Tag Archive for: arrests

Lockbit Ransomware Gang Returns After International Takedown, Arrests

/in


The Lockbit ransomware group is reportedly back online with new servers.

In a lengthy letter posted online this weekend, Lockbit claims that the international group of government agencies that infiltrated it only obtained decryption keys for 2.5% of the attacks the ransomware group has carried out since its inception.

Last week, the US Department of Justice, FBI, the UK National Crime Agency (NCA), Europol, and others announced their joint infiltration of Lockbit’s servers. The US charged two Russian nationals allegedly connected to the ransomware group, and Ukrainian authorities arrested a father-son duo believed to be Lockbit members. At the time, Lockbit administrators said that while their servers that use PHP were infiltrated, their backup servers were “untouched.”

The UK’s NCA has repeatedly asserted that Lockbit is fully compromised in statements provided to PCMag. “The NCA, working with international partners, successfully infiltrated and took control of Lockbit’s systems, and was able to compromise their entire criminal operation,” an agency spokesperson told PCMag via email Monday. “Their systems have now been destroyed by the NCA, and it is our assessment that Lockbit remains completely compromised.”

“We recognized Lockbit would likely attempt to regroup and rebuild their systems,” the NCA continued. “However, we have gathered a huge amount of intelligence about them and those associated to them, and our work to target and disrupt them continues.”

In the letter from a purported Lockbit administrator shared by malware data collector VXUnderground, the admin claims that Lockbit members became “lazy” after they stole enough money to let them live a luxurious lifestyle “on a yacht with titsy [sic] girls.”

The admin then implies that they are a US voter and says Lockbit’s new servers are running a new version of PHP, promising that anyone who reports any critical vulnerabilities for Lockbit’s new systems “will be rewarded.” Their lengthy letter makes a number of other allegations and contradictory statements, including some regarding the FBI’s supposed motives.

The admin admits, however, that even a PHP update “will not be enough” to stop the FBI and other agencies from…

Source…

US Takes Down Notorious Warzone RAT Malware Operation, Arrests 2

/in


One suspect from Malta managed the Warzone Rat distribution network, while another from Nigeria developed and maintained the malware.

In a major blow to cybercrime, the US Department of Justice, along with international partners and private companies, has dismantled the infrastructure behind the infamous Warzone RAT malware. Two individuals believed to be key players in the operation have also been arrested, while the website used in the operation has been seized as well.

What Was Warzone RAT?

Warzone RAT, short for Remote Access Trojan, was a powerful and versatile tool used by cybercriminals to gain complete control over infected devices since 2018.

This malware granted attackers access to steal sensitive data like passwords and financial information, spy on victims through webcams and microphones, lock them out of their devices for ransom, and even launch further attacks. Its widespread use and sophisticated capabilities made it a major threat to individuals and organizations alike.

US Takes Down Notorious Warzone RAT Malware Operation, Arrests 2
The website that sold Warzone RAT (Screenshot: Hackread.com)

Operation Shut Down:

On February 9, 2024, the US Department of Justice announced a coordinated effort involving the FBI, international law enforcement agencies, and private cybersecurity firms that successfully dismantled the Warzone RAT infrastructure. This action effectively crippled the malware’s distribution and operation, significantly disrupting cybercriminal activities relying on it.



Arrests Made:

As part of the operation, two individuals were arrested and charged with their involvement in the Warzone RAT scheme. One suspect, residing in Malta, was accused of managing the malware distribution network. The other, based in Nigeria, was allegedly responsible for developing and maintaining the malware itself. Both face serious charges related to computer fraud and abuse.

Impact and Significance:

The takedown of Warzone RAT represents a significant victory for law enforcement and cybersecurity experts. It demonstrates the effectiveness of collaboration between international partners and the private sector in combating large-scale cybercrime. While this specific threat has been…

Source…

U.S. DoJ Dismantles Warzone RAT Infrastructure, Arrests Key Operators

/in


Feb 11, 2024NewsroomMalware / Cybercrime

Warzone RAT Infrastructure

The U.S. Justice Department (DoJ) on Friday announced the seizure of online infrastructure that was used to sell a remote access trojan (RAT) called Warzone RAT.

The domains – www.warzone[.]ws and three others – were “used to sell computer malware used by cybercriminals to secretly access and steal data from victims’ computers,” the DoJ said.

Alongside the takedown, the international law enforcement effort has arrested and indicted two individuals in Malta and Nigeria for their involvement in selling and supporting the malware and helping other cybercriminals use the RAT for malicious purposes.

The defendants, Daniel Meli (27) and Prince Onyeoziri Odinakachi (31) have been charged with unauthorized damage to protected computers, with the former also accused of “illegally selling and advertising an electronic interception device and participating in a conspiracy to commit several computer intrusion offenses.”

Cybersecurity

Meli is alleged to have offered malware services at least since 2012 through online hacking forums, sharing e-books, and helping other criminals use RATs to carry out cyber attacks. Prior to Warzone RAT, he had sold another RAT known as Pegasus RAT.

Like Meli, Odinakachi also provided online customer support to purchasers of Warzone RAT malware between June 2019 and no earlier than March 2023. Both individuals were arrested on February 7, 2024.

Warzone RAT, also known as Ave Maria, was first documented by Yoroi in January 2019 as part of a cyber attack targeting an Italian organization in the oil and gas sector towards the end of 2018 using phishing emails bearing bogus Microsoft Excel files exploiting a known security flaw in the Equation Editor (CVE-2017-11882).

Sold under the malware-as-a-service (Maas) model for $38 a month (or $196 for a year), it functions as an information stealer and facilitates remote control, thereby allowing threat actors to commandeer the infected hosts for follow-on exploitation.

Some of the notable features of the malware include the ability to browse victim file systems, take screenshots, record keystrokes, steal victim usernames and passwords, and activate the computer’s webcams without the…

Source…

China Arrests 4 Who Weaponized ChatGPT for Ransomware Attacks

/in


The individuals confessed to creating variations of ransomware, enhancing the software through the utilization of OpenAI’s ChatGPT, carrying out vulnerability scans, infiltrating networks to secure access, deploying ransomware, and engaging in extortion.

Chinese media has reported the country’s first major step towards countering the use of ChatGPT as four Chinese individuals have been arrested for developing ransomware using ChatGPT. This is the country’s first instance involving the popular yet officially banned chatbot.

The arrests should not come as a surprise, as cybercriminals have been eager to exploit the AI chatbot for malicious purposes. Those who could not exploit it have created their own versions of the malicious ChatGPT, infamously known as WormGPT and FraudGPT.

According to the South China Morning Post (SCMP), the cyber attackers came under the authorities’ radar after an unidentified company in Hangzhou reported a cybercrime. The hackers demanded 20,000 Tether to unblock/restore access to their systems.

In late November 2023, the police arrested two suspects in Beijing and two in Inner Mongolia. The suspects admitted to writing ransomware versions, optimizing the program using the popular chatbot, conducting vulnerability scans, infiltrating networks to gain access and implanting ransomware, and performing extortion.

The use of ChatGPT, a chatbot developed by OpenAI, is prohibited in China as part of Beijing’s initiatives to limit access to foreign generative artificial intelligence products. In response, China has introduced its own version of ChatGPT named Ernie Bot. However, the report does not provide clear information on whether utilizing ChatGPT is subject to legal charges in China.

According to SCMP’s report, three of the detainees were previously implicated in other criminal activities, including spreading misinformation and selling stolen CCTV footage through deep fake technology.

Despite OpenAI blocking internet protocol addresses in China, Hong Kong, and sanctioned regions such as North Korea and Iran, certain users find ways to bypass these restrictions by using VPNs and obtaining phone numbers from supported…

Source…