How Cryptocurrency Turns to Cash in Russian Banks

Credit to Author: BrianKrebs| Date: Wed, 11 Dec 2024 21:38:48 +0000

A financial firm registered in Canada has emerged as the payment processor for dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services aimed at Russian-speaking customers, new research finds. Meanwhile, an investigation into the Vancouver street address used by this company shows it is home to dozens of foreign currency dealers, money transfer businesses, and cryptocurrency exchanges — none of which are physically located there.

Read more

U.S. Trades Cybercriminals to Russia in Prisoner Swap

Credit to Author: BrianKrebs| Date: Fri, 02 Aug 2024 00:15:44 +0000

Twenty-four prisoners were freed today in an international prisoner swap between Russia and Western countries. Among the eight Russians repatriated were five convicted cybercriminals. In return, Russia has reportedly released 16 prisoners, including Wall Street Journal reporter Evan Gershkovich and ex-U.S. Marine Paul Whelan.

Read more

The Stark Truth Behind the Resurgence of Russia’s Fin7

Credit to Author: BrianKrebs| Date: Wed, 10 Jul 2024 16:22:59 +0000

The Russia-based cybercrime group dubbed “Fin7,” known for phishing and malware attacks that have cost victim organizations an estimated $3 billion in losses since 2013, was declared dead last year by U.S. authorities. But experts say Fin7 has roared back to life in 2024 — setting up thousands of websites mimicking a range of media and technology companies — with the help of Stark Industries Solutions, a sprawling hosting provider is a persistent source of cyberattacks against enemies of Russia.

Read more

Stark Industries Solutions: An Iron Hammer in the Cloud

Credit to Author: BrianKrebs| Date: Thu, 23 May 2024 23:32:43 +0000

Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government and commercial targets in Ukraine and Europe. An investigation into Stark Industries reveals it is being used as a global proxy network that conceals the true source of cyberattacks and disinformation campaigns against enemies of Russia.

Read more

U.S. Charges Russian Man as Boss of LockBit Ransomware Group

Credit to Author: BrianKrebs| Date: Tue, 07 May 2024 17:36:14 +0000

The United States joined the United Kingdom and Australia today in sanctioning 31-year-old Russian national Dmitry Yuryevich Khoroshev as the alleged leader of the infamous ransomware group LockBit. The U.S. Department of Justice also indicted Khoroshev as the gang’s leader “LockbitSupp,” and charged him with using Lockbit to attack more than 2,000 victims and extort at least $100 million in ransomware payments.

Read more

Fake Lawsuit Threat Exposes Privnote Phishing Sites

Credit to Author: BrianKrebs| Date: Thu, 04 Apr 2024 14:12:16 +0000

A cybercrook who has been setting up websites that mimic the self-destructing message service Privnote.com accidentally exposed the breadth of their operations recently when they threatened to sue a software company. The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers.

Read more

From Cybercrime Saul Goodman to the Russian GRU

Credit to Author: BrianKrebs| Date: Wed, 07 Feb 2024 17:10:18 +0000

In 2021, the exclusive Russian cybercrime forum Mazafaka was hacked. The leaked user database shows one of the forum’s founders was an attorney who advised Russia’s top hackers on the legal risks of their work, and what to do if they got caught. A review of this user’s hacker identities shows that during his time on the forums he served as an officer in the special forces of the GRU, the foreign military intelligence agency of the Russian Federation.

Read more

Costa Rica May Be Pawn in Conti Ransomware Group’s Bid to Rebrand, Evade Sanctions

Credit to Author: BrianKrebs| Date: Tue, 31 May 2022 19:57:58 +0000

Costa Rica’s national health service was hacked sometime earlier this morning by a Russian ransomware group known as Hive. The intrusion comes just weeks after Costa Rican President Rodrigo Chaves declared a state of emergency in response to a data ransom attack from a different Russian ransomware gang — Conti. Ransomware experts say there is good reason to believe the same cybercriminals are behind both attacks, and that Hive has been helping Conti rebrand and evade international sanctions targeting extortion payouts to cybercriminals operating in Russia.

Read more