#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Cyber Criminals | Breaking Cybersecurity News | The Hacker News

16 Cybercriminals Behind Mekotio and Grandoreiro Banking Trojan Arrested in Spain

16 Cybercriminals Behind Mekotio and Grandoreiro Banking Trojan Arrested in Spain

Jul 14, 2021
Spanish law enforcement agencies on Wednesday arrested 16 individuals belonging to a criminal network in connection with operating two banking trojans as part of a social engineering campaign targeting financial institutions in Europe. The arrests were made in Ribeira (A Coruña), Madrid, Parla and Móstoles (Madrid), Seseña (Toledo), Villafranca de los barros (Badajoz), and Aranda de Duero (Burgos) following a year-long investigation codenamed "Aguas Vivas", the Civil Guard said in a statement. "Through malicious software, installed on the victim's computer by the technique known as 'email spoofing', [the group] would have managed to divert large amounts of money to their accounts," authorities  noted . Computer equipment, mobile phones, and documents were confiscated, and more than 1,800 spam emails were analyzed, enabling law enforcement to block transfer attempts totaling €3.5 million successfully. The campaign is said to have netted the actors €2
Hackers Favorite CoinHive Cryptocurrency Mining Service Shutting Down

Hackers Favorite CoinHive Cryptocurrency Mining Service Shutting Down

Feb 28, 2019
Coinhive, a notorious in-browser cryptocurrency mining service popular among cybercriminals, has announced that it will discontinue its services on March 8, 2019. Regular readers of The Hacker News already know how Coinhive's service helped cyber criminals earn hundreds of thousands of dollars by using computers of millions of people visiting hacked websites . For a brief recap: In recent years, cybercriminals leveraged every possible web vulnerability [in Drupal , WordPress , and others ] to hack thousands of websites and wireless routers , and then modified them to secretly inject Coinhive's JavaScript-based Monero (XMR) cryptocurrency mining script on web-pages to financially benefit themselves. Millions of online users who visited those hacked websites immediately had their computers' processing power hijacked, also known as cryptojacking , to mine cryptocurrency without users' knowledge, potentially generating profits for cybercriminals in the background.
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
US Indicts Two Chinese Government Hackers Over Global Hacking Campaign

US Indicts Two Chinese Government Hackers Over Global Hacking Campaign

Dec 21, 2018
The US Department of Justice on Thursday charged two Chinese hackers associated with the Chinese government for hacking numerous companies and government agencies in a dozen countries. The Chinese nationals, Zhu Hua (known online as Afwar, CVNX, Alayos and Godkiller) and Zhang Shilong (known online as Baobeilong, Zhang Jianguo and Atreexp), are believed to be members of a state-sponsored hacking group known as Advanced Persistent Threat 10 ( APT 10 ) or Cloudhopper that has been working from over a decade to steal business and technology secrets from companies and government agencies around the world. According to the indictment , the alleged hackers targeted more than 45 companies and government agencies from 2006 to 2018 and stole "hundreds of gigabytes" of sensitive data and personal information from its targets. Both Hua and Shilong worked for Huaying Haitai Science and Technology Development Company and are alleged to have committed these crimes at the directio
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
3 Carbanak (FIN7) Hackers Charged With Stealing 15 Million Credit Cards

3 Carbanak (FIN7) Hackers Charged With Stealing 15 Million Credit Cards

Aug 02, 2018
Three members of one of the world's largest cybercrime organizations that stole over a billion euros from banks across the world over the last five years have been indicted and charged with 26 felony counts, the Justice Department announced on Wednesday. The three suspects are believed to be members of the organized Russian cybercrime group known as FIN7 , the hackers group behind Carbanak and Cobalt malware and were arrested last year in Europe between January and June. The suspects—Dmytro Fedorov, 44, Fedir Hladyr, 33, and Andrii Kopakov, 30—are all from Ukraine and accused of targeting 120 companies based in the United States, as well as U.S. individuals. The victims include Chipotle Mexican Grill, Jason's Deli, Red Robin Gourmet Burgers, Sonic Drive-in, Taco John's, Chili's, Arby's, and Emerald Queen Hotel and Casino in Washington state. Carbanak (FIN7) Group Charged for Stealing 15 Million Credit Cards According to the press release published
'Black Friday' and 'Cyber Monday' — 4 Scams To Watch Out For While Shopping

'Black Friday' and 'Cyber Monday' — 4 Scams To Watch Out For While Shopping

Nov 26, 2014
Holiday Shopping season is really an excited time for both shoppers and retailers, but unfortunately it's a good time for cyber criminals and scammers as well. With Black Friday (28th November 2014) and Cyber Monday (1st December 2014) coming up, you need to be more careful while shopping. These are the two very busy shopping days where shoppers spend millions online. Every eye will be on retailers to ensure that consumers' online shopping experiences are straightforward and, most importantly, secure. So, at the major part, retailers need to pay attention to extra security measures in order to prevent themselves from massive data breaches, like Target data breach that occurred last year during the Black Friday sales in which over 40 million Credit & Debit cards were stolen . Not just Target alone, multiple retailers including Neiman Marcu s , Michaels Store were also targeted during last Christmas holiday, involving the heist of possibly 110 million Cr
Desktop Viruses Coming to Your TV and Connected Home Appliances

Desktop Viruses Coming to Your TV and Connected Home Appliances

Apr 23, 2014
Smart Devices are growing at an exponential rate and so are the threats to them. After your Computers, Servers, Routers , Mobiles and Tablets, now hackers are targeting your Smart TVs, warns Eugene Kaspersky the co-founder and chief executive of Kaspersky Lab. As the increase in the manufactures of Smart TVs by different companies, it could be estimated that by 2016, over 100 million TVs are expected to be connected to the Internet and in the time it may rise as a profitable fruit for the malware authors and cyber criminals to exploit these devices. The 48 year-old Eugene Kaspersky , one of the world's top technology security experts, has thrown light on the future of Computer Security and warned that  Internet of Things (IoT) such as TVs, Refrigerators, Microwave or dishwashers will necessarily bring undesirable cyber threats to your home environment, because any device connected to the Internet is vulnerable and can be infected. " The threats will dive
360 Million Stolen Credential FOR SALE on Underground Black Market

360 Million Stolen Credential FOR SALE on Underground Black Market

Feb 27, 2014
Your Financial Credentials are on SALE on the Underground Black Market without your Knowledge… sounds like a nightmare, but it's TRUE. Cyber security firm, Hold Security, said it has traced over 360 million stolen account credentials that are available for Sale on Hacker's black market websites over past three weeks. The credentials include usernames, email addresses, and passwords that are in unencrypted in most cases, according to the report released on Tuesday. It is not known till now from where these credentials exactly were stolen, but the security researchers estimated that these credentials are a result of multiple breaches. Since the banking credentials are one of the most ' valuable bounties ' for the cyber criminals, and the ways to steal these credentials can be directly from the companies and from the services in which users entrust data as well. According to Hold Security, in addition to the sale of 360 million credentials, the cyber criminals are  s
TESCO Customers' account details leaked online

TESCO Customers' account details leaked online

Feb 15, 2014
You all were busy in celebrating Valentine's Day with your loved ones, and the cyber criminals were too celebrating the day in their own way, and this time, with the TESCO customers. A list of over 2,240 Tesco.com  Internet Shopping accounts was posted Online on the Pastebin website by some unknown hackers on Thursday, allowing access to online shopping accounts, personal details and Tesco Clubcard vouchers, reported by The Guardian . A Tesco spokesperson told The Hacker News that this information has not come from Tesco's website itself, rather there have been high profile hacks on other businesses  A Tesco spokesperson said, " We take the security of our customers' data extremely seriously and are urgently investigating these claims. " " We have contacted all customers who may have been affected and are committed to ensuring that none of them miss out as a result of this. We will issue replacement vouchers to the very small numbers who are affected. "
Beware! Cyber Criminals may spoil your Valentine's Day

Beware! Cyber Criminals may spoil your Valentine's Day

Feb 11, 2014
Valentine's Day   - a day of hearts, Chocolates, Flowers and Celebrations when people express their emotions to their loved ones and most of us send E-cards, purchase special gifts with the help of various Online Shop Sites and many other tantrums making them feel special. While you are busy in Googling ideal gifts for your loved ones, the Cyber thieves are also busy in taking advantage of such events by spreading various malware , phishing campaigns and fraud schemes as these days come out to be a goldmine for the cyber criminals. Online Shopping Scams are popular among Cyber criminals as it is the easiest way for hackers to steal money in easy and untraceable ways. Security Researchers at Anti virus firm - Trend Micro discovered various Valentine's Day threats which are common at such occasion i.e. A flower-delivery service and it appears to be a normal promotional e-mail, but the links actually lead to various survey scams. The Malware threats also arr
Criminals rapidly migrating to new digital Currency 'Perfect Money' after Liberty Reserve takedown

Criminals rapidly migrating to new digital Currency 'Perfect Money' after Liberty Reserve takedown

Aug 12, 2013
There are so many ways to move money anonymously on the Internet and US Justice Department has declared war on currencies widely used by cyber criminals . Just after the Law Enforcement in 17 countries shuts down ' Liberty Reserve ', a $6 billion digital money laundering operation, now the criminals is switching to another online currency called " Perfect Money ".  Perfect Money, another private digital currency that has emerged to meet the demand of Criminals and hackers, those buying and selling kit anonymously and being used by people selling stolen credit cards in Internet hacker forums recently. Fraudsters are rapidly migrating to Perfect Money and  it allows users to transfer money anonymously by purchasing and exchanging the proprietary currency for dollars, euros and gold. These virtual currencies are often linked to bitcoin because it has also been used by criminals. It was thought Bitcoin would be a handy replacement for Liberty Reser
Algerian Hacker linked to SpyEye virus extradited to US

Algerian Hacker linked to SpyEye virus extradited to US

May 04, 2013
The Algerian hacker linked with the SpyEye computer virus, designed to steal financial and personal information was extradited by Thailand to the United States to face charges that he hijacked customer accounts at more than 200 banks and financial institutions and have been used to steal more than $100 million in the last five years. A SpyEye allowed cybercriminals to alter the display of Web pages in the victims' browsers as a way to trick them into turning over personal financial information. The virus only impacts PCs and not Macintosh operating systems. A report issued last year by security firms McAfee said that about a dozen cybercrime groups have been using variants of Zeus and SpyEye, which automate the process of transferring money from bank accounts. The stolen funds are transferred to prepaid debit cards or into accounts controlled by money mules, allowing the mules to withdraw the money and wire it to the attackers. Hamza Bendelladj , also known as
Fraud-as-a-Service of Zeus Malware advertised on social network

Fraud-as-a-Service of Zeus Malware advertised on social network

Apr 28, 2013
Cyber crime enterprise is showing a growing interest in monetization of botnets , the most targeted sector in recent months is banking. One of most active malware that still menaces Banking sector is the popular Zeus . Zeus is one of the oldest, it is active since 2007, and most prolific malware that changed over time according numerous demands of the black-market. Recently, Underground forums are exploded the offer of malicious codes, hacking services and bullet proof hosting to organize a large scale fraud. Cyber criminals are selling kits at reasonable prices or entire botnets for renting, sometimes completing the offer with information to use during the attacks. The model described, known also as a Fraud-as-a-Service , is winning, malicious code such as Zeus, SpyEye , Ice IX, or even Citadel have benefited of the same sales model, cyber criminals with few hundred dollars are able to design their criminal operation. Since now the sales model and the actor invol
Researchers detected the Malware that targets the Russian stock-trading platform QUIK

Researchers detected the Malware that targets the Russian stock-trading platform QUIK

Apr 21, 2013
Security Researcher from Group-IB ( Group-IB is one of the leading companies in global cybercrime prevention and hi-tech crime investigations )   has found a new kind of malware   that targets the Russian stock-trading platform QUIK. It was detected during several targeted attacks starting in November 2012 where  Cyber criminals have traditionally targeted private and corporate banking accounts, using malware (such as variants of the ZeuS  cyber-crime  toolkit ) to log key-strokes and extract account information. In the last year, Group-IB has received several incoming incident fraud requests on some famous online trading and stock brokerages where systems were possibly hacked and recently trading fraudsters have diversified tactics and begun to use malware. Group-IB has detected the first professional malware, targeted at a specialized trading software named QUIK (Quik Broker, Quik Dealer) from Russian software developers ARQA Technologies and FOCUS IVonline from
World's biggest DDoS attack that Almost Broke the Internet

World's biggest DDoS attack that Almost Broke the Internet

Mar 29, 2013
The last week has seen probably the largest distributed denial-of-service (DDoS) attack ever. A massive 300Gbps was thrown against Internet blacklist maintainer Spamhaus' website but the anti-spam organisation , CloudFlare was able to recover from the attack and get its core services back up and running.  Spamhaus, a group based in both London and Geneva, is a non-profit organisation that aims to help email providers filter out spam and other unwanted content. Spamhaus is pretty resilient, as its own network is distributed across many countries, but the attack was still enough to knock its site offline on March 18. Five national cyber-police-forces are investigating the attacks.  A group calling itself STOPhaus,  an alliance of hactivists and cyber criminals is believed to responsible for bombarding Spamhaus with up to 300Gbps. The attacks on Spamhaus illustrate a larger problem with the vulnerability of systems fundamental to the architecture of the Internet, the D
Jailed cyber criminal hacked into prison computer system from Jail

Jailed cyber criminal hacked into prison computer system from Jail

Mar 04, 2013
Old habits seem to die hard for a hacker, a cyber criminal who masterminded a £15 million fraud was allowed to join a prison IT class and hacked into the jail's computer system. Nicholas Webber , serving five years in prison for running an internet crime forum Ghost Market , Which allowed those interested in creating computer viruses, partaking of stolen IDs and enjoying private credit card data to congregate. Webber had been arrested for using fraudulent credit card details to pay for a penthouse suite at the Hilton Hotel in Park Lane, Central London. The incident occurred back in 2011, but it only came to light recently " At the time of this incident in 2011 the educational computer system at HMP Isis was a closed network. No access to personal information or wider access to the internet or other prison systems would have been possible, " A spokesman fοr prison tοƖԁ the Daily Mail reported . His IT teacher, Michael Fox ,who was employed by Kensington
What does the Poetry with Citadel trojan ?

What does the Poetry with Citadel trojan ?

Feb 23, 2013
Recently we published an article on the attacks against Japanese banks using a new variant of the popular Zeus , one of the most prolific malware of recent history, security experts in fact have detected various versions of the popular malicious code that hit also mobile and social networking platforms . Due its flexibility the malware has been re-engineered several times by cyber criminals that adapted its structure to specific purposes and context, leaving unchanged its core capabilities of stealing banking credentials of victims. Zeus has been a huge success in the criminal circles especially for the sales model, as malware as service, implemented by its authors on many underground sites, let's remind for example the Citadel Trojan one of the most popular on the crimeware market. Fortunately its author, known as Aquabox , has been banned from a large online forum that sells malware and other services to cyber criminals, but many security firms consider Citadel Trojan still very
Android malware with ability to install Backdoor on Computers

Android malware with ability to install Backdoor on Computers

Feb 04, 2013
Kaspersky Lab has revealed a new type of malware that can infect your computer when connected smartphone or tablet. Two such application, Super Clean and DroidCleaner found in Google Play android market. These two are actually same application, just released with two different names. These applications apparently disguised as a tool to clean memory for the Android operating system but after installing and running it displays a list of all running some processes and then restart the device. Later, in background, the app downloads three files autorun.inf, folder.ico, and svchosts.exe in phone. When user connect infected android mobile phone to any Windows computer with active Autorun or Autoplay functionality for USB devices, the svchosts.exe file ( Backdoor.MSIL.Ssucl.a ) is automatically executed on computer. A similar situation may arise in case of SD card. Before apps were removed by Google, they may together have been downloaded up to 6000 times. Malicious code t
Operation Red October : Cyber Espionage campaign against many Governments

Operation Red October : Cyber Espionage campaign against many Governments

Jan 15, 2013
A new sensational discovered has been announced by Kaspersky Lab's Global Research & Analysis Team result of an investigation after several attacks hit computer networks of various international diplomatic service agencies. A new large scale cyber-espionage operation has been discovered, named Red October , name inspired by famous novel The Hunt For The Red October (ROCRA) and chosen because the investigation started last October. The campaign hit hundreds of machines belonging to following categories: Government Diplomatic / embassies Research institutions Trade and commerce Nuclear / energy research Oil and gas companies Aerospace Military The attackers have targeted various devices such as enterprise network equipment and mobile devices (Windows Mobile, iPhone, Nokia), hijacking files from removable disk drives, stealing e-mail databases from local Outlook storage or remote POP/IMAP server and siphoning files from local network FTP servers. Accordin
Hackers abusing online Nmap Port Scanning service

Hackers abusing online Nmap Port Scanning service

Dec 28, 2012
Most of you knows the power of Nmap, When used properly, Nmap helps protect your network from invaders. One of the best tool for hackers, penetration testers and Security  researchers. Officially Nmap a desktop tool, can be used as web version but should be under some limitations. When someone does Nmap scan against a target to find out the open ports, enumerating system details and installed services versions, most obvious if  used improperly, Nmap can get you sued, fired, expelled, jailed, or banned by your ISP for scanning a target under hacking attempt. Hacker can be tracked back via the IP address from where one perform the scanning, but what if a web version of Nmap available on a website, where one just need to enter the target IP/website address and that website will do a free scan against your target ? Seems easy and one can use Proxy to access that website and which will do a simple and fast scan for you ! Yes, a service called " ScanPlanner " (htt
Cybersecurity Resources