#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Cyber Crime | Breaking Cybersecurity News | The Hacker News

Category — Cyber Crime
Australian Defence Force Private and Husband Charged with Espionage for Russia

Australian Defence Force Private and Husband Charged with Espionage for Russia

Jul 12, 2024 Cyber Crime / Online Safety
Two Russian-born Australian citizens have been arrested and charged in the country for spying on behalf of Russia as part of a "complex" law enforcement operation codenamed BURGAZADA . This includes a 40-year-old woman, an Australian Defence Force (ADF) Army Private, and her husband, a 62-year-old self-employed laborer. Media reports have identified them as Kira Korolev and Igor Korolev, respectively, noting that they had been in Australia for over a decade. The married couple were arrested at their home in the Brisbane suburb of Everton Park on July 11, 2024, the Australian Federal Police (AFP) said in a statement. They have been charged with one count each of preparing for an espionage offense, which carries a maximum penalty of 15 years' imprisonment. "It is the first time an espionage offense has been laid in Australia since new laws were introduced by the Commonwealth in 2018," the AFP said . The federal law enforcement agency has alleged the pair
Russian National Indicted for Cyber Attacks on Ukraine Before 2022 Invasion

Russian National Indicted for Cyber Attacks on Ukraine Before 2022 Invasion

Jun 27, 2024 Cyber Crime / Cyber Warfare
A 22-year-old Russian national has been indicted in the U.S. for his alleged role in staging destructive cyber attacks against Ukraine and its allies in the days leading to Russia's full-blown military invasion of Ukraine in early 2022. Amin Timovich Stigal, the defendant in question, is assessed to be affiliated with the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). He remains at large. If convicted, he faces a maximum penalty of five years in prison. Concurrent with the action, the U.S. Department of State's Rewards for Justice program is offering a reward of up to $10 million for information pertaining to his whereabouts or the malicious cyber attacks he is associated with. "The defendant conspired with Russian military intelligence on the eve of Russia's unjust and unprovoked invasion of Ukraine to launch cyberattacks targeting the Ukrainian government and later targeting its allies, including the United States,&quo
How to Get Going with CTEM When You Don't Know Where to Start

How to Get Going with CTEM When You Don't Know Where to Start

Oct 04, 2024Vulnerability Management / Security Posture
Continuous Threat Exposure Management (CTEM) is a strategic framework that helps organizations continuously assess and manage cyber risk. It breaks down the complex task of managing security threats into five distinct stages: Scoping, Discovery, Prioritization, Validation, and Mobilization. Each of these stages plays a crucial role in identifying, addressing, and mitigating vulnerabilities - before they can be exploited by attackers.  On paper, CTEM sounds great . But where the rubber meets the road – especially for CTEM neophytes - implementing CTEM can seem overwhelming. The process of putting CTEM principles into practice can look prohibitively complex at first. However, with the right tools and a clear understanding of each stage, CTEM can be an effective method for strengthening your organization's security posture.  That's why I've put together a step-by-step guide on which tools to use for which stage. Want to learn more? Read on… Stage 1: Scoping  When you're defin
New Cross-Platform Malware 'Noodle RAT' Targets Windows and Linux Systems

New Cross-Platform Malware 'Noodle RAT' Targets Windows and Linux Systems

Jun 13, 2024 Cyber Attack / Malware
A previously undocumented cross-platform malware codenamed Noodle RAT has been put to use by Chinese-speaking threat actors either for espionage or cybercrime for years. While this backdoor was previously categorized as a variant of Gh0st RAT and Rekoobe , Trend Micro security researcher Hara Hiroaki said "this backdoor is not merely a variant of existing malware, but is a new type altogether." Noodle RAT, which also goes by the monikers ANGRYREBEL and Nood RAT , comes in both Windows and Linux flavors, and is believed to have been put to use since at least July 2016. The remote access trojan Gh0st RAT first surfaced in 2008 when a China threat group called the C. Rufus Security Team made its source code publicly available. Over the years, the malware – alongside other tools like PlugX and ShadowPad – has become a hallmark of Chinese government hackers, who have used it in numerous campaigns and attacks. The Windows version of Noodle RAT, an in-memory modular backd
cyber security

The State of SaaS Security 2024 Report

websiteAppOmniSaaS Security / Data Security
Learn the latest SaaS security trends and discover how to boost your cyber resilience. Get your free…
U.S. Dismantles World's Largest 911 S5 Botnet with 19 Million Infected Devices

U.S. Dismantles World's Largest 911 S5 Botnet with 19 Million Infected Devices

May 30, 2024 Financial Fraud / Dark Web
The U.S. Department of Justice (DoJ) on Wednesday said it dismantled what it described as "likely the world's largest botnet ever," which consisted of an army of 19 million infected devices that was leased to other threat actors to commit a wide array of offenses. The botnet, which has a global footprint spanning more than 190 countries , functioned as a residential proxy service known as 911 S5 . A 35-year-old Chinese national, YunHe Wang, was arrested in Singapore on May 24, 2024, for creating and acting as the primary administrator of the illegal platform from 2014 to July 2022. Wang has been charged with conspiracy to commit computer fraud, substantive computer fraud, conspiracy to commit wire fraud, and conspiracy to commit money laundering. If convicted on all counts, Wang faces a maximum penalty of 65 years in prison. The Justice Department said the botnet was used to carry out cyber attacks, financial fraud, identity theft, child exploitation, harassment, bo
FBI Seizes BreachForums Again, Urges Users to Report Criminal Activity

FBI Seizes BreachForums Again, Urges Users to Report Criminal Activity

May 15, 2024 Data Breach / Cyber Crime
Law enforcement agencies have officially seized control of the notorious  BreachForums  platform, an online bazaar known for peddling stolen data, for the second time within a year. The website ("breachforums[.]st") has been replaced by a seizure banner stating the clearnet cybercrime forum is under the control of the U.S. Federal Bureau of Investigation (FBI).  The operation is the result of a collaborative effort from authorities in Australia, Iceland, New Zealand, Switzerland, the U.K., the U.S., and Ukraine. The FBI has also taken control of the  Telegram channel  operated by Baphomet, who became the administrator of the forum following the  arrest  of his predecessor Conor Brian Fitzpatrick (aka  pompompurin ) in March last year. It's worth noting a prior iteration of BreachForums, hosted at breached.vc/.to/.co and managed by pompompurin, was seized by law enforcement in late June 2023. "This Telegram chat is under the control of the FBI," a message
Hive RAT Creators and $3.5M Cryptojacking Mastermind Arrested in Global Crackdown

Hive RAT Creators and $3.5M Cryptojacking Mastermind Arrested in Global Crackdown

Apr 16, 2024 Cyber Crime / Hacking
Two individuals have been arrested in Australia and the U.S. in connection with an alleged scheme to develop and distribute a remote access trojan called Hive RAT (previously Firebird). The U.S. Justice Department (DoJ)  said  the malware "gave the malware purchasers control over victim computers and enabled them to access victims' private communications, their login credentials, and other personal information." A 24-year-old individual named Edmond Chakhmakhchyan (aka "Corruption") from Van Nuys in Los Angeles, California, was taken into custody after he was caught selling a license of Hive RAT to an undercover employee of a law enforcement agency. He has been charged with one count of conspiracy and one count of advertising a device as an interception device, each of which carries a penalty of five years in prison. Chakhmakhchyan pleaded not guilty and was ordered to stand trial on June 4, 2024. Court documents allege a partnership between the malware'
10-Year-Old 'RUBYCARP' Romanian Hacker Group Surfaces with Botnet

10-Year-Old 'RUBYCARP' Romanian Hacker Group Surfaces with Botnet

Apr 09, 2024 Botnet / Crypto Mining
A threat group of suspected Romanian origin called  RUBYCARP  has been observed maintaining a long-running botnet for carrying out crypto mining, distributed denial-of-service (DDoS), and phishing attacks. The group, believed to be active for at least 10 years, employs the botnet for financial gain, Sysdig said in a report shared with The Hacker News. "Its primary method of operation leverages a botnet deployed using a variety of public exploits and brute-force attacks," the cloud security firm said . "This group communicates via public and private IRC networks." Evidence  gathered  so far suggests that RUBYCARP may have crossover with another threat cluster tracked by Albanian cybersecurity firm Alphatechs under the moniker Outlaw , which has a history of conducting crypto mining and brute-force attacks and has since pivoted to phishing and spear-phishing campaigns to cast a wide net. "These phishing emails often lure victims into revealing sensitive i
Exit Scam: BlackCat Ransomware Group Vanishes After $22 Million Payout

Exit Scam: BlackCat Ransomware Group Vanishes After $22 Million Payout

Mar 06, 2024 Cyber Crime / Ransomware
The threat actors behind the  BlackCat ransomware  have shut down their darknet website and likely pulled an exit scam after uploading a bogus law enforcement seizure banner. "ALPHV/BlackCat did not get seized. They are exit scamming their affiliates," security researcher Fabian Wosar  said . "It is blatantly obvious when you check the source code of the new takedown notice." "There is absolutely zero reason why law enforcement would just put a saved version of the takedown notice up during a seizure instead of the original takedown notice." The U.K.'s National Crime Agency (NCA)  told  Reuters that it had no connection to any disruptions to the BlackCat infrastructure. Recorded Future security researcher Dmitry Smilyanets  posted  screenshots on the social media platform X in which the BlackCat actors claimed that the "feds screwed us over" and that they intended to sell the ransomware's source code for $5 million. The disappearing
MoqHao Android Malware Evolves with Auto-Execution Capability

MoqHao Android Malware Evolves with Auto-Execution Capability

Feb 09, 2024 Mobile Security / Cyber Threat
Threat hunters have identified a new variant of Android malware called  MoqHao  that automatically executes on infected devices without requiring any user interaction. "Typical MoqHao requires users to install and launch the app to get their desired purpose, but this new variant requires no execution," McAfee Labs  said  in a report published this week. "While the app is installed, their malicious activity starts automatically." The campaign's targets include Android users located in France, Germany, India, Japan, and South Korea. MoqHao, also called Wroba and XLoader (not to be confused with the  Windows and macOS malware  of the same name), is an Android-based mobile threat that's associated with a Chinese financially motivated cluster dubbed  Roaming Mantis  (aka Shaoye). Typical  attack chains  commence with package delivery-themed SMS messages bearing fraudulent links that, when clicked from Android devices, lead to the deployment of the malware b
INTERPOL Arrests 31 in Global Operation, Identifies 1,900+ Ransomware-Linked IPs

INTERPOL Arrests 31 in Global Operation, Identifies 1,900+ Ransomware-Linked IPs

Feb 02, 2024 Cyber Crime / Malware
An INTERPOL-led collaborative operation targeting phishing, banking malware, and ransomware attacks has led to the identification of 1,300 suspicious IP addresses and URLs. The  law enforcement effort , codenamed  Synergia , took place between September and November 2023 in an attempt to blunt the "growth, escalation and professionalization of transnational cybercrime." Involving 60 law enforcement agencies spanning 55 member countries, the exercise paved the way for the detection of more than 1,300 malicious servers, 70% of which have already been taken down in Europe. Hong Kong and Singapore authorities took down 153 and 86 servers, respectively. Servers, as well as electronic devices, were confiscated following over 30 house searches. Seventy suspects have been identified to date, and 31 from Europe, South Sudan, and Zimbabwe have been arrested. Singapore-headquartered Group-IB, which also contributed to the operation,  said  it identified "more than 500 IP addr
Telegram Marketplaces Fuel Phishing Attacks with Easy-to-Use Kits and Malware

Telegram Marketplaces Fuel Phishing Attacks with Easy-to-Use Kits and Malware

Jan 31, 2024 Cyber Crime / Hacking News
Cybersecurity researchers are calling attention to the "democratization" of the phishing ecosystem owing to the emergence of Telegram as an epicenter for cybercrime, enabling threat actors to mount a mass attack for as little as $230. "This messaging app has transformed into a bustling hub where seasoned cybercriminals and newcomers alike exchange illicit tools and insights creating a dark and well-oiled supply chain of tools and victims' data," Guardio Labs researchers Oleg Zaytsev and Nati Tal  said  in a new report. "Free samples, tutorials, kits, even hackers-for-hire – everything needed to construct a complete end-to-end malicious campaign." The company also described Telegram as a "scammers paradise" and a "breeding ground for modern phishing operations." This is not the first time the popular messaging platform has  come under the radar  for facilitating malicious activities, which are in part driven by its lenient modera
BreachForums Founder Sentenced to 20 Years of Supervised Release, No Jail Time

BreachForums Founder Sentenced to 20 Years of Supervised Release, No Jail Time

Jan 23, 2024 Cyber Crime / Dark Web
Conor Brian Fitzpatrick has been sentenced to time served and 20 years of supervised release for his role as the creator and administrator of BreachForums. Fitzpatrick, who went by the online alias "pompompurin," was arrested in March 2023 in New York and was subsequently charged with conspiracy to commit access device fraud and possession of child pornography. He was later released on a $300,000 bond, and in July 2023, he pleaded guilty to the charges. BreachForums was a major cyber crime marketplace that facilitated the trafficking of stolen data since March 2022. Prior to its shutdown exactly a year later, the website boasted of over 340,000 members. Among the stolen items commonly sold on the platform were bank account information, Social Security numbers, personally identifying information (PII), hacking tools, breached databases, and account login information for compromised online accounts with service providers and merchants. BreachForums also advertised servic
Turkish Hackers Exploiting Poorly Secured MS SQL Servers Across the Globe

Turkish Hackers Exploiting Poorly Secured MS SQL Servers Across the Globe

Jan 09, 2024 Data Security / Cyber Attack
Poorly secured Microsoft SQL (MS SQL) servers are being targeted in the U.S., European Union, and Latin American (LATAM) regions as part of an ongoing financially motivated campaign to gain initial access. "The analyzed threat campaign appears to end in one of two ways, either the selling of 'access' to the compromised host, or the ultimate delivery of ransomware payloads," Securonix researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in a technical report shared with The Hacker News. The campaign, linked to actors of Turkish origin, has been codenamed  RE#TURGENCE  by the cybersecurity firm. Initial access to the servers entails conducting brute-force attacks, followed by the use of  xp_cmdshell configuration option  to run shell commands on the compromised host. This activity mirrors that of a prior campaign dubbed  DB#JAMMER  that came to light in September 2023. This stage paves the way for the retrieval of a PowerShell script from a remote server that's responsible f
Operation RusticWeb: Rust-Based Malware Targets Indian Government Entities

Operation RusticWeb: Rust-Based Malware Targets Indian Government Entities

Dec 22, 2023 Malware / Cyber Threat
Indian government entities and the defense sector have been targeted by a phishing campaign that's engineered to drop Rust-based malware for intelligence gathering. The activity, first detected in October 2023, has been codenamed  Operation RusticWeb  by enterprise security firm SEQRITE. "New Rust-based payloads and encrypted PowerShell commands have been utilized to exfiltrate confidential documents to a web-based service engine, instead of a dedicated command-and-control (C2) server," security researcher Sathwik Ram Prakki  said . Tactical overlaps have been uncovered between the cluster and those widely tracked under the monikers  Transparent Tribe  and SideCopy, both of which are assessed to be linked to Pakistan. SideCopy is also a suspected subordinate element within Transparent Tribe. Last month, SEQRITE  detailed  multiple campaigns undertaken by the threat actor targeting Indian government bodies to deliver numerous trojans such as AllaKore RAT, Ares RAT, an
CISA Sets a Deadline - Patch Juniper Junos OS Flaws Before November 17

CISA Sets a Deadline - Patch Juniper Junos OS Flaws Before November 17

Nov 14, 2023 Cyber Attack / Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given a November 17, 2023, deadline for federal agencies and organizations to apply mitigations to secure against a number of security flaws in Juniper Junos OS that came to light in August. The agency on Monday  added  five vulnerabilities to the Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation - CVE-2023-36844  (CVSS score: 5.3) - Juniper Junos OS EX Series PHP External Variable Modification Vulnerability CVE-2023-36845  (CVSS score: 5.3) - Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability CVE-2023-36846  (CVSS score: 5.3) - Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability CVE-2023-36847  (CVSS score: 5.3) - Juniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability CVE-2023-36851  (CVSS score: 5.3) - Juniper Junos OS SRX Series Missing Authentication for Critical
Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities

Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities

Nov 13, 2023 Cyber Crime / Dark Web
Malaysian law enforcement authorities have  announced  the takedown of a phishing-as-a-service (PhaaS) operation called  BulletProofLink . The Royal Malaysia Police said the effort, which was carried out with assistance from the Australian Federal Police (AFP) and the U.S. Federal Bureau of Investigation (FBI) on November 6, 2023, was based on information that the threat actors behind the platform were based out of the country. To that end, eight individuals aged between 29 and 56, including the syndicate's mastermind, have been arrested across different locations in Sabah, Selangor, Perak, and Kuala Lumpur, New Straits Times  reported . Along with the arrests, authorities confiscated servers, computers, jewelry, vehicles, and cryptocurrency wallets containing approximately $213,000. BulletProofLink , also called BulletProftLink, is known for offering ready-to-use phishing templates on a subscription basis to other actors for conducting credential harvesting campaigns. These
Expert Insights / Articles Videos
Cybersecurity Resources