The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Most Trusted Cyber Security and Computer Security Analysis: Cyber Crime

Cybercrime Group TA558 Targeting Hospitality, Hotel, and Travel Organizations

Cybercrime Group TA558 Targeting Hospitality, Hotel, and Travel Organizations

August 19, 2022Ravie Lakshmanan
A financially motivated cybercrime group has been linked to an ongoing wave of attacks aimed at hospitality, hotel, and travel organizations in Latin America with the goal of installing malware on compromised systems. Enterprise security firm Proofpoint, which is tracking the group under the name TA558 dating all the way back to April 2018, called it a "small crime threat actor." "Since 2018, this group has used consistent tactics, techniques, and procedures to attempt to install a variety of malware including Loda RAT, Vjw0rm, and Revenge RAT," the company's threat research team  said  in a new report. The group has been operational at a higher tempo in 2022 than usual, with intrusions mainly geared towards Portuguese and Spanish speakers in Latin America, and to a lesser extent in Western Europe and North America. Phishing campaigns mounted by the group involve sending malicious spam messages with reservation-themed lures such as hotel bookings that cont
What is ransomware and how can you defend your business from it?

What is ransomware and how can you defend your business from it?

August 02, 2022The Hacker News
Ransomware is a kind of malware used by cybercriminals to stop users from accessing their systems or files; the cybercriminals then threaten to leak, destroy or withhold sensitive information unless a ransom is paid. Ransomware attacks can target either the data held on computer systems (known as locker ransomware) or devices (crypto-ransomware). In both instances, once a ransom is paid, threat actors typically provide victims with a decryption key or tool to unlock their data or device, though this is not guaranteed. Oliver Pinson-Roxburgh, CEO of  Defense.com , the all-in-one cybersecurity platform, shares knowledge and advice in this article on how ransomware works, how damaging it can be, and how your business can mitigate ransomware attacks from occurring. What does a ransomware attack comprise? There are three key elements to a ransomware attack: Access In order to deploy malware to encrypt files and gain control, cybercriminals need to initially gain access to an organiza
New 'Quantum' Builder Lets Attackers Easily Create Malicious Windows Shortcuts

New 'Quantum' Builder Lets Attackers Easily Create Malicious Windows Shortcuts

June 24, 2022Ravie Lakshmanan
A new malware tool that enables cybercriminal actors to build malicious Windows shortcut ( .LNK ) files has been spotted for sale on cybercrime forums. Dubbed Quantum Lnk Builder , the software makes it possible to spoof any extension and choose from over 300 icons, not to mention support  UAC  and  Windows SmartScreen  bypass as well as "multiple payloads per .LNK" file. Also offered are capabilities to generate .HTA and disk image (.ISO) payloads. Quantum Builder is available for lease at different price points: €189 a month, €355 for two months, €899 for six months, or as a one-off lifetime purchase for €1,500. ".LNK files are shortcut files that reference other files, folders, or applications to open them," Cyble researchers  said  in a report. "The [threat actor] leverages the .LNK files and drops malicious payloads using  LOLBins  [living-off-the-land binaries]." Early evidence of malware samples using Quantum Builder in the wild is said to da
Europol Busts Phishing Gang Responsible for Millions in Losses

Europol Busts Phishing Gang Responsible for Millions in Losses

June 22, 2022Ravie Lakshmanan
Europol on Tuesday announced the dismantling of an organized crime group that dabbled in phishing, fraud, scams, and money laundering activities. The cross-border operation, which involved law enforcement authorities from Belgium and the Netherlands, saw the arrests of nine individuals in the Dutch nation. The suspects are men between the ages of 25 and 36 from Amsterdam, Almere, Rotterdam, and Spijkenisse and a 25-year-old woman from Deventer, according to a  statement  from the National Police Force. Also confiscated as part of 24 house searches were firearms, ammunition, jewelry, designer clothing, expensive watches, electronic devices, tens of thousands of euros in cash, and cryptocurrency, the officials said. "The criminal group contacted victims by email, text message and through mobile messaging applications," the agency  noted . "These messages were sent by the members of the gang and contained a phishing link leading to a bogus banking website." Unsu
New York Man Sentenced to 4 Years in Transnational Cybercrime Scheme

New York Man Sentenced to 4 Years in Transnational Cybercrime Scheme

May 28, 2022Ravie Lakshmanan
A 37-year-old man from New York has been sentenced to four years in prison for buying stolen credit card information and working in cahoots with a cybercrime cartel known as the Infraud Organization. John Telusma, who went by the alias "Peterelliot," had previously pleaded guilty to one count of racketeering conspiracy on October 13, 2021. He joined the gang in August 2011 and remained a member for five-and-a-half years. "Telusma was among the most prolific and active members of the Infraud Organization, purchasing and fraudulently using compromised credit card numbers for his own personal gain," the U.S. Justice Department (DoJ)  said . Infraud, a transnational cybercrime behemoth, operated for more than seven years, advertising its activities under the slogan "In Fraud We Trust," before its online infrastructure was dismantled by U.S. law enforcement authorities in February 2018. The rogue enterprise dabbled in the large-scale acquisition and sale
Everything We Learned From the LAPSUS$ Attacks

Everything We Learned From the LAPSUS$ Attacks

May 12, 2022The Hacker News
In recent months, a cybercriminal gang known as LAPSUS$ has claimed responsibility for a number of high-profile attacks against technology companies, including: T-Mobile (April 23, 2022) Globant  Okta Ubisoft Samsung Nvidia Microsoft Vodafone In addition to these attacks, LAPSUS$ was also able to successfully launch a ransomware attack against the Brazilian Ministry of Health. While high-profile cyber-attacks are certainly nothing new, there are several things that make LAPSUS$ unique. The alleged mastermind of these attacks and several other alleged accomplices were all teenagers. Unlike more traditional ransomware gangs, LAPSUS$ has a very strong social media presence. The gang is best known for data exfiltration. It has stolen source code and other proprietary information and has often leaked this information on the Internet. LAPSUS$ stolen credentials  In the case of Nvidia, for example, the  attackers gained access to hundreds of gigabytes of proprietary data ,
U.S. Offering $10 Million Reward for Information on Conti Ransomware Hackers

U.S. Offering $10 Million Reward for Information on Conti Ransomware Hackers

May 09, 2022Ravie Lakshmanan
The U.S. State Department has  announced  rewards of up to $10 million for any information leading to the identification of key individuals who are part of the infamous Conti cybercrime gang. Additionally, it's offering another $5 million for intelligence information that could help arrest or convict individuals who are conspiring or attempting to affiliate with the group in a ransomware attack. The department called the Conti variant the "costliest strain of ransomware ever documented." Conti , the work of a Russia-based transnational organized crime group dubbed Gold Ulrick, is one most prolific ransomware cartels that has continued to strike entities globally while simultaneously  expanding its empire  by absorbing TrickBot and running side hustles that involve data extortion. After the syndicate expressed public support for Russia's invasion of Ukraine in February, it  suffered a major breach  of its own after its source code and internal chats were released
Spanish Police Arrest SIM Swappers Who Stole Money from Victims Bank Accounts

Spanish Police Arrest SIM Swappers Who Stole Money from Victims Bank Accounts

February 14, 2022Ravie Lakshmanan
Spain's National Police Agency, the Policía Nacional, said last week it dismantled an unnamed cybercriminal organization and arrested eight individuals in connection with a series of SIM swapping attacks that were carried out with the goal of financial fraud. The suspects of the crime ring masqueraded as trustworthy representatives of banks and other organizations and used traditional phishing and smishing techniques to obtain personal information and bank data of victims before draining money from their accounts. "They usurped the identity of their victims through the falsification of official documents and tricked employees of telephone stores into getting the duplicate of SIM cards, cards where they received security confirmation messages from banks that allowed them to empty their victims' accounts," the authorities  said . Seven of the arrests were made in Barcelona and one in Seville. As many as 12 bank accounts were frozen as part of the illicit operation.
140,000 Reasons Why Emotet is Piggybacking on TrickBot in its Return from the Dead

140,000 Reasons Why Emotet is Piggybacking on TrickBot in its Return from the Dead

December 08, 2021Ravie Lakshmanan
The operators of TrickBot malware have infected an estimated 140,000 victims across 149 countries a little over a year after attempts were to dismantle its infrastructure, even as the advanced Trojan is fast becoming an entry point for Emotet, another botnet that was taken down at the start of 2021. Most of the victims detected since November 1, 2020, are from Portugal (18%), the U.S. (14%), and India (5%), followed by Brazil (4%), Turkey (3%), Russia (3%), and China (3%), Check Point Research noted in a report shared with The Hacker News, with government, finance, and manufacturing entities emerging the top affected industry verticals. "Emotet is a strong indicator of future ransomware attacks, as the malware provides ransomware gangs a backdoor into compromised machines," said the researchers, who detected 223 different Trickbot campaigns over the course of the last six months. Both TrickBot and Emotet are botnets, which are a network of internet-connected devices infe
Suspected REvil Ransomware Affiliates Arrested in Global Takedown

Suspected REvil Ransomware Affiliates Arrested in Global Takedown

November 09, 2021Ravie Lakshmanan
Romanian law enforcement authorities have  announced  the arrest of two individuals for their roles as affiliates of the REvil ransomware family, dealing a severe blow to one of the most prolific cybercrime gangs in history. The suspects are believed to have  orchestrated  more than 5,000 ransomware attacks and extorted close to $600,000 from victims, according to Europol. The arrests, which happened on November 4, are part of a coordinated operation called GoldDust , which has resulted in the arrest of three other REvil affiliates and two suspects connected to GandCrab in Kuwait and South Korea since February 2021. This also includes a 22-year-old Ukrainian national, Yaroslav Vasinskyi, who was arrested in early October and has been accused of perpetrating the  devastating attack  on Florida-based software firm Kaseya in July 2021, affecting up to 1,500 downstream businesses. In all, the seven suspects linked to the two ransomware families are said to have targeted about 7,000 vic
Ukraine Arrests Operator of DDoS Botnet with 100,000 Compromised Devices

Ukraine Arrests Operator of DDoS Botnet with 100,000 Compromised Devices

October 12, 2021Ravie Lakshmanan
Ukrainian law enforcement authorities on Monday disclosed the arrest of a hacker responsible for the creation and management of a "powerful botnet" consisting of over 100,000 enslaved devices that was used to carry out distributed denial-of-service (DDoS) and spam attacks on behalf of paid customers. The unnamed individual, from the Ivano-Frankivsk region of the country, is also said to have leveraged the automated network to detect vulnerabilities in websites and break into them as well as stage brute-force attacks in order to guess email passwords. The Ukrainian police agency said it conducted a raid of the suspect's residence and seized their computer equipment as evidence of illegal activity. "He looked for customers on the closed forums and Telegram chats and payments were made via blocked electronic payment systems," the Security Service of Ukraine (SSU)  said  in a press statement. The payments were facilitated via WebMoney, a Russian money transfer p
Numando: A New Banking Trojan Targeting Latin American Users

Numando: A New Banking Trojan Targeting Latin American Users

September 20, 2021Ravie Lakshmanan
A newly spotted banking trojan has been caught leveraging legitimate platforms like YouTube and Pastebin to store its encrypted, remote configuration and commandeer infected Windows systems, making it the latest to join the  long list of malware  targeting Latin America (LATAM) after Guildma, Javali, Melcoz, Grandoreiro, Mekotio, Casbaneiro, Amavaldo, Vadokrist, and Janeleiro. The threat actor behind this malware family — dubbed " Numando " — is believed to have been active since at least 2018. "[Numando brings] interesting new techniques to the pool of Latin American banking trojans' tricks, like using seemingly useless ZIP archives or bundling payloads with decoy BMP images," ESET researchers  said  in a technical analysis published on Friday. "Geographically, it focuses almost exclusively on Brazil with rare campaigns in Mexico and Spain." Written in Delphi, the malware comes with an array of backdoor capabilities that allow it to control compr
3 Former U.S. Intelligence Officers Admit to Hacking for UAE Company

3 Former U.S. Intelligence Officers Admit to Hacking for UAE Company

September 15, 2021Ravie Lakshmanan
The U.S. Department of Justice (DoJ) on Tuesday disclosed it fined three intelligence community and military personnel $1.68 million in penalties for their role as cyber-mercenaries working on behalf of a U.A.E.-based cybersecurity company. The trio in question — Marc Baier, 49, Ryan Adams, 34, and Daniel Gericke, 40 — are accused of "knowingly and willfully combine, conspire, confederate, and agree with each other to commit offenses, "furnishing defense services to persons and entities in the country over a three year period beginning around December 2015 and continuing through November 2019, including developing invasive spyware capable of breaking into mobile devices without any action by the targets. "The defendants worked as senior managers at a United Arab Emirates (U.A.E.)-based company (U.A.E. CO) that supported and carried out computer network exploitation (CNE) operations (i.e., 'hacking') for the benefit of the U.A.E. government," the DoJ  said
Dutch Police Arrest Two Hackers Tied to "Fraud Family" Cybercrime Ring

Dutch Police Arrest Two Hackers Tied to "Fraud Family" Cybercrime Ring

July 23, 2021Ravie Lakshmanan
Law enforcement authorities in the Netherlands have  arrested  two alleged individuals belonging to a Dutch cybercriminal collective who were involved in developing, selling, and renting sophisticated phishing frameworks to other threat actors in what's known as a "Fraud-as-a-Service" operation. The apprehended suspects, a 24-year-old software engineer and a 15-year-old boy, are said to have been the main developer and seller of the phishing frameworks that were employed to collect login data from bank customers. The attacks primarily singled out users in the Netherlands and Belgium. The 15-year-old suspect has since been released from custody "pending further investigation," Dutch police said. Believed to be active since at least 2020, the cybercriminal syndicate has been codenamed " Fraud Family " by cybersecurity firm Group-IB. The frameworks come with phishing kits, tools designed to steal information, and web panels, which allow the fraudsters
REvil Ransomware Gang Mysteriously Disappears After High-Profile Attacks

REvil Ransomware Gang Mysteriously Disappears After High-Profile Attacks

July 14, 2021Ravie Lakshmanan
REvil, the infamous ransomware cartel behind some of the biggest cyberattacks targeting JBS and Kaseya, has mysteriously disappeared from the dark web, leading to speculations that the criminal enterprise may have been taken down. Multiple darknet and clearnet sites maintained by the Russia-linked cybercrime syndicate, including the data leak, extortion, and payment portals, remained inaccessible, displaying an error message "Onionsite not found."  The group's  Tor network infrastructure  on the dark web consists of one data leak blog site and 22 data hosting sites. It's not immediately clear what prompted the infrastructure to be knocked offline. REvil is one of the most prolific ransomware-as-a-service (RaaS) groups that first appeared on the threat landscape in April 2019. It's an evolution of the  GandCrab  ransomware, which hit the underground markets in early 2018. "If REvil has been permanently disrupted, it'll mark the end of a group which ha
Interpol Arrests Moroccan Hacker Engaged in Nefarious Cyber Activities

Interpol Arrests Moroccan Hacker Engaged in Nefarious Cyber Activities

July 06, 2021Ravie Lakshmanan
Law enforcement authorities with the Interpol have apprehended a threat actor responsible for targeting thousands of unwitting victims over several years and staging malware attacks on telecom companies, major banks, and multinational corporations in France as part of a global phishing and credit card fraud scheme. The two-year investigation, dubbed  Operation Lyrebird  by the international, intergovernmental organization, resulted in the arrest of a Moroccan citizen nicknamed Dr HeX, cybersecurity firm Group-IB disclosed today in a report shared with The Hacker News. Dr HeX is said to have been "active since at least 2009 and is responsible for a number of cybercrimes, including phishing, defacing, malware development, fraud, and carding that resulted in thousands of unsuspecting victims," the Singapore-headquartered company said . The cyber attacks involved deploying a phishing kit consisting of web pages that spoofed banking entities in the country, followed by sendin
Four Plead Guilty to Aiding Cyber Criminals with Bulletproof Hosting

Four Plead Guilty to Aiding Cyber Criminals with Bulletproof Hosting

May 10, 2021Ravie Lakshmanan
Four Eastern European nationals face 20 years in prison for Racketeer Influenced Corrupt Organization (RICO) charges after pleading guilty to providing bulletproof hosting services between 2008 and 2015, which were used by cybercriminals to distribute malware to financial entities across the U.S. The individuals, Aleksandr Grichishkin, 34, and Andrei Skvortsov, 34, of Russia; Aleksandr Skorodumov, 33, of Lithuania; and Pavel Stassi, 30, of Estonia, have been accused of renting their wares to cybercriminal clients, who used the infrastructure to disseminate malware such as Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit that were capable of co-opting victim machines into a botnet, and stealing sensitive information. The deployment of malware caused or attempted to cause millions of dollars in losses to U.S. victims, the U.S. Department of Justice (DoJ) said in a statement on Friday. "A key service provided by the defendants was helping their clients to evade detection by
DeepDotWeb Admin Pleads Guilty to Money Laundering Charges

DeepDotWeb Admin Pleads Guilty to Money Laundering Charges

April 01, 2021Ravie Lakshmanan
The U.S. Department of Justice (DoJ) on Wednesday said that an Israeli national pleaded guilty for his role as an "administrator" of a portal called DeepDotWeb ( DDW ), a "news" website that "served as a gateway to numerous dark web marketplaces." According to the unsealed court documents, Tal Prihar , 37, an Israeli citizen residing in Brazil, operated DDW alongside Michael Phan , 34, of Israel, starting October 2013, in return for which they received kickbacks from the operators of the marketplaces in the form of virtual currency amounting to 8,155 bitcoins (worth $8.4 million at the time of the transactions). In an attempt to conceal the illicit payments, Prihar is said to have transferred the money to other bitcoin accounts and to bank accounts under his control in the name of shell companies. "Tal Prihar served as a broker for illegal Darknet marketplaces — helping such marketplaces find customers for fentanyl, firearms, and other dangerous
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.