The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Cyber Crime

DeepDotWeb Admin Pleads Guilty to Money Laundering Charges

DeepDotWeb Admin Pleads Guilty to Money Laundering Charges

April 01, 2021Ravie Lakshmanan
The U.S. Department of Justice (DoJ) on Wednesday said that an Israeli national pleaded guilty for his role as an "administrator" of a portal called DeepDotWeb ( DDW ), a "news" website that "served as a gateway to numerous dark web marketplaces." According to the unsealed court documents, Tal Prihar , 37, an Israeli citizen residing in Brazil, operated DDW alongside Michael Phan , 34, of Israel, starting October 2013, in return for which they received kickbacks from the operators of the marketplaces in the form of virtual currency amounting to 8,155 bitcoins (worth $8.4 million at the time of the transactions). In an attempt to conceal the illicit payments, Prihar is said to have transferred the money to other bitcoin accounts and to bank accounts under his control in the name of shell companies. "Tal Prihar served as a broker for illegal Darknet marketplaces — helping such marketplaces find customers for fentanyl, firearms, and other dangerous
Tesla Ransomware Hacker Pleads Guilty; Swiss Hacktivist Charged for Fraud

Tesla Ransomware Hacker Pleads Guilty; Swiss Hacktivist Charged for Fraud

March 19, 2021Ravie Lakshmanan
The U.S. Department of Justice yesterday announced updates on two separate cases involving cyberattacks—a Swiss hacktivist and a Russian hacker who planned to plant malware in the Tesla company. A Swiss hacker who was involved in the intrusion of cloud-based surveillance firm Verkada and exposed camera footage from its customers was charged by the U.S. Department of Justice (DoJ) on Thursday with conspiracy, wire fraud, and identity theft. Till Kottmann (aka "deletescape" and "tillie crimew"), 21, of Lucerne, Switzerland, and their co-conspirators were accused of hacking dozens of companies and government agencies since 2019 by targeting their "git" and other source code repositories and posting the proprietary data of more than 100 entities on a website called git[.]rip, according to the indictment. Kottmann is alleged to have cloned the source code and other confidential files containing hard-coded administrative credentials and access keys, using th
CEO of Encrypted Chat Platform Indicted for Aiding Organised Criminals

CEO of Encrypted Chat Platform Indicted for Aiding Organised Criminals

March 15, 2021Ravie Lakshmanan
The U.S. Department of Justice (DoJ) on Friday announced an indictment against Jean-Francois Eap, the CEO of encrypted messaging company Sky Global, and an associate for wilfully participating in a criminal enterprise to help international drug traffickers avoid law enforcement. Eap (also known as "888888") and Thomas Herdman, a former high-level distributor of Sky Global devices, have been charged with a conspiracy to violate the federal Racketeer Influenced and Corrupt Organizations Act (RICO), according to warrants issued for their arrests. "The indictment alleges that Sky Global generated hundreds of millions of dollars providing a service that allowed criminal networks around the world to hide their international drug trafficking activity from law enforcement," Acting U.S. Attorney Randy Grossman  said  in the announcement. "This groundbreaking investigation should send a serious message to companies who think they can aid criminals in their unlawful ac
Gootkit RAT Using SEO to Distribute Malware Through Compromised Sites

Gootkit RAT Using SEO to Distribute Malware Through Compromised Sites

March 01, 2021Ravie Lakshmanan
A framework notorious for delivering a banking Trojan has received a facelift to deploy a wider range of malware, including ransomware payloads. "The  Gootkit  malware family has been around more than half a decade – a mature Trojan with functionality centered around banking credential theft," Sophos researchers Gabor Szappanos and Andrew Brandt  said  in a write-up published today. "In recent years, almost as much effort has gone into improvement of its delivery method as has gone into the NodeJS-based malware itself." Dubbed "Gootloader," the expanded malware delivery system comes amid a surge in the number of infections targeting users in France, Germany, South Korea, and the U.S. First documented in 2014, Gootkit is a Javascript-based malware platform capable of carrying out an array of covert activities, including web injection, capturing keystrokes, taking screenshots, recording videos, as well as email and password theft. Over the years, the
2 Hackers Charged for Defacing Sites after U.S. Airstrike Killed Iranian General

2 Hackers Charged for Defacing Sites after U.S. Airstrike Killed Iranian General

September 16, 2020Ravie Lakshmanan
The US Department of Justice (DoJ) on Tuesday indicted two hackers for their alleged involvement in defacing several websites in the country following the assassination of Iranian major general Qasem Soleimani earlier this January. Behzad Mohammadzadeh (aka Mrb3hz4d), 19, and Marwan Abusrour (aka Mrwn007), 25, have been charged with conspiracy to commit intentional damage to a protected computer for a widespread "cyber-assault" that affected over 1,400 websites with pro-Iranian and pro-Palestinian messages. "The hackers victimized innocent third parties in a campaign to retaliate for the military action that killed Soleimani, a man behind countless acts of terror against Americans and others that the Iranian regime opposed," said Assistant Attorney General for National Security John C. Demers in a statement. The defendants, from Iran and Palestine, respectively, are now wanted by the US authorities and are no longer free to travel outside their countries wi
US Charges 2 Chinese Hackers for Targeting COVID-19 Research and Trade Secrets

US Charges 2 Chinese Hackers for Targeting COVID-19 Research and Trade Secrets

July 22, 2020Ravie Lakshmanan
The U.S. Department of Justice (DoJ) yesterday revealed charges against two Chinese nationals for their alleged involvement in a decade-long hacking spree targeting dissidents, government agencies, and hundreds of organizations in as many as 11 countries. The 11-count indictment , which was unsealed on Tuesday, alleges LI Xiaoyu (李啸宇) and DONG Jiazhi (董家志) stole terabytes of sensitive data, including from companies developing COVID-19 vaccines, testing technology, and treatments while operating both for private financial gain and behalf of China's Ministry of State Security. "China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being 'on call' to work for the benefit of the state, [and] to feed the Chinese Communist party's insatiable hunger for American and other non-Chinese companies' hard-earned intellectual property, includ
7 Ways Hackers and Scammers Are Exploiting Coronavirus Panic

7 Ways Hackers and Scammers Are Exploiting Coronavirus Panic

April 09, 2020Ravie Lakshmanan
In our previous stories, you might have already read about various campaigns warning how threat actors are capitalizing on the ongoing coronavirus pandemic in an attempt to infect your computers and mobile devices with malware or scam you out of your money. Unfortunately, to some extent, it's working, and that's because the attack surface is changing and expanding rapidly as many organizations and business tasks are going digital without much preparation, exposing themselves to more potential threats. Most of the recent cyberattacks are primarily exploiting the fears around the COVID-19 outbreak—fueled by disinformation and fake news—to distribute malware via Google Play apps , malicious links and attachments, and execute ransomware attacks. Here, we took a look at some of the wide range of unseen threats rising in the digital space, powered by coronavirus-themed lures that cybercriminals are using for espionage and commercial gain. The latest development adds to a l
US Govt Warns Critical Industries After Ransomware Hits Gas Pipeline Facility

US Govt Warns Critical Industries After Ransomware Hits Gas Pipeline Facility

February 19, 2020Ravie Lakshmanan
The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) earlier today issued a warning to all industries operating critical infrastructures about a new ransomware threat that if left unaddressed could have severe consequences. The advisory comes in response to a cyberattack targeting an unnamed natural gas compression facility that employed spear-phishing to deliver ransomware to the company's internal network, encrypting critical data and knocking servers out of operation for almost two days. "A cyber threat actor used a spear-phishing link to obtain initial access to the organization's information technology network before pivoting to its operational technology network. The threat actor then deployed commodity ransomware to encrypt data for impact on both networks," CISA noted in its alert. As ransomware attacks continue to escalate in frequency and scale , the new development is yet another indication that p
Interpol Arrests 3 Indonesian Credit Card Hackers for Magecart Attacks

Interpol Arrests 3 Indonesian Credit Card Hackers for Magecart Attacks

January 25, 2020Mohit Kumar
The Indonesian National Police in a joint press conference with Interpol and cybersecurity firm Group-IB earlier today announced the arrest of three Magecart-style Indonesian hackers who had compromised hundreds of international e-commerce websites and stolen payment card details of their online shoppers. Dubbed ' Operation Night Fury ,' the investigation was led by Interpol's ASEAN Cyber Capability Desk, a joint initiative by law enforcement agencies of Southeast Asian countries to combat cybercrime. According to the press conference, all three accused (23, 26, and 35 years old) were arrested last year in December from Jakarta and Yogyakarta and charged with criminal laws related to the data theft, fraud, and unauthorized access. "The operation is still ongoing in the other five ASEAN countries with which the intelligence was also shared. This case marks the first successful multi-jurisdictional operation against the operators of JavaScript-sniffers in the re
Russian Pleads Guilty to Running 'CardPlanet' to Sell Stolen Credit Cards

Russian Pleads Guilty to Running 'CardPlanet' to Sell Stolen Credit Cards

January 24, 2020Swati Khandelwal
Image credit: Times of Israel. Aleksei Burkov, a 29-year-old Russian hacker, on Thursday pleaded guilty to multiple criminal charges for running two illegal websites that helped cyber criminals commit more than $20 million in credit card fraud. The first website Burkov operated was an online marketplace for buying and selling stolen credit card and debit card numbers—called Cardplanet —which roughly hosted 150,000 payment card details between the years 2009 and 2013. Cardplanet marketplace offered stolen payment card details for anywhere between $2.50 and $10 a card, depending on the card type, country of origin, and the availability of card owner information. The carding website even offered a paid service that allowed buyers to instantly verify if a stolen payment card were still valid. "Many of the cards offered for sale belonged to U.S. citizens. The stolen credit card data from more than 150,000 compromised payment cards was allegedly sold on Burkov's site and
Hacker Who Tried to Blackmail Apple for $100,000 Sentenced in London

Hacker Who Tried to Blackmail Apple for $100,000 Sentenced in London

December 21, 2019Wang Wei
A 22-year-old man who claimed to have access to over 300 million iCloud accounts and threatened to factory reset all accounts unless Apple pays ransom has pleaded guilty in London for trying to blackmail Apple. In March 2017, Kerem Albayrak from North London claimed to be a spokesman for a hacking group called the " Turkish Crime Family " and in possession of 319 million iCloud accounts. Albayrak gave Apple a deadline until April 7, 2017, to pay up $75,000 in crypto-currency or $100,000 worth of iTunes gift cards in return for deleting the copy of stolen database, the U.K. National Crime Agency said in a statement , calling the blackmailer a "fame-hungry cyber-criminal." However, if the company failed to meet his demands, Albayrak threatened that he would start remotely wiping the victim's Apple devices, factory reset iCloud accounts, and dump the stolen database online. In late March 2017, the NCA's National Cyber Crime Unit arrested Albayrak at
British Hacker Accused of Blackmailing healthcare Firms Extradited to U.S.

British Hacker Accused of Blackmailing healthcare Firms Extradited to U.S.

December 19, 2019Swati Khandelwal
A British man suspected to be a member of ' The Dark Overlord ,' an infamous international hacking group, has finally been extradited to the United States after being held for over two years in the United Kingdom. Nathan Francis Wyatt , 39, appeared in federal court in St. Louis, Missouri, on Wednesday to face charges related to his role in hacking healthcare and accounting companies in the U.S. and then threatening to publish stolen information unless victims paid a ransom in Bitcoin. According to a court indictment unsealed yesterday, Wyatt faces one count of conspiracy, two counts of aggravated identity theft and three counts of threatening to damage a protected computer. However, the suspect has not yet pledged guilty to any of the charges in the U.S. federal court, where he appeared after fighting for 11 months to avoid being extradited from Britain. Cyber Attacks by The Dark Overlord Group British police first arrested Wyatt in September 2016 during an inves
Russian Police Raided NGINX Moscow Office, Detained Co-Founders

Russian Police Raided NGINX Moscow Office, Detained Co-Founders

December 12, 2019Mohit Kumar
Russian law enforcement officers have raided the Moscow offices of Nginx—the company behind the world's second most popular web server software—over a copyright infringement complaint filed by Rambler, a Russian Internet portal and email service provider. According to multiple reports from local media and social media, the police conducted searches and has also detained several employees of the company, including Igor Sysoev , the original developer of Nginx and Maxim Konovalov , another co-founder of the company. Over 30% of the websites on the Internet today, including many of the world's most popular sites like Netflix and Twitch, run on the Nginx server. Igor Sysoev created the Nginx web server in the early 2000s and open-sourced it in 2004, after which he founded the company Nginx in 2015 that has now been acquired by F5 Networks , an American technology company, for $ 670 million. According to a copy of the complaint shared on Twitter, Rambler accused that Sys
Europol Shuts Down 'Imminent Monitor' RAT Operations With 13 Arrests

Europol Shuts Down 'Imminent Monitor' RAT Operations With 13 Arrests

November 29, 2019Mohit Kumar
In a coordinated International law enforcement operation, Europol today announced to shut down the global organized cybercrime network behind Imminent Monitor RAT , yet another hacking tool that allows cybercriminals to gain complete control over a victim's computer remotely. The operation targeted both buyers and sellers of the IM-RAT (Imminent Monitor Remote Access Trojan), which was sold to more than 14,500 buyers and used against tens of thousands of victims across 124 countries. The infrastructure and front-end sale website of the Imminent Monitor have also been seized as part of this operation, making the Trojan unusable for those who already bought it, as well as unavailable for the new users. Promoted as a legitimate remote administration framework, the hacking tool was widely used to unauthorisedly access targeted users' computers and steal their login credentials for online banking and other financial accounts. According to Europol's press release , aut
Russian Hacker Behind NeverQuest Banking Malware Gets 4 Years in U.S. Prison

Russian Hacker Behind NeverQuest Banking Malware Gets 4 Years in U.S. Prison

November 22, 2019Swati Khandelwal
A Russian hacker who created and used Neverquest banking malware to steal money from victims' bank accounts has finally been sentenced to 4 years in prison by the United States District Court for the Southern District of New York. Stanislav Vitaliyevich Lisov , 34, was arrested by Spanish authorities at Barcelona–El Prat Airport in January 2017 on the request of the FBI and extradited to the United States in 2018. Earlier this year, Lisov pleaded guilty to one count of conspiracy to commit computer hacking, involving attempts to steal at least $4.4 million from hundreds of victims using the NeverQuest banking trojan. Just like any other sophisticated banking Trojan, NeverQuest , aka Vawtrak or Snifula, has also been designed to let attackers remotely control infected computers and steal a wide range of sensitive information. Besides stealing login information for banking or other financial accounts using a keylogger or web form injection techniques, the malware was also c
Two Hackers Who Extorted Money From Uber and LinkedIn Plead Guilty

Two Hackers Who Extorted Money From Uber and LinkedIn Plead Guilty

October 31, 2019Mohit Kumar
Two grey hat hackers have pleaded guilty to blackmailing Uber , LinkedIn, and other U.S. corporations for money in exchange for promises to delete data of millions of customers they had stolen in late 2016. In a San Jose courthouse in California on Wednesday, Brandon Charles Glover (26) of Florida and Vasile Mereacre (23) of Toronto admitted they accessed and downloaded confidential corporate databases on Amazon Web Services using stolen credentials. After downloading the data, the duo contacted affected companies to report security vulnerabilities and demanded money in exchange for the deletion of the data, according to a press release published by the US Justice Department. "I was able to access backups upon backups, me and my team would like a huge reward for this," the hackers said to the victim company in an email. "Please keep in mind, we expect a big payment as this was hard work for us, we already helped a big corp which paid close to 7 digits, all
Binance Confirms Hacker Obtained Its Users' KYC Data from 3rd-Party Vendor

Binance Confirms Hacker Obtained Its Users' KYC Data from 3rd-Party Vendor

August 26, 2019Wang Wei
As suspected, the KYC details of thousands of Binance's customers that hackers obtained and leaked online earlier this month came from the company's third-party vendor, Malta-based cryptocurrency exchange Binance confirmed. For those unaware, Binance, the world's largest cryptocurrency exchange by volume, hit by a " Potential KYC leak " earlier this month, with an unknown hacker distributing the Know Your Customer (KYC) images of hundreds of its users online and to media outlets. Before leaking the KYC images online, the alleged hacker threatened the exchange to release KYC data of its 10,000 customers if the company did not pay 300 Bitcoins—equivalent to over $3 million at today's exchange value. While Binance CEO Changpeng Zhao called the incident a fud (fear, uncertainty, doubt), the exchange recently confirmed that some of the leaked images match actual accounts though others show evidence of manipulation. According to an official blog post , t
Hacker Ordered to Pay Back Nearly £1 Million to Phishing Victims

Hacker Ordered to Pay Back Nearly £1 Million to Phishing Victims

August 23, 2019Wang Wei
A prolific hacker who carried out phishing scams against hundreds of companies worldwide has been ordered to pay back more than $1.1 million (over £922,000) worth of cryptocurrencies to his victims. Grant West , a 27-year-old resident of Kent, England, targeted several well-known companies around the world since 2015 to obtain the financial data of tens of thousands of customers and then sold that data on underground forums in exchange for Bitcoins or other cryptocurrencies. West, who operated under the online moniker of 'Courvoisier,' stashed the resulting cryptocurrencies in multiple accounts and wallets, which was confiscated by the Metropolitan police after West's arrest in September 2017 following a two-year-long investigation code-named ' Operation Draba .' Metropolitan Police Cyber Crime Unit (MPCCU) also seized an SD card from West's home, which contained approximately 78 million individual usernames and passwords as well as 63,000 credit and de
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.