constella intelligence – Page 4 – Computer Security Articles

The Link Between AWM Proxy & the Glupteba Botnet

June 28, 2022 admin A Little Sunshine, alureon, awm proxy, Breadcrumbs, constella intelligence, dennstr, dmitry starovikov, domaintools, ESET, glupteba botnet, google, kaspersky lab, lycefer, meris, Ne'er-Do-Well News, pay-per-install, riley kilmer, rootkit, rsocks botnet, spur.us, tdl-4, tdss, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 28 Jun 2022 18:33:31 +0000

On December 7, 2021, Google announced it had sued two Russian men allegedly responsible for operating the Glupteba botnet, a global malware menace that has infected millions of computers over the past decade. That same day, AWM Proxy — a 14-year-old anonymity service that rents hacked PCs to cybercriminals — suddenly went offline. Security experts had long seen a link between Glupteba and AWM Proxy, but new research shows AWM Proxy’s founder is one of the men being sued by Google.

Independent Krebs

Meet the Administrators of the RSOCKS Proxy Botnet

June 22, 2022 admin 79136334444, A Little Sunshine, Breadcrumbs, constella intelligence, denis "neo" kloster, exploit, internet advertising omsk, istanx@gmail.com, Ne'er-Do-Well News, rsocks botnet, rusdot, sl mobpartners, spamdot, stanx, stanx@rusdot.com, u.s. department of justice, verified

Credit to Author: BrianKrebs| Date: Wed, 22 Jun 2022 13:06:34 +0000

Authorities in the United States, Germany, the Netherlands and the U.K. last week said they dismantled the “RSOCKS” botnet, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer. While the coordinated action did not name the Russian hackers allegedly behind RSOCKS, KrebsOnSecurity has identified its owner as a Russian man living abroad who also runs the world’s top Russian spamming forum.

Independent Krebs

Who is the Network Access Broker ‘Wazawaka?’

February 2, 2022 admin 902228, abakan, abaza, Breadcrumbs, constella intelligence, cs-arena.org, darkside, ddosis.ru, devdelphi@yandex.ru, domaintools, Flashpoint, initial access broker, kopyovo-a, lockbit, mikhail matveev, mikhail mix matveev, mix@devilart.net, mixfb@yandex.ru, Ne'er-Do-Well News, ransomware, uhodiransomware, wazawaka

Credit to Author: BrianKrebs| Date: Wed, 12 Jan 2022 05:17:31 +0000

In a great many ransomware attacks, the criminals who pillage the victim’s network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used to break in were purchased from a cybercriminal middleman known as an initial access broker. This post examines some of the clues left behind by Wazawaka, the handle chosen by a major access broker in the Russian-speaking cybercrime scene.