CyberSecurity updates
2024-12-26 04:10:32 Pacfic

NetWalker Operator Sentenced to 20 Years - 5d
NetWalker Operator Sentenced to 20 Years

Daniel Christian Hulea, a Romanian national, has been sentenced to 20 years in prison for his involvement in NetWalker ransomware attacks. He has also been ordered to forfeit $21.5 million in illicit proceeds. This sentencing serves as a reminder of the serious consequences for those involved in cybercrime and ransomware operations.

LockBit Developer Arrested, Extradition Requested by US - 5d
LockBit Developer Arrested, Extradition Requested by US

Rostislav Panev, a dual Russian-Israeli national, has been charged by the U.S. Department of Justice for his role as a developer within the LockBit ransomware group. He allegedly developed code for disabling antivirus software, spreading malware, and creating ransom notes. The U.S. is seeking his extradition from Israel, where he was arrested in August. The LockBit group, which emerged in 2019, has been responsible for over 2,500 victims across 120 countries, causing over $500 million in ransom payments. Law enforcement seized part of their infrastructure in February but they managed to relaunch soon after.

Raccoon Stealer Operator Jailed - 6d
Raccoon Stealer Operator Jailed

Mark Sokolovsky, the operator of the Raccoon Stealer malware-as-a-service (MaaS) operation, has been sentenced to five years in prison. Raccoon Stealer has been a significant malware platform since 2019, enabling cybercriminals to steal sensitive data. The sentencing highlights efforts to combat international cybercrime and bring perpetrators to justice. This should act as a deterrent to others involved in malware creation and distribution. The severity of the sentence is a clear sign that authorities take such operations very seriously.

Cracked Acunetix Sold as Araneida Web Scanner - 5d
Cracked Acunetix Sold as Araneida Web Scanner

A cracked version of Acunetix, a web application vulnerability scanner, is being sold as ‘Araneida Scanner’ on cybercrime forums and Telegram. This tool is used by cybercriminals to conduct malicious reconnaissance, scrape user data, and find vulnerabilities for exploitation. It is being advertised with a robust proxy service to hide attacker origins. The cracked version allows criminals to use the tool without a valid license.

Cryptocurrency Hacks Reach $2.2 Billion in 2024 - 5d
Cryptocurrency Hacks Reach $2.2 Billion in 2024

Cryptocurrency platforms have been hit by hackers, resulting in $2.2 billion worth of cryptocurrency being stolen in 2024. North Korea-affiliated hackers were responsible for $1.34 billion of the stolen funds across 47 incidents. Initially, decentralized finance (DeFi) platforms were the primary targets but, in Q2 and Q3 2024, centralized services were targeted more. This shows that hacking of crypto platforms is a major issue and has become a large source of income for cyber criminals. The attacks are getting more sophisticated and need to be more carefully defended.

Operation Destabilise: Dismantling Global Money Laundering Networks - 19d
Operation Destabilise: Dismantling Global Money Laundering Networks

A global money laundering operation, uncovered in Operation Destabilise, facilitated billions of dollars in illicit funds for drug traffickers, ransomware gangs, and potentially sanctioned Russian elites. The operation, led by the NCA, involved arrests and disruptions across multiple countries, highlighting the scale and complexity of international financial crime. This underscores the need for cross-border cooperation to combat cybercrime.

Germany Shuts Down Major Crime Marketplace Crimenetwork - 21d
Germany Shuts Down Major Crime Marketplace Crimenetwork

Crimenetwork, Germany’s largest online criminal marketplace, was shut down by authorities, resulting in the arrest of an administrator. The platform facilitated the sale of illegal goods and services, including drugs, forged documents, hacking tools, and stolen data, since 2012. The takedown signifies a significant blow to cybercrime in the German-speaking region.

Takedown of Criminal Communication Platforms - 21d
Takedown of Criminal Communication Platforms

This cluster involves incidents related to the takedown of various criminal communication platforms. The MATRIX encrypted messaging service, used by criminals for illegal activities, was dismantled in an international operation involving French and Dutch authorities, supported by Eurojust and Europol. The criminals were monitored for months before the operation was conducted. This demonstrates the continued efforts to disrupt and counteract criminal activity online through international cooperation.

Interpol's Operation HAECHI V Nets 5,500+ Arrests - 22d
Interpol

Operation HAECHI V, a global cybercrime operation involving 40 countries, resulted in over 5,500 arrests and the seizure of over \$400 million in assets. The operation targeted various financial crimes, including phishing, romance scams, sextortion, and business email compromise (BEC).

Wazawaka's Arrest and Rockstar 2FA Phishing Platform - 26d
Wazawaka

This cluster discusses the arrest of Mikhail Pavlovich Matveev, aka Wazawaka, a notorious ransomware programmer, in Russia. He is known for developing malware and having ties to various hacking groups. This arrest is significant due to his involvement in ransomware attacks. The severity of his crimes and the potential impact of his arrest on the ransomware ecosystem are still emerging.

German authorities shut down Crimenetwork dark web marketplace - 21d
German authorities shut down Crimenetwork dark web marketplace

German authorities successfully shut down Crimenetwork, Germany’s largest German-language dark web marketplace for illegal goods and services. A key administrator was arrested, and assets including vehicles and cryptocurrency were seized. Crimenetwork facilitated a wide range of illicit activities, including the sale of stolen data, drugs, and forged documents. The operation demonstrates a significant law enforcement success in combating online criminal marketplaces and highlights the ongoing challenge of tackling cybercrime in the dark web environment. The takedown disrupted a significant hub for cybercriminal activity.

Scattered Spider Hacking Group Apprehended - 1d
Scattered Spider Hacking Group Apprehended

The “Scattered Spider” hacking group, also known as 0ktapus, targeted major tech companies like Coinbase, DoorDash, Mailchimp, and Twilio. After evading capture for over two years, U.S. authorities apprehended at least some members of this group responsible for a significant hacking spree. The group’s sophisticated attacks resulted in the theft of substantial amounts of sensitive data and financial losses. This highlights the ever-evolving nature of cyber threats and the need for robust security measures across various industries.

Operation Serengeti: Massive Cybercrime Crackdown in Africa - 6d
Operation Serengeti: Massive Cybercrime Crackdown in Africa

Interpol, in collaboration with Afripol, conducted Operation Serengeti, resulting in the arrest of over 1,000 cybercrime suspects across 19 African countries. The operation targeted various cybercrimes, including ransomware, business email compromise (BEC), digital extortion, and online scams, impacting more than 35,000 victims with millions in financial losses. This highlights the significant cybercrime activity within the region and the need for international cooperation to combat these crimes.

Arrest of Notorious Ransomware Developer Wazawaka in Russia - 25d
Arrest of Notorious Ransomware Developer Wazawaka in Russia

Mikhail Pavlovich Matveev, also known as Wazawaka, Uhodiransomwar, m1x, and Boriselcin, a notorious ransomware affiliate, was arrested in Russia for developing malware and involvement in several hacking groups. He faced US sanctions and charges, highlighting the international collaboration to combat cybercrime. The arrest is significant due to Wazawaka’s prolific malware development and ties to major ransomware operations.

Snowflake Data Breach and Extortion by Kiberphant0m - 29d

A prolific hacker known as Kiberphant0m, suspected to be a U.S. Army soldier stationed in South Korea, is extorting companies that use the cloud data storage company Snowflake. The hacker obtained stolen Snowflake account credentials and is selling data stolen from customers who refuse to pay a ransom. The stolen data includes sensitive customer information from major corporations such as AT&T, which has led to high-profile threats of data leaks involving government officials.