Tag Archive for: Spurs

LockBit copycat DarkVault spurs rebranding rumor

/in


DarkVault, a new ransomware group with a website resembling LockBit’s, may be the latest in a string of copycats mimicking the notorious ransomware-as-a-service (RaaS) gang.  

Security researcher Dominic Alvieri called attention to a redesign of DarkVault’s website on Wednesday. Alvieri’s post on X included a screenshot of a new homepage sporting LockBit’s distinctive style, including a red and white color scheme and similar page headings.

LockBit’s logo was also found on the DarkVault blog. The group’s older website features an image of a black cat lying on a vault, potentially a reference to another ransomware gang, ALPHV/BlackCat.

Cybernews reported that DarkVault may be an attempt by LockBit to rebrand, but Alvieri later clarified that the intention of his post was to make fun of the “copycats.”

DarkVault had posted nine alleged victims on its LockBit imitation site as of Thursday, according to Dark Web Informer, which previously discovered the older DarkVault website with no victims listed on March 29.

LockBit imposters leverage leaked 2022 RaaS builder

DarkVault would not be the first cybercrime group to imitate LockBit, with several using LockBit’s name, branding and leaked ransomware builder in their own attacks.

Trellix noted this trend in a blog published Thursday, which also described the partial revival of the original LockBit since its infrastructure was disrupted by law enforcement in February.  

The builder for the LockBit 3.0 ransomware, also known as LockBit Black, was leaked by one of the gang’s own developers in 2022 – since then, many threat actors have used the builder in their own attacks.

Some use the code as-is with minimal changes, such as the addition of their own version of the ransom note, while others have used the builder as a foundation for new ransomware strains, the researchers from Trellix’s Advanced Research Center wrote.

Dragonforce and Werewolves are two ransomware groups that emerged in 2023 using LockBit Black in their attacks. Dragonforce was found to be using the LockBit code as-is last September, with the exception of the ransom note, while Werewolves is believed to potentially have LockBit affiliates on its team due to…

Source…

Exclusive: Ukraine war spurs U.S. to ramp up security probe of software maker Kaspersky

/in


WASHINGTON, May 9 (Reuters) – The Biden administration ramped up a national security probe into Russia’s AO Kaspersky Lab antivirus software earlier this year amid heightened fears of Russian cyberattacks after Moscow invaded Ukraine, three people familiar with the matter told Reuters.

The case was referred to the Commerce Department by the Department of Justice last year, a fourth person said, but Commerce made little progress on it until the White House and other administration officials urged them to move forward in March, the three people added.

At issue is the risk that the Kremlin could use the antivirus software, which has privileged access to a computer’s systems, to steal sensitive information from American computers or tamper with them as tensions escalate between Moscow and the West.

Register now for FREE unlimited access to Reuters.com

Access to the networks of federal contractors and operators of critical U.S. infrastructure such as power grids are seen as particularly concerning, the three people said.

U.S. regulators have already banned federal government use of Kaspersky software, and could ultimately force the company to take measures to reduce risks posed by its products or prohibit Americans from using them altogether.

The probe, which has not previously been reported, shows the administration is digging deep into its tool kit to hit Moscow with even its most obscure authorities in a bid to protect U.S. citizens and corporations from Russian cyber attacks.

The authorities are “really the only tool that we have to deal with the threat (posed by Kaspersky) on an economy-wide commercial basis, given our generally open market,” said Emily Kilcrease, a former deputy assistant U.S. Trade Representative.

Other regulatory powers stop short of allowing the government to block private sector use of software made by the Moscow-headquartered company, long seen by U.S. officials as a serious threat to U.S. national security.

The departments of Commerce and Justice, and Kaspersky declined to comment. The company has for years denied wrongdoing or any secret partnership with Russian intelligence.

AUTHORITIES TARGET ‘FOREIGN ADVERSARIES’

The ramped-up probe is being executed…

Source…

Ohio County ‘Shocked’ After Mike Lindell Event Shares Its Computers’ Data, Spurs FBI Probe

/in


An Ohio county was “shocked” after screen shots from its computer system were shared at MyPillow founder Mike Lindell‘s cyber symposium in August to promote baseless claims of election fraud.

Lindell has been a key promoter of former President Donald Trump‘s unfounded conspiracy theory that the 2020 election was “rigged” or “stolen” in favor of President Joe Biden. Although Lindell and others continue to spread the misinformation, the “evidence” they have brought forward to support their theory has been consistently discredited and debunked.

During an August cyber symposium organized by Lindell, screen shots from a Lake County computer system not involved in conducting elections were shared as alleged “evidence” of election fraud, The Washington Post first reported on Friday.

Lake County official quickly began looking into the issue, confused by how and why the information was used in Lindell’s event.

“We were shocked that sleepy little Lake County, where nobody had ever made a suggestion of election malfeasance, was suddenly being splashed around a cyber symposium,” Lake County auditor Christopher Galloway told Cleveland.com.

Galloway said he quickly began working with county and state officials to see how the data had been accessed and shared.

Mike Lindell
Data from an Ohio county computer system was shared at My Pillow founder Mike Lindell’s cyber symposium in August. In this photo, Lindell waits outside the West Wing of the White House on January 15 in Washington, D.C.
Drew Angerer/Getty Images

Galloway pointed out that the screen shots and data shared at Lindell’s symposium was “a lot of nothing.” He explained that “it was some copier talking to a desktop saying ‘I am still here waiting for you to send me a print job.'”

He told Cleveland.com that someone in the Lake County commissioners’ offices appears to have plugged a laptop into an ethernet port on the day of Ohio’s May 4 primaries to access and copy the bogus data for several hours.

State and county officials shared their findings with the FBI, which is reportedly investigating. However, they have confirmed that no significant data was compromised.

“We are thrilled that our infrastructure stayed strong,” Ross McDonald, director of the…

Source…

China Video Tools for U.S. Help Spurs Spy Anxiety – Bloomberg

/in

China Video Tools for U.S. Help Spurs Spy Anxiety
Bloomberg
A U.S. House committee report advised federal agencies and contractors last October to bypass ZTE and Huawei Technologies Co. products because they might help China spy. “It's dangerous for our country,” said U.S. Representative Frank Wolf, a Virginia 

and more »

Espionage China – read more