Tag Archive for: allegedly

Van Nuys man indicted for allegedly selling ‘trojan’ malware to help others crack computers – Daily News

/in


Federal authorities on Thursday announced the arrest of a Van Nuys man who allegedly schemed to market and sell malware that gave purchasers control over computers and enabled them to access victims’ private communications, their login credentials and other personal information.

Edmond Chakhmakhchyan, 24, allegedly used the screen name “Corruption.” He was arrested Wednesday by special agents with the FBI. During his arraignment in federal court, he pleaded not guilty to charges contained in a two-count indictment and was ordered back to court on June 4. His bond was set at $70,000.

The indictment charges Chakhmakhchyan with one count of conspiracy to advertise a device as an interception device, to transmit a code to intentionally cause damage to a protected computer and to intentionally access a computer to obtain information, as well as one count of advertising a device as an interception device. Each count carries a maximum sentence of five years in federal prison.

The indictment alleges an agreement between the malware’s creator and Chakhmakhchyan in which the defendant allegedly would post ads for the Hive remote access trojan, or RAT, on the Hack Forums website, accept Bitcoin payments for licenses to use the Hive RAT and provide customer service to those who purchased the licenses.

Customers purchasing the malware would transmit Hive RAT to protected computers and gain unauthorized control over and access to those devices, allowing the RAT purchaser to close or disable programs, browse files, record keystrokes, access incoming and outgoing communications and steal victim passwords and other credentials for bank accounts and cryptocurrency wallets, all without the victims’ knowledge or permission, according to the indictment.

Chakhmakhchyan allegedly began working with the creator of the Hive RAT, previously known as “Firebird,” about four years ago and advertised online the RAT’s many features.

Source…

Personal data of 2.4m people and The Block votes allegedly stolen

/in








MediaWorks hack claims: Personal data of 2.4m people and The Block votes allegedly stolen

































































































































ZB
ZB


























Source…

Roblox, Twitch allegedly targeted by ransomware cartel

/in


Roblox and Twitch data allegedly got into the hands of the notorious ALPHV/BlackCat ransomware cartel after attackers supposedly breached an accounting software provider, Tipalti.

ALPHV ransomware posted Tipalti, a Canada-based accounting software fintech, on its dark web blog, used to showcase the gang‘s latest victims. Somewhat unusually, the ALPHV immediately resorted to extorting the victim‘s clients. The move is likely meant to encourage ransom negotiation.

Cybercrooks claim they breached Tipalti in early September and managed to remain undetected for months, allegedly exfiltrating over 265 GB of sensitive company data, including information on its employees and customers.

We reached out to Tipalti, Roblox and Twitch for comment but did not immediately receive a reply.

Tipalti Roblox
Post on ransomware gang’s dark web blog. Image by Cybernews.

Tipalti’s website claims the company provides accounts payable, procurement, and global payments automation software for businesses. Besides Roblox and Twitch, Tipalti lists X (formerly Twitter), GoDaddy, National Geographic, Business Insider, SkillShare, Canva, and others among its clients.

In an unusually long post on its dark web blog, ALPHV insisted it would target Tipalti, Roblox, and Twitch. The gang’s strategy appears to threaten Tipalti to publish data of its other customers and use recognizable brands such as Roblox and Twitch as an example.

“We remain committed to this exfiltration operation, so we plan to reach out to both these companies once the market opens on Monday as we believe we will have an even greater amount of data by then,” attackers said.

ALPHV threatened Roblox, the popular game platform and game creation system, separately, claiming it will “individually extort affected parties such as their creators,” as the supposed Tipalti breach revealed data on creator tax documents.

In early July 2022, a threat actor breached an employee account of Roblox Corporation and posted a cache of internal documents online. The hacker has already released a 4GB archive of internal documents to the forum post for public viewing.

Who is ALPHV/Black Cat ransomware?

ALPHV/BlackCat ransomware was first observed in 2021….

Source…

Beware: North Korean Hackers Allegedly Have New Modus Operandi To Steal Your Crypto

/in


KEY POINTS

  • Rogue actors allegedly backed by North Korea have stolen data from nearly 1,500 victims between March and October
  • The majority of the victims are from the private sector and 57 from incumbent or retired government officials
  • When the scam email was opened or the phishing link was clicked on, the victim’s computer would be infected with malware

The South Korean National Police Agency has warned people against North Korean malicious actors and hackers, who have been impersonating government agency officials and journalists to steal cryptocurrencies.

Rogue actors allegedly backed by the hermit country have stolen data from nearly 1,500 victims between March and October, the majority of whom were from the private sector and 57 from incumbent or retired government officials, the local media reported quoting the South Korean National Police Agency.

Malicious actors pretended to be officials from South Korea’s National Pension Service, National Health Insurance, National Tax Service and National Police Agency to send phishing emails to recipients.

When the scam email was opened or the phishing link was clicked on, the victim’s computer would be infected with malware, following which the hackers would harvest data, including personal information.

Hackers also stole user IDs and profiles of 19 victims to access their cryptocurrency trading accounts, according to the police authorities, although they did not disclose the amount of crypto assets stolen by cybercriminals.

North Korea’s hacking efforts have grown in scale and scope in 2023, according to authorities who revealed that “last year, they stripped virtual assets by distributing ransomware. That coerced victims to pay money and valuables to regain their property. ” However, this year, malicious actors have become more aggressive in phishing, which has resulted in the authorities shutting down 42 phishing websites.

It was reported earlier this month that North Korean hackers linked to the notorious cybercriminal group Lazarus Group, purportedly operating on behalf of North Korea, were impersonating blockchain engineers on Discord using social engineering techniques.

Victims reportedly download a malicious ZIP file, convinced they were…

Source…