Tag Archive for: spree

Member of Russian cybergang Trickbot pleads guilty in $180 million global ransomware spree that hit Avon schools, others


CLEVELAND, Ohio — A Russian man on Thursday admitted to his role in the cybergang Trickbot that attacked millions of computers around the world with ransomware, including those in hospitals during the coronavirus pandemic.

Vladmir Dunaev, 40, pleaded guilty in federal court in Cleveland to conspiracy to commit computer fraud and conspiracy to commit bank and wire fraud.

He faces between five and six-and-a-half years in prison when U.S. District Judge Solomon Oliver sentences him. Oliver set a sentencing date for March 20, but said he could move that date up.

Dunaev is the second person to plead guilty in the United States to working for the Russia-based gang, which authorities say stole at least $33 million from Americans and $180 million worldwide.

He worked as a malware developer for the gang, and he was not a high-level planner, authorities said. He helped devise ways for the malware to avoid detection by cybersecurity software programs and developed tools to mine data on hacked computers, among other roles, Assistant U.S. Attorney Dan Riedl said.

Dunaev was arrested in 2021 in South Korea.

The case was prosecuted in Cleveland because some of Trickbot’s victims were in Northeast Ohio, including Avon schools, which lost about $471,000, and a North Canton business that lost about $750,000.

A co-defendant, Alla Witte, was the first Trickbot member to plead guilty in the case and was sentenced in June to two years and three months in prison.

Trickbot and other malware convictions are rare because many of its members live in Russia or other countries that do not have extradition agreements with the United States.

In September, prosecutors in Cleveland and elsewhere charged 14 more members of the gang and its offshoot, Conti. Another gang member was charged in February. None of the 15 has been arrested.

The U.S. Treasury Department and United Kingdom have also issued sanctions, including travel bans and asset freezes, against 18 gang members.

Officials in both countries have said Trickbot has direct ties to Russian intelligence.

The group grew to have as many as 400 members and infected millions of computers across the globe, including in Italy, Australia, Belgium and Canada.

The malware…

Source…

court finds teenagers carried out hacking spree


A court has found an 18-year-old from Oxford was a part of an international cyber-crime gang responsible for a hacking spree against major tech firms.

Arion Kurtaj was a key member of the Lapsus$ group which hacked the likes of Uber, Nvidia and Rockstar Games.

A court heard Kurtaj leaked clips of the unreleased Grand Theft Auto 6 game while on bail in a Travelodge hotel.

The audacious attacks by Lapsus$ in 2021 and 2022 shocked the cyber security world.

Kurtaj is autistic and psychiatrists deemed him not fit to stand trial so he did not appear in court to give evidence.

The jury were asked to determine whether or not he did the acts alleged – not if he did it with criminal intent.

Another 17-year-old who is also autistic was convicted for his involvement in the activities of the Lapsus$ gang but can not be named because of his age.

The group from the UK, and allegedly Brazil, was described in court as “digital bandits”.

The gang – thought to mostly be teenagers – used con-man like tricks as well as computer hacking to gain access to multinational corporations such as Microsoft, the technology giant and digital banking group Revolut.

During their spree the hackers regularly celebrated their crimes publicly and taunted victims on the social network app Telegram in English and Portuguese.

The trial was held in Southwark Crown Court in London for seven weeks.

Hacking spree one

Jurors heard that the unnamed teenager started hacking with Kurtaj in July 2021 having met online.

Kurtaj aided by Lapsus$ associates, hacked the servers and data files of telecoms company BT and EE, the mobile operator, before demanding a $4m (£3.1m) ransom on 1 August 2021.

Lapsus text message

The hackers sent out threatening text messages to 26,000 EE customers

No ransom was paid but the court heard that the 17-year-old and Kurtaj used stolen SIM details from five victims to steal a total of nearly £100,000 from their crytpocurrency accounts which were secured by their compromised mobile phone SIM identities.

Both defendants were initially arrested on 22nd January 2022, then released under investigation.

Hacking spree two

That did not deter the duo who continued hacking with Lapsus$ and successfully breached Nvidia, a Silicon Valley tech giant…

Source…

Security News This Week: The Cloud Company at the Center of a Global Hacking Spree


Between a cascade of indictments against former US president Donald Trump, a tumultuous 2024 election season (in which Trump is a main character), and the rapid rise of generative artificial intelligence, 2024 is shaping up to be a complete nightmare.

At the center of it will be a rise in personalized disinformation. Not only will there be more BS to sift through thanks to tools like ChatGPT and Google’s Bard, but the disinformation will likely be more effective, and even tailored to target specific groups with frightening consequences. Of course, some of this could be fixed with new regulations. But the US Congress still hasn’t figured out how to tackle privacy, and regulating AI will only be more difficult.

In addition to disinformation, people keep figuring out new ways to break through the guardrails that generative AI tools have in place to stop malicious activities. The latest is something called an “adversarial attack,” which researchers at Carnegie Mellon University found can be carried out simply by attaching a string of nonsense-looking instructions to the end of certain prompts entered into tools like ChatGPT. While it’s possible to block specific attack strings, nobody yet knows how to fix this flaw entirely.

AI might be the new frontier for security researchers. But regular ol’ platforms are still a wealth of terrible vulnerabilities. The latest is the Points platform, which provides the underlying tech for dozens of major travel rewards programs. Researchers recently discovered flaws in the Points API that exposed people’s private information. And a bug in a Points administrator website could have allowed an attacker to give themselves unlimited airline miles and hotel points. But don’t get any big ideas, hackers—all the flaws have since been fixed.

The Points bugs aren’t the only ones patched recently. If you use Apple iOS, Google Android, or Microsoft products, check our list of the recent security updates you’ll want to install right now.

But that’s not all. Each week, we round up the security and privacy stories we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

A single cloud firm has…

Source…

Extortion spree feared after breach of file-sharing software


NEW YORK CITY – Cybersecurity experts are bracing for a potential wave of extortion demands after a vulnerability was discovered in encrypted file-sharing software, a flaw that hackers have already used to target a string of high-profile victims, including British Airways and the BBC.

Several companies and a Canadian province said on Monday that they were dealing with breaches related to the secure file transfer product MOVEit from Progress Software Corp, according to statements from several of the affected entities. The vulnerability allowed hackers to steal files that companies had uploaded to MOVEit, according to Progress.

The flaw had prompted security alerts in recent days from the United States Department of Homeland Security, the United Kingdom National Cyber Security Centre, Microsoft Corp and Mandiant, a subsidiary of Alphabet’s Google Cloud. 

Progress released a patch for the software last week.

“When we discovered the vulnerability, we promptly launched an investigation, alerted MOVEit customers about the issue and provided immediate mitigation steps,” its spokesman John Eddy said in a statement.

Microsoft said the hackers responsible for the attacks on MOVEit servers also run the Clop extortion website. Clop is the name of a ransomware variant that has been deployed against companies and organisations around the world, and it also sometimes refers to the hacking gang that uses it.

Hackers affiliated with the group also steal data and threaten to publish it on its website if a ransom is not paid. 

The group has primarily targeted the health care and financial sectors and has existed since February 2019, according to Trend Micro. The same attackers were responsible for previous hacks of two other secure file transfer products developed by Accellion and Fortra, said Mr Allan Liska, senior intelligence analyst at cyber security firm Recorded Future. 

Publicly available data sources show there are thousands of vulnerable MOVEit servers that could have been affected by the software flaw, Mr Liska said. The criminal hackers are expected to begin contacting companies and demanding payment in cryptocurrency in exchange for not uploading the company’s…

Source…