website domains associated with the administration and operation of Russian cryptocurrency exchange, Garantex as part of an ongoing investigation."
- Zack Whittaker: NEW: Russian crypto exchange Garantex has been seized by the U.S. Secret Service during an international law enforcement operation. FBI declined to comment; Secret Service didn't respond, but Garantex's domain is now pointing to nameservers run by the Secret Service. More from :
- securityaffairs.com: International law enforcement operation seized the domain of the Russian crypto exchange Garantex
- The Register - Security: Uncle Sam charges alleged Garantex admins after crypto-exchange web seizures
- infosec.exchange: NEW: The U.S. government has accused two administrators of Russian crypto exchange Garantex of facilitating money laundering for terrorists and cybercriminals. Aleksej Besciokov and Aleksandr Mira Serda allegedly knew they were helping ransomware hackers as well as DPRK's Lazarus Group. Besciokov is also accused of conspiracy to violate U.S. sanctions.
- The Hacker News: U.S. Secret Service Seizes Russian Garantex Crypto Exchange Website
- infosec.exchange: NEW: U.S. Secret Service and other international law enforcement agencies have seized the website of Russian crypto exchange Garantex. Garantex had previously been sanctioned by the U.S. government for being associated with ransomware gangs like Conti and darknet markets, as well as by the European Union for ties to sanctioned Russian banks.
- The DefendOps Diaries: International Collaboration in the Takedown of Garantex
- Threats | CyberScoop: The Department of Justice also indicted two men tied to the exchange.
- BleepingComputer: The administrators of the Russian Garantex crypto-exchange have been charged in the United States with facilitating money laundering for criminal organizations and violating sanctions.
- techcrunch.com: US charges admins of Garantex for allegedly facilitating crypto money laundering for terrorists and hackers
- Metacurity: Law enforcement took down hacker-friendly Russian crypto exchange Garantex
- www.scworld.com: Global law enforcement crackdown hits Russian crypto exchange Garantex
- securityonline.info: Secret Service-Led Operation Seizes Garantex Cryptocurrency Exchange
- techcrunch.com: Russian crypto exchange Garantex seized by law enforcement operation
- Jon Greig: US officials charged Aleksej Besciokov and Aleksandr Mira Serda on Friday for their roles at Garantex They also made copies of Garantex’s customer and accounting databases before servers were seized by German and Finnish officials
- infosec.exchange: NEW: After authorities took down the domains of Russian crypto exchange's Garantex, and charged two of its administrators for facilitating money laundering, the company is now inviting customers for “face-to-face meetings� at its headquarters. 🤔
- hackread.com: Garantex Crypto Exchange Seized, Two Charged in Laundering Scheme
- techcrunch.com: Following takedown operation, Garantex invites customers to ‘face-to-face’ Moscow meeting
Classification:
- HashTags: #Garantex #Cryptocurrency #Ransomware
- Company: Garantex
- Target: Garantex
- Product: Cryptocurrency exchange
- Feature: money laundering
- Type: Hack
- Severity: Major
@techcrunch.com
//
A global police operation involving agencies from Europe, Japan, the U.S., and the U.K. has successfully seized the dark web leak site of the 8Base ransomware gang. The takedown message displayed on the site was confirmed as legitimate by Lucy Sneddon, a spokesperson for the U.K.’s National Crime Agency. While the U.K. played a supportive role, other involved agencies have not yet commented. Security researchers first noticed the seizure notice earlier this week.
This operation is part of a larger effort targeting ransomware gangs. In a related development, authorities have arrested four suspected Phobos ransomware hackers in Phuket, Thailand. These individuals are accused of conducting cyberattacks on over 1,000 victims worldwide and extorting $16,000,000 worth of Bitcoin. The operation, codenamed "Phobos Aetor," involved raids across multiple locations.
References :
- CyberInsider: Phobos Ransomware Gang Dismantled in International Sting
- BleepingComputer: Police arrests 4 Phobos ransomware suspects, seizes 8Base sites
- BleepingComputer: A global law enforcement operation targeting the Phobos ransomware gang has led to the arrest of four suspected hackers in Phuket, Thailand, and the seizure of 8Base's dark web sites. The suspects are accused of conducting cyberattacks on over 1,000 victims worldwide.
- bsky.app: A global law enforcement operation targeting the Phobos ransomware gang has led to the arrest of four suspected hackers in Phuket, Thailand, and the seizure of 8Base's dark web sites. The suspects are accused of conducting cyberattacks on over 1,000 victims worldwide.
- Carly Page: Mastodon post confirming the takedown of 8Base's leak site.
- techcrunch.com: TechCrunch reports on the global police operation seizing the 8base ransomware gang leak site.
- www.bleepingcomputer.com: BleepingComputer's report on the takedown of 8Base's dark web sites.
- DataBreaches.Net: Reports on police arresting 4 Phobos ransomware suspects and seizing 8Base sites.
- Threats | CyberScoop: cyberscoop article on 8base
- cyberscoop.com: Thai authorities detain four Europeans in ransomware crackdown
- Anonymous ???????? :af:: A global law enforcement operation targeting the Phobos ransomware gang has led to the arrest of four suspected hackers in Phuket, Thailand, and the seizure of 8Base’s dark web sites.
- The Register - Security: The Register: All your 8Base are belong to us: Ransomware crew busted in global sting
- securityaffairs.com: Report on the 8Base ransomware takedown highlighting the international collaboration.
- The Hacker News: The Hacker News: 8Base Ransomware Data Leak Sites Seized in International Law Enforcement Operation
- www.helpnetsecurity.com: The Thai police has arrested four individuals suspected of being the leaders of the 8Base ransomware group and of stealing approximately $16 million from 1,000+ victims they targeted with the Phobos ransomware.
- BleepingComputer: Police arrests 2 Phobos ransomware suspects, seizes 8Base sites - BleepingComputer
- socradar.io: International Operation Targets 8Base and Phobos Ransomware Gangs In a coordinated global effort, law enforcement agencies have successfully dismantled the dark web infrastructure of the 8Base ransomware gang and arrested four individuals linked to the Phobos ransomware.
- Help Net Security: 8Base ransomware group leaders arrested, leak site seized
- PCMag UK security: An international operation has dealt a major blow to a cybergang known as 8Base, which used the Phobos to infect hundreds of companies and organizations.
- techcrunch.com: Authorities arrest four suspected 8base ransomware operators in global takedown
- www.europol.europa.eu: Report on the global law enforcement operation that led to the arrests.
- Security Boulevard: Authorities Seize 8Base Ransomware Infrastructure, Arrest Four Russians
- securityboulevard.com: With "Operation Phobos Aetor," international law enforcement, including the US DOJ and Europol, arrest four Russian nationals and seize infrastructure connected to the 8Bbase ransomware group, the largest affiliate of the prolific Phobos RaaS operation.
- securityaffairs.com: Global law enforcement operation targeting the 8Base ransomware gang and related criminal activity.
- Carly Page: A global law enforcement operation has led to the arrest of four individuals who authorities accuse of being key figures in the 8base ransomware operation. The four suspects are accused of amassing $16 million through ransomware attacks against more than 1,000 organizations globally
- www.csoonline.com: Law enforcement agencies from 14 countries collaborated in an investigation against the related Phobos and 8Base ransomware operations, arresting four suspects and seizing 27 servers, including the data leak and ransom negotiation websites.
Classification:
- HashTags: #8Base #Ransomware #LawEnforcement
- Target: 8Base Ransomware Gang
- Attacker: 8Base Ransomware Gang
- Malware: 8Base Ransomware
- Type: Ransomware
- Severity: Major
@www.justice.gov
//
U.S. and Dutch law enforcement agencies have jointly dismantled a network of 39 domains and associated servers used in Business Email Compromise (BEC) fraud operations. The operation, codenamed "Operation Heart Blocker," took place on January 29th and targeted the infrastructure of a group known as "The Manipulaters," which also went by the name Saim Raza. This group operated online marketplaces originating from Pakistan, selling phishing toolkits, scam pages, email extractors, and fraud-enabling tools. The services marketed were utilized by transnational organized crime groups in the US who used these tools to target various victims with BEC schemes. These attacks tricked victim companies into making fraudulent payments which are estimated to have caused over $3 million in losses.
The seized domains and servers contained millions of records, including at least 100,000 pertaining to Dutch citizens. "The Manipulaters" marketed their services under various brands, including Heartsender, Fudpage, and Fudtools which specialized in spam and malware dissemination. The U.S. Department of Justice stated that Saim Raza-run websites not only sold the tools, but they also provided training to end users through instructional videos on how to execute schemes using the malicious programs, making them accessible to those without the technical expertise. The service was estimated to have thousands of customers. The tools were used to acquire victim user credentials which were then utilized to further the fraudulent schemes. Users can check to see if they were impacted by credential theft via a Dutch Police website.
References :
- ciso2ciso.com: U.S. and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network
- krebsonsecurity.com: FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang
- The Hacker News: U.S. and Dutch law enforcement agencies have announced that they have dismantled 39 domains and their associated servers as part of efforts to disrupt a network of online marketplaces originating from Pakistan.
- ciso2ciso.com: The FBI and authorities in The Netherlands this week seized dozens of servers and domains for a hugely popular spam and malware dissemination service operating out of Pakistan.
- ciso2ciso.com: The FBI and authorities in The Netherlands this week seized dozens of servers and domains for a hugely popular spam and malware dissemination service operating out of Pakistan.
- Pyrzout :vm:: U.S. and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network
- krebsonsecurity.com: FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang – Source: krebsonsecurity.com
- www.trendingtech.news: Internationale samenwerking ontmantelt phishingnetwerk 'the manipulaters'
- Pyrzout :vm:: FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang .S.DepartmentofJustice 'er-Do-WellNews
- hackread.com: Joint US-Dutch operation dismantled the HeartSender cybercrime network.
- www.justice.gov: Cybercrime websites selling hacking tools to transnational organized crime groups were seized.
- thecyberexpress.com: The Cyber Express article about the Justice Department disrupting a cybercrime network selling hacking tools.
- www.justice.gov: This website contains the latest news about cybersecurity incidents and attacks.
- Information Security Buzz: DoJ, Dutch Authorities Seize 39 Domains Selling Malicious Tools
- ciso2ciso.com: Law enforcement seized the domains of HeartSender cybercrime marketplaces – Source: securityaffairs.com
- ciso2ciso.com: Law enforcement seized the domains of HeartSender cybercrime marketplaces
- SecureWorld News: Secure World article about Operation Heart Blocker and the disruption of a phishing network.
Classification:
|
|