Lorenzo Franceschi-Bicchierai@techcrunch.com
//
The U.S. Secret Service, in collaboration with international law enforcement agencies, has seized the domain of the Russian cryptocurrency exchange Garantex. This action was part of an ongoing investigation and involved agencies such as the Department of Justice's Criminal Division, the FBI, Europol, the Dutch National Police, the German Federal Criminal Police Office, the Frankfurt General Prosecutor's Office, the Finnish National Bureau of Investigation, and the Estonian National Criminal Police. The Secret Service confirmed the seizure of website domains associated with Garantex's administration and operation.
The seizure warrant was obtained by the US Attorney's Office for the Eastern District of Virginia. Garantex had previously been sanctioned by the U.S. in April 2022, due to its association with illicit activities. Authorities have linked over $100 million in transactions on the exchange to criminal enterprises and dark web markets, including substantial sums connected to the Conti ransomware gang and the Hydra online drug marketplace.
Recommended read:
References :
- bsky.app: The US Secret Service has seized the domain of the sanctioned Russian cryptocurrency exchange Garantex in collaboration with the Department of Justice's Criminal Division, the FBI, and Europol.
- The Register - Security: International cops seize ransomware crooks' favorite Russian crypto exchange
- infosec.exchange: UPDATE: Secret Service spokesperson told us that it "has seized website domains associated with the administration and operation of Russian cryptocurrency exchange, Garantex as part of an ongoing investigation."
- Zack Whittaker: NEW: Russian crypto exchange Garantex has been seized by the U.S. Secret Service during an international law enforcement operation. FBI declined to comment; Secret Service didn't respond, but Garantex's domain is now pointing to nameservers run by the Secret Service. More from :
- securityaffairs.com: International law enforcement operation seized the domain of the Russian crypto exchange Garantex
- The Register - Security: Uncle Sam charges alleged Garantex admins after crypto-exchange web seizures
- infosec.exchange: NEW: The U.S. government has accused two administrators of Russian crypto exchange Garantex of facilitating money laundering for terrorists and cybercriminals. Aleksej Besciokov and Aleksandr Mira Serda allegedly knew they were helping ransomware hackers as well as DPRK's Lazarus Group. Besciokov is also accused of conspiracy to violate U.S. sanctions.
- The Hacker News: U.S. Secret Service Seizes Russian Garantex Crypto Exchange Website
- infosec.exchange: NEW: U.S. Secret Service and other international law enforcement agencies have seized the website of Russian crypto exchange Garantex. Garantex had previously been sanctioned by the U.S. government for being associated with ransomware gangs like Conti and darknet markets, as well as by the European Union for ties to sanctioned Russian banks.
- The DefendOps Diaries: International Collaboration in the Takedown of Garantex
- Threats | CyberScoop: The Department of Justice also indicted two men tied to the exchange.
- BleepingComputer: The administrators of the Russian Garantex crypto-exchange have been charged in the United States with facilitating money laundering for criminal organizations and violating sanctions.
- techcrunch.com: US charges admins of Garantex for allegedly facilitating crypto money laundering for terrorists and hackers
- Metacurity: Law enforcement took down hacker-friendly Russian crypto exchange Garantex
- www.scworld.com: Global law enforcement crackdown hits Russian crypto exchange Garantex
- securityonline.info: Secret Service-Led Operation Seizes Garantex Cryptocurrency Exchange
- techcrunch.com: Russian crypto exchange Garantex seized by law enforcement operation
- Jon Greig: US officials charged Aleksej Besciokov and Aleksandr Mira Serda on Friday for their roles at Garantex They also made copies of Garantex’s customer and accounting databases before servers were seized by German and Finnish officials
- infosec.exchange: NEW: After authorities took down the domains of Russian crypto exchange's Garantex, and charged two of its administrators for facilitating money laundering, the company is now inviting customers for “face-to-face meetings� at its headquarters. 🤔
MalBot@malware.news
//
The US Treasury Department has sanctioned a Chinese cybersecurity firm, Sichuan Juxinhe Network Technology Co., and a Shanghai-based hacker, Yin Kecheng, for their involvement in significant cyberattacks. These attacks compromised sensitive systems at the Treasury Department and major US telecommunication companies and ISPs. Sichuan Juxinhe is linked to the Salt Typhoon hacking group, which has infiltrated numerous US telecom companies and ISPs intercepting sensitive data from high-value political officials and communication platforms. Yin Kecheng, connected to the Chinese Ministry of State Security (MSS), is associated with the recent breach of the Treasury's network, impacting systems involved in sanctions and foreign investment reviews.
The Treasury's systems, including those used by Secretary Janet Yellen, were accessed during the breach resulting in the theft of over 3,000 files. The stolen data included policy documents, organizational charts, and information on sanctions and foreign investment. The cyber activity has been attributed to the Salt Typhoon group, alongside a related group known as Silk Typhoon (formerly Hafnium), which exploited vulnerabilities in Microsoft Exchange Server and used compromised APIs. The Treasury Department stated that it will continue using its authority to hold accountable malicious actors that target American people and the US government.
Recommended read:
References :
- malware.news: US Sanctions Chinese firm behind sweeping Salt Typhoon telecom hacks
- The Hacker News: U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Silk Typhoon
- BleepingComputer: US sanctions Chinese firm, hacker behind telecom and Treasury hacks
- ciso2ciso.com: US Sanctions Chinese Hacker & Firm for Treasury, Critical Infrastructure Breaches – Source: www.darkreading.com
- ciso2ciso.com: US sanctions Chinese hacker & firm for Treasury, critical infrastructure breaches
- : U.S. Treasury : Treasury's OFAC is sanctioning Yin Kecheng, a Shanghai-based cyber actor who was involved with the recent Department of the Treasury network compromise.
- ciso2ciso.com: U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Silk Typhoon – Source:thehackernews.com
- www.bleepingcomputer.com: US sanctions Chinese firm, hacker behind telecom and Treasury hacks
- securityaffairs.com: U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon
- ciso2ciso.com: Treasury Levels Sanctions Tied to a Massive Hack of Telecom Companies and Breach of Its Own Network – Source: www.securityweek.com
- Pyrzout :vm:: Treasury Levels Sanctions Tied to a Massive Hack of Telecom Companies and Breach of Its Own Network – Source: www.securityweek.com
- ciso2ciso.com: The U.S. Treasury’s OFAC sanctioned a Chinese cybersecurity firm and a Shanghai cyber actor for ties to Salt Typhoon and a federal agency breach.
- www.tomshardware.com: News report on Chinese hackers infiltrating US Treasury Secretary's PC and gaining access to over 400 PCs.
- ciso2ciso.com: U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon
- www.nextgov.com: US Treasury Department sanctions imposed for Salt Typhoon's involvement.
- www.nextgov.com: The Treasury Department's sanctions follow a major hack targeting telecommunications companies and potentially impacting high-value political officials.
- Threats | CyberScoop: Treasury sanctions Chinese cybersecurity company, affiliate for Salt Typhoon hacks.
- cyberscoop.com: Treasury sanctions Chinese cybersecurity company, affiliate for Salt Typhoon hacks
- thecyberexpress.com: U.S. Treasury sanctions Salt Typhoon hackers
- www.csoonline.com: The US is hitting back against the threat group, dubbed Salt Typhoon by Microsoft, which is allegedly behind recent cyber attacks against American telecommunications providers, as part of a wider campaign against Chinese-based hacking.
- Security Affairs: The US Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned Chinese firm Sichuan Juxinhe Network Technology Co., LTD.
- Security Boulevard: U.S. Treasury Sanctions Chinese Individual, Company for Data Breaches
Guru Baran@Cyber Security News
//
A North Korean IT worker, who adopted the alias 'Bane', is at the center of a fraudulent scheme that targeted numerous US companies. This individual, along with others, is accused of infiltrating these companies to steal confidential source codes, and then demand ransom payments to prevent the release of the stolen data. This is not an isolated incident as it seems the operation has been ongoing since 2018 and ran until around August 2024 with other North Korean nationals involved.
Five individuals have been indicted in connection with this cyber operation. The individuals are accused of creating fake US worker visa documents and setting up staffing companies to secure employment for remote contractors, specifically North Korean IT workers, in positions such as mobile app developers and specialist engineers. These individuals also established US bank accounts and used other payment platforms to launder the money. The scheme successfully deceived at least 64 US companies, with payments made by just ten of these organizations totaling approximately $866,255.
Recommended read:
References :
- ciso2ciso.com: The U.S. has sanctioned North Korean IT worker network supporting WMD programs.
- : The sanctions target organizations and individuals believed to be generating illicit revenue for the North Korean government.
- malware.news: The U.S. has continued its crackdown against North Korean IT worker scams with sanctions against the country's government weapons trading office Department 53 and its Laos-based front companies Korea Osong Shipping and Chonsurim Trading Corporation.
- The Hacker News: The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has imposed sanctions against a Chinese cybersecurity company and a Shanghai-based cyber actor for their alleged links to the Salt Typhoon group and the recent compromise of the federal agency.
- ciso2ciso.com: North Korean dev who renamed himself ‘Bane’ accused of IT worker fraud scheme – Source: go.theregister.com
- Cyber Security News: Reporting on the alleged scheme and its impact on businesses.
- The Register: The article details how North Korean individuals pose as IT workers, gaining access to sensitive information and demanding extortion.
- Pyrzout :vm:: North Korean dev who renamed himself ‘Bane’ accused of IT worker fraud scheme
- ciso2ciso.com: North Korean dev who renamed himself ‘Bane’ accused of IT worker fraud scheme – Source: go.theregister.com
- go.theregister.com: North Korean developers are engaged in a long-running fraudulent scheme involving remote IT workers.
- www.justice.gov: Indictments issued in connection with the fraudulent remote IT worker scheme. The scheme includes North Korean nationals. The targets include American businesses.
- cybersecuritynews.com: North Korean IT workers masquerading as remote workers have been breaking into Western companies, stealing confidential source codes, and requesting ransoms to prevent their release.
- oodaloop.com: The Department of Justice has arrested several individuals who were involved with a North Korean program to trick companies into hiring North Koreans for remote positions.
- www.bleepingcomputer.com: The FBI warned today that North Korean IT workers are abusing their access to steal source code and extort U.S. companies that have been tricked into hiring them.
- www.computerworld.com: The US Department of Justice this week announced that it had indicted two North Korean nationals and three other men, accusing them of participating in a conspiracy designed to trick US companies into funding the North Korean regime.
- ciso2ciso.com: North Korean Fake IT Workers More Aggressively Extorting Enterprises
- ciso2ciso.com: North Korean Fake IT Workers More Aggressively Extorting Enterprises
- Techmeme: The FBI warns that North Korean IT workers are abusing their access to steal source code and extort US companies that have been tricked into hiring them (Sergiu Gatlan/BleepingComputer)
- www.techmeme.com: The FBI warned today that North Korean IT workers are abusing their access to steal source code and extort U.S. companies that have been tricked into hiring them.
- CSO Online: One recent case saw a bad actor use deepfake video technology and automated voice translation in a video interview, though this didn’t work particularly well and the interviewers were easily able to tell that something was wrong.
- ciso2ciso.com: US Charges Five People Over North Korean IT Worker Scheme – Source: www.securityweek.com
- Pyrzout :vm:: DOJ indicts North Korean conspirators for remote IT work scheme
- ciso2ciso.com: News article about North Korean hackers.
- ciso2ciso.com: US Charges Five People Over North Korean IT Worker Scheme – Source: www.securityweek.com
- Help Net Security: The FBI is on a mission to raise awareness about the threat that North Korean IT workers present to organizations in the US and around the world.
- : The FBI warned about North Korean IT workers increasingly exploiting remote access to steal sensitive data and extort companies.
- The Hacker News: The indictment targets individuals including two North Korean nationals, a Mexican national, and two U.S. nationals.
- BleepingComputer: The FBI warned today that North Korean IT workers are abusing their access to steal source code and extort U.S. companies that have been tricked into hiring them.
@Techmeme
//
The US Treasury Department has confirmed a significant cyberattack, with over 400 computers compromised and potentially exposing sensitive data. Chinese hackers, believed to be associated with the Silk Typhoon group, are suspected of infiltrating these systems. The compromised data includes information related to sanctions, international affairs, and intelligence. The attack targeted computers focused on these sensitive areas, raising considerable concerns about data breaches and security vulnerabilities within the department.
The hackers are reported to have accessed files belonging to Treasury Secretary Janet Yellen and other high-ranking officials. Initial reports indicate that over 3,000 unclassified files were compromised. The attackers specifically targeted usernames, passwords, and documents linked to the Committee on Foreign Investment in the United States (CFIUS). While email and classified networks remained secure, the extent of the breach suggests a sophisticated and well-coordinated effort.
Recommended read:
References :
- Bloomberg Technology: The US Treasury Department has confirmed a cyberattack that compromised over 400 computers, potentially exposing sensitive information, including data related to sanctions, international affairs, and intelligence.
- The Verge: The US Treasury Department confirmed a cyberattack linked to a Chinese state-sponsored group, potentially compromising over 400 computers and potentially exposing sensitive information.
- www.tomshardware.com: Tom's Hardware reports on the Chinese hackers' infiltration of the US Treasury, detailing the scope of the attack and the number of compromised computers.
|
|
FlagThis - #sanctions