This operation, which was given the codename SpecTor, consisted of a series of distinct acts that were carried out in conjunction with one another in a number of different countries, including Austria, France, Germany, the Netherlands, Poland, Brazil, the United Kingdom, the United States of America, and Switzerland.

Europol has been hard at work putting together intelligence packages based on the troves of material that German police have given. In December 2021, German officials were successful in seizing the illegal infrastructure of the marketplace. The cross-matching and analysis of the gathered data and evidence allowed for the creation of these target packages, which were then used as the foundation for hundreds of national investigations. The sellers who were detained as a consequence of police action taken against Monopoly Market were also active on other illegal marketplaces, which further hindered the selling of illegal products and substances on the dark web. As a direct consequence of this, 288 individuals in Europe, the United States of America, and Brazil who were involved in the transaction of tens of thousands of sales of illegal items were apprehended. Europol deemed many of these suspects to be high-value targets at one point or another.

The United States of America (153), the United Kingdom (55), Germany (52), the Netherlands (10) and Austria (9), France (5), Switzerland (2), Poland (1), and Brazil (1) were the countries in which the arrests took place. There are a lot of investigations that are currently underway in order to discover other people hiding behind dark web identities. Because the authorities in charge of law enforcement now have access to the extensive buyer lists kept by the vendors, thousands of customers all over the world are now at risk of being prosecuted as well.

In April 2022, in the lead up to this concerted operation, authorities in Germany and the United States took down “Hydra,” the highest-grossing dark web market, which had an estimated turnover of 1.23 billion euros at the time of its closure. German officials were able to confiscate cryptocurrency worth 23 million euros as a result of the Hydra operation.

The post Bought drugs from Darkweb? Then you are in big trouble as Europol is able to trace transactions appeared first on Information Security Newspaper | Hacking News.

This malicious operation is characterized by not using malware during its intrusions, contrary to virtually any other extortion group. The ransoms demanded by Karakurt range from $25,000 to $13 million, and payment must always be made via Bitcoin.

When contacting their victims, the hackers sent screenshots or copies of stolen files to prove that the attack was real, in addition to sharing details about the intrusion method employed. Karakurt operators also harass employees, partners and customers of the affected companies, in an attempt to force the ransom payment.

In the most critical cases, hackers leak small samples of the stolen information, including sensitive details such as full names, social security numbers, phone numbers, medical records, and more sensitive records.

Karakurt had started as a grouping of leaks and auctions on the dark web, although the domain used for its operations was disconnected a couple of months ago. By early May, Karakurt’s new website contained several terabytes of data allegedly belonging to victims in North America and Europe, as well as a list of alleged victims.

Another characteristic feature of Karakurt is that they do not focus only on a specific type of victim, since they simply base their attacks on the possibility of accessing the compromised networks. For their attacks, hackers can use poorly protected mechanisms and infrastructure weaknesses, or collaborate with other cybercriminal groups to gain initial access to the target. According to CISA, hackers commonly gain access to compromised networks by exploiting SonicWall VPN or Fortinet FortiGate devices if updates or obsolete, employing popular flaws such as Log4Shell or bugs in Microsoft Windows Server.

According to a report by security firm AdvIntel, Karakurt is part of the Conti network, which operates as an autonomous group alongside Black Basta and BlackByte, two other groups that rely on data theft and extortion for monetization purposes.

Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.

The post Warning: New cyber criminal group Karakurt is extorting millions of companies around the world appeared first on Information Security Newspaper | Hacking News.

The message describes these online platforms as “worryingly common threats,” detailing how threat actors used these sites for trafficking in stolen personal information: “Using strong relationships with our international partners, we will address crimes like these, which threaten privacy, security, and commerce around the world.”  

WeLeakInfo.to operators claimed to provide their users with a search engine to review and obtain personal information illegally obtained in more than 10,000 data breach incidents, with around 7 billion records indexed, exposing data such as full names, phone numbers, email addresses, and even online account passwords.

On the domains ipstress.in and ovh-booter.com, the report describes them as platforms for launching denial of service (DoS) attacks, commonly known as booting or stressor services. From these websites, threat actors could flood a specific web server with malicious traffic, making them inaccessible to legitimate users. 

As of this operation, the seized domain names, and any related domains, are now in the custody of the federal government, effectively suspending the operation of these malicious services. Visitors to the site will now find a seizure sign, reporting that U.S. federal authorities are responsible for the seizure.

The seizures of these domains were part of coordinated police action with the authorities of Belgium and the Netherlands. These police agencies arrested one of the main operators of these platforms, in addition to collaborating with various raids.

U.S. authorities have asked anyone who has information about other members of this cybercriminal operation to file a complaint immediately, as this is a critical time to act against these groups.

Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.

The post FBI seizes infrastructure of Weleakinfo and other cyber criminal platforms appeared first on Information Security Newspaper | Hacking News.

The attack would have been carried out by a group operating the LockBit 2.0 ransomware variant, and the perpetrators threaten to divulge sensitive information if the affected organization refuses to pay a ransom by June 11. It has not been confirmed whether the attack had any considerable impact on Foxconn Mexico’s routine operations, nor is the amount of the ransom demanded known.

The company has already received requests for information about the attack, although it has not commented on it.

Foxconn has already been the target of ransomware attacks before. In late 2020, the firm confirmed that one of its U.S. facilities had been attacked by the operators of the DoppelPaymer ransomware, who even leaked sensitive information on the dark web.

In that incident, the hackers also claimed to have attacked the facilities of Foxconn Mexico, in addition to demanding a ransom of more than $30 million in Bitcoin. Despite these claims, the company always maintained that only its systems in the U.S. had been affected.

Recently, LockBit 2.0 also claimed responsibility for an attack on tire and rubber giant Bridgestone Americas, stealing sensitive information and exposing it on illegal hacking forums. At the beginning of 2021, the Federal Bureau of Investigation (FBI) published a document with the main indicators of compromise of this ransomware variant, mentioning that attackers usually violate the affected networks by buying access on the dark web or exploiting zero-day vulnerabilities.

Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.

The post LockBit ransomware encrypts computers at Foxconn Mexico factory, one of Apple’s largest suppliers appeared first on Information Security Newspaper | Hacking News.

Even though Verizon was notified and has already acknowledged the leak, its representatives deny that the compromised information poses a security threat to its employees and customers.

The alleged hackers behind this incident claimed that it was very easy for them to access this database, as they simply had to contact a Verizon employee and pose as a co-worker in the internal support area. After fooling this unsuspecting employee, the hackers were able to connect to Verizon’s internal tool and access sensitive information.

Once in the database, the hacker reported having created a tool that allowed them to download the information stored in the company’s systems. Verizon would soon receive a ransom note threatening to expose the compromised information if a $250,000 ransom is not paid.

Not a security risk?

As mentioned above, a Verizon representative stated that the company does not consider the compromised records as confidential information, so they do not plan to negotiate any ransom with the hackers. The representative added that, for Verizon, information security is a serious matter, so the company has the best measures to protect their customer and employees’ data.

Information security specialists differ from Verizon’s stance, as while the leak does not involve passwords, bank records, or social security numbers, the stolen data could still prove useful for multiple hacking groups. Phishing campaigns, phone fraud, SIM swap, and email spam are just some of the risks to which those affected could be exposed.  

Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.

The post Full names, IDs, email addresses, and phone numbers of hacked Verizon employees: Customers could experience increased SIM swap attacks appeared first on Information Security Newspaper | Hacking News.

A few days ago, investigators were alerted to a group of hackers with access to a username and password to the Law Enforcement Inquiry and Alerts (LEIA) system, which allows the search for information internally and in external database repositories, including data classified as “sensitive to law enforcement.” This report was shared with the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ). In total, LEIA enables federated search of 16 federal law enforcement databases in the U.S.

The report received by KerbsOnSecurity includes some screenshots indicating that hackers may have accessed the El Paso Intelligence Center (EPIC), one of the databases accessible from LEIA. In this database, threat actors would have searched for all kinds of records on seized assets, including cars, boats, weapons and even drones.

Strangely, this information was reported to KerbsOnSecurity by “KT”, administrator of an alleged online cybercriminal community known as Doxbin. This same threat actor has been identified as the leader of Lapsus$, a hacking group that recently carried out high-profile attacks against well-known companies such as Microsoft, NVIDIA and Samsung.

This hacker is also blamed for operating a service that offers fake Emergency Data Requests (EDR), using compromised email accounts from law enforcement agencies to ask tech companies for access to their users’ confidential information posing as police officers.  

Although this activity has been linked to some alleged members of Lapsus$, at the moment it is unknown exactly who is behind these attacks, and even the possibility of a hacking group sponsored by national states is still being considered. DEA will continue to investigate the reports, so it only remains to wait for new details to be officially announced.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Threat actors could have hacked the U.S. Drug Enforcement Administration (DEA) and other related law enforcement agencies. Investigation still ongoing appeared first on Information Security Newspaper | Hacking News.

The Austin, Texas, resident pleaded guilty to conspiracy to commit electronic fraud in late 2021. As part of his plea agreement, he will also have to pay a total of $1.4 million in restitution for the harm caused to his victims.

According to prosecutors, between 2015 and 2018 Ponce and his accomplices created user accounts on an illegal dark web platform, specializing in the sale of confidential information such as access credentials to PayPal and other similar services.

Employing social engineering tactics, the suspect tricked third parties into accepting money transfers from the compromised PayPal accounts, in an attempt to remove the trace of their cybercriminal activity to their own accounts.

Kenneth Polite of the DOJ’s Criminal Division believes resolutions like this are important in the fight against organized crime: “The Department remains strongly committed to protecting people from scammers like this. This sentence sends a clear message to would-be thieves: online crime has real-world consequences.”

Access credentials to PayPal accounts are a highly attractive target for cybercriminals. Last August, a group of fraudsters posed as Europol executives to threaten their victims with alleged criminal proceedings in order to access their accounts in PayPal.

Finally, Assistant Director in Charge Steven D’Antuono of the FBI’s Washington Field Office said: “Today’s sentencing sends a message that the FBI will pursue cybercriminals across the globe; hiding behind a computer does not mean you can stay anonymous or out of reach of law enforcement”.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.  

The post Man gets 5 years for buying 38,000 PayPal stolen account credentials from the Internet appeared first on Information Security Newspaper | Hacking News.

The task force is made up of the Office of Homeland Security Investigations, the U.S. Postal Inspection Service, the Federal Bureau of Investigation (FBI), the U.S. Postal Service Office of Inspector General, the Internal Revenue Service-Criminal Investigation and the Drug Enforcement Administration (DEA).

This group has actively collaborated in multiple investigations related to the operation of online black markets, keeping updated data on prominent sellers and the latest arrests made by the authorities, which has allowed the interruption of operations for the sale of drugs, stolen confidential information and malware samples.

According to the most recent report, the list of dark web sellers arrested was updated with the following names:

• Farmacy41
• sicknessVersion2, also known as 23MightyMouse23
• Houseofdank, also known as BestBuyMeds or TrapMart
• DankStix
• BudgetBudsExpress
• CokeWave
• SafeDealsDirect
• Cannabars, also known as thefastplug
• PhantomLabs
• Diablow, also known as raiseappeals or RaisedByDiablow
• CaliCartel, also known as Playground, GaminoCrimeFamily or DopeQueen
• DrFrosty
• guessguess
• largomonkey, also known as sillycoconut
• Super_Shards
• Gemstoned
• TheCommission, also known as TheCovenant
• chlnsaint
• CaliPlugMike, also known as DatCubensisBoy or FantasticFungi
• bossoftherock
• igogrraawwr

Although the report mentions that all illegal transactions related to these users have been interrupted, the list should be taken with reservations. In 2019, several allegedly arrested dark web vendors were shown to be still operating, demonstrating the ability of threat actors to evade law enforcement agencies.

Another element that could detract from credibility is the constant removal of names from the list; for example, an earlier version of the list included the seller’s name “DrFrosty,” whose name is no longer found in the most recent versions of the listing.

For now, NECI’s platforms maintain a little functional design, showing the available information in a disorganized and confusing way, in addition to the fact that many members of the cybersecurity community believe that there are not enough locks to guarantee that erroneous information is not being included in this database, so the work can still improve.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post How Narcotics and Economic Crime Investigations (NECI) Task Force arrested multiple dark web drug vendors? appeared first on Information Security Newspaper | Hacking News.

The Operation was coordinated internationally by Europol’s European Cybercrime Centre, and is seen as the culmination of a year of dedicated planning between law enforcement agencies in the UK, Portugal, Romania and Sweden, striking a severe blow to cybercrime.

The participating agents identified Diogo Santos Coelho, a 21-year-old Portuguese citizen, as the main operator of RaidForums. Also known by the aliases “Omnipotent” or “Downloading”, Coelho would have been in charge of the forum between 2015 and 2022, when he was arrested in the United Kingdom.

Documents filed by the U.S. Department of Justice (DOJ) mention that Coelho will face charges including conspiracy to commit fraud, wire fraud and aggravated identity theft. Despite the serious accusations against him, Coelho was never concerned about it with other members of RaidForums: “I assume that the forum is being monitored, but in reality we are all monitored,” the defendant said in his messages.

RaidForums was launched in 2015 and grew steadily to reach an estimated 500,000 members. In this illegal platform, all kinds of transactions were carried out, which facilitated the deployment of cyberattacks and hacking campaigns against government organizations, private companies and people of interest.

Coelho personally sold stolen data on the platform, according to the indictment, and facilitated transactions between members who wanted to buy and sell stolen data. In addition, an intermediary service at RaidForums allowed buyers and sellers to verify means and payment before completing transactions.

This is another clear sign of the commitment of law enforcement around the world against cybercrime and black market platforms on the dark web. Just a few days ago, German police confirmed the closure of Hydra Market, considered one of the largest illegal markets on the Internet.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post RaidForums, the world’s biggest hacking forum, is seized by Europol. 21-year-old administrator arrested appeared first on Information Security Newspaper | Hacking News.

Agents of the Service to Combat Cybercrime in Romania (DCCO) carried out raids on seven houses in the cities of Gorj and Hunedoara, arresting five alleged operators of the fraudulent sites. Investigators seized 18 mobile phones, 10 laptops, 15 memory cards, 7 bank cards, 13 hard drives, a cryptocurrency wallet and multiple records related to the websites.

This was an operation coordinated by law enforcement in the United States: “Authorities in the U.S. determined that these platforms are operated by five or more people on Romanian territory; we act in a coordinated manner to carry out this operation,” said a statement from the DCCO.

The statement adds that the suspects made profits of up to 500,000 Euros. “Yura,” the hacker identified as a member in charge of this fraudulent operation, was located in Ukraine a couple of months ago with the help of Chris Monteiro, a white-hat hacker who has been attacking dark web platforms for years; Monteiro linked a suspicious IP address to a city in Romania, taking the first steps towards dismantling this cybercriminal operation.

Yura began to attract the attention of law enforcement in Europe since 2017, when the National Crime Agency (NCA) and Bulgarian Police identified him as the main operator of the illegal Platform Crime Bay. Although Montero assumes that Yura has already been arrested, he acknowledges that the cybercriminal is skilled and knows very well how to disappear before being found.

Finally, Monteiro estimates that Yura would have earned about $6,539,800 USD for his work at the head of this group, a large discrepancy from the almost 500,000 Euros that the Romanian authorities mentioned.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post 5 members of Yura, a murder-for-hire operation on the dark web, are arrested. Platforms such as Besa Mafia, Cosa Nostra and Crimebay shut down appeared first on Information Security Newspaper | Hacking News.

In their investigation, authorities report that the individual from whom these virtual assets were seized was engaged in the sale of stolen confidential information on an unspecified dark web platform. Identified as “Moniker 1”, the seller made more than 100,000 transactions before being detected, though he couldn’t help but transact with undercover agents.

Transactions made by this seller include:

• In January 2016, an undercover agent purchased ten Netflix account usernames and passwords
• In April 2016, an undercover agent purchased a username and password from a World Wrestling Entertainment account
• In September 2016, an undercover agent purchased nearly 70 Uber account usernames and passwords
• In March 2017, an agent purchased three Xfinity account usernames and passwords
• In March 2017, an agent purchased access credentials to an HBO Go account

The work of the undercover agents made it possible to trace two residences in Florida, USA, allegedly belonging to the seller. Apparently, Moniker 1 used these addresses as a shipping address for some narcotics purchases.

The person associated with the shipping addresses lived at a residence in Parkland, Florida. The researchers identified the resident and, using a call log, monitored Internet traffic to and from the IP address associated with this residence. Authorities later identified the defendant’s bank account and requested an access order for his transaction history. Once with access to this information, the researchers confirmed that these records matched the seller’s activity, recorded in cryptocurrency transactions.

In mid-May 2017, agents completed a search warrant during which a laptop owned by the defendant was seized, eventually leading to the seizure of the cryptocurrency accumulated by the seller.

After his arrest, the defendant acknowledged making thousands of transactions on platforms such as Silk Road, Agora, Nucleus, AlphaBay, Dream Market, Abraxas, Sheep and Evolution.

Blockchain analysis confirmed that 96% of transactions at the defendant’s cryptocurrency address were associated with various dark web platforms. Court documents mention that the individual obtained thousands of Ethereum units by converting Bitcoin obtained from illegal transactions into illegal online platforms.

Apparently, Moniker 1 turned Bitcoin into Ethereum using a virtual exchange platform that did not require users to provide personal information to complete the transaction, completing their illegal operations anonymously. According to information from other court documents, this exchange platform could be ShapeShift, as it shares the characteristics described by the agents.

A history review to the Ethereum blockchain showed that approximately 919.30 Ethereum units were deposited into the Ethereum 7800 wallet through nine transactions between March 16 and 17, 2017 or approximately. These deposits were traced back to a known Ethereum address associated with the first exchange platform.

Another review, this time on the Bitcoin blockchain, showed that approximately thirty-two Bitcoin units were sent through nine transactions from the m6GW Bitcoin wallet to other Bitcoin addresses, and from those addresses, transfers were made to hide traces of these operations.

At the end of 2021, the defendant signed a consent to confiscation, which the DOJ released through its official communication platforms. Because no one filed a lawsuit against this decision, so no one will be able to file any more legal remedies to access these assets in favor of the defendant. It is not yet known what sentence the defendant faces, although he is expected to face severe charges including conspiracy to commit fraud, money laundering and other crimes.

According to the DOJ press release, this case was the result of so-called “Operation TORnado,” described as a joint investigation arising from the ONGOING efforts of the OCDETF. The forfeiture lawsuit lists the value of the seized cryptocurrency at $47 million USD, while the figure of $34 million USD appears in the USAO announcement.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post How FBI tracked one the most famous and richest dark web vender and seized $34 million USD? appeared first on Information Security Newspaper | Hacking News.

London police have already arrested seven teenagers allegedly linked to Lapsus$, while reports say the boy’s parents told a BBC reporter that the family was worried as the young man spent too much time on the computer.

The defendant would have operated under the alias of “White” or “Breachbase” and it has been known that he has autism and attended to a specialized academy, although more details about his identity are unknown at the moment. About Lapsus$, specialists mention that this is a hacking group with links in Latin America and, despite being relatively new, it has become a serious threat to multiple companies.

In the interview, provided anonymously, the boy’s father says that he never heard him talk about hacking, although he acknowledges that he is very good with the computer and spends a lot of time in that world: “I always thought I was just playing a video game,” he says.

The young man’s identity was exposed on a hacking website, in a practice known as doxxing. This would have occurred after a fight with Lapsus$’s business associates, who after the argument revealed his full name, address and social media images.

These hackers also published some background of the young man in the world of cybercrime, ensuring that these practices had generated profits of up to 300 Bitcoin (almost $ 15 million USD). Although in the past he would have acted on his own, a few months ago the young man would have joined Lapsus$.

The hacking group appears to have confirmed the arrest of some of its members. Through his Telegram channel, Lapsus$ posted a message noting that a part of his team would have vacations for the rest of the month, so they could go on a temporary hiatus.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post How members of Lapsus$ hacking group that attacked Samsung and Microsoft were arrested appeared first on Information Security Newspaper | Hacking News.