Russian hackers | Breaking Cybersecurity News | The Hacker News

Security Researcher from Group-IB ( Group-IB is one of the leading companies in global cybercrime prevention and hi-tech crime investigations )   has found a new kind of malware   that targets the Russian stock-trading platform QUIK. It was detected during several targeted attacks starting in November 2012 where  Cyber criminals have traditionally targeted private and corporate banking accounts, using malware (such as variants of the ZeuS  cyber-crime  toolkit ) to log key-strokes and extract account information. In the last year, Group-IB has received several incoming incident fraud requests on some famous online trading and stock brokerages where systems were possibly hacked and recently trading fraudsters have diversified tactics and begun to use malware. Group-IB has detected the first professional malware, targeted at a specialized trading software named QUIK (Quik Broker, Quik Dealer) from Russian software developers ARQA Technologies and FOCUS IVonline from

Russian hackers have figured out a way to download free games from Ubisoft's servers, exploiting an existing vulnerability in Ubisoft's uPlay launcher. According to reports, the copies of Far Cry 3 Blood Dragon that are available on torrent sites are the result of a hack of Ubisoft's uPlay service. The hack has allowed users to download advance copies of Far Cry 3: Blood Dragon, a game which has yet to be officially released. Blood Dragon will be officially released on 1st May, for Xbox 360, PS3 and PC. As a proof of the exploit, hackers even posted an 1 hour 30 mins long footage of the game. A Ubisoft spokesman said that the company was aware of the issue and was working to resolve it quickly.  An earlier tweet on their account attributed yesterday's outage to hackers as well, saying " Servers were attacked which limited service from 2:30PM to 9:00PM Paris time [8:30AM to 3:00PM EST]. " The hackers developed a piece of software which tricks

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Cybercriminals, underground hacking communities, hacker's market and Exploit packs.... Russian  cyberspace is well known for such crazy hacking stuff. Recently, the original Carberp botnet developer   ring that stole millions from bank accounts worldwide has been arrested. According to a report from Russian newspaper, a group of 20 people who served as its malware development team, were arrested by the Sluzhba Bezpeky Ukrayiny and the Federalnaya sluzhba bezopasnosti Rossiyskoy Federatsii (federal security service of Russia, FSB) in cities around Ukraine. Over $250 million has been stolen by the members of the botnet ring, which had roughly 20 members aged between 25 and 30. " Our experts did an enormous amount of work, which resulted in identifying the head of this criminal group, the owner and operator of a specialized banking botnet, identifying the control servers, and identifying the directing of traffic from popular websites in order to spread malware infectio

A new botnet emerged from underground and is menacing payment world, the cyber threat dubbed vSkimmer come from Russia according revelation of McAfee security firm .  The security expert Chintan Shah wrote on a blog post that during monitoring of Russian underground forum found a discussion about a Trojan for sale that can steal credit card information from Windows PC for financial transactions and credit card payments.  vSkimmer agent is able to detect card readers on the victim's machine and gather all the information from the Windows machines sending it to a remote control server encrypting it (Base64). The malware collects the following information from the infected machine and sends it to the control server: Machine GUID from the Registry Locale info Username Hostname OS version The vSkimmer malware indicated as the successor of the popular Dexter, a financial malware that targeted Point-of-Sale systems to grab card data as it transmitted during sales flow. Dexter

The mastermind Russian Hackers who coded and distributed the Gozi malware,  Nikita Vladimirovich Kuzmin , 25 was charged along with Deniss Calovskis, 27, and Mihai Ionut Paunescu, 28 for infecting more than a million computers worldwide in order to steal banking and other credentials from tens of thousands of victims. They may face a maximum penalty of 95, 60 and 67 years in prison, respectively. Kuzmin allegedly created the Gozi program in 2005, hiring a programmer to write the source code and then leasing it to other criminal customers. According to latest reports , Nikita has agreed to cooperate with the United States. As potential evidence, the feds have been able to retrieve 51 servers in Romania as well as laptops, desktops and external hard drives. The data seized amounts to 250 terabytes. Paunescu, a Romanian national who went by the name " Virus " operated a bulletproof hosting service that provided criminal customers with servers and IP addresses from which to s

Ask an expert on cyber espionage and he for sure he will speak of China, the most active and advanced country in this sector, this time a clamorous campaign apparently originated from Korea has been discovered. Security company FireEye collected evidences of a cyber espionage campaign, named " Sanny ", attributable to Korea. FireEye hasn't revealed the real origin of the offensive, it's a mystery which Korea is responsible between North or South Korea, but it confirmed that 80% of victims are Russian organizations and companies belonging to space research industry, information, education and telecommunication. According Ali Islam, security researcher at FireEye declared " Though we don't have full concrete evidence, we have identified many indicators leading to Korea as a possible origin of attack."   The following are the indicators we have so far: 1. The SMTP mail server and CnC are in Korea 2. The fonts "Batang" and "KP CheongPong" used in the

A Gold Coast, Australian medical centre computers are infected with some ransom malware by a group of Russian hackers . The hackers encrypted the practice's patient database, demanding payment of $4000 for the files to be decrypted. " Cyber criminals based mainly throughout Eastern Europe look for rich targets, places with identifying information to extort, " Mr Phair, director of the Centre for Internet Safety and a former investigator with the Australian High-Tech Crime Centre. There have been 11 similar offences in Queensland this year, according to police. David Wood, Miami Family Medical Centre's co-owner said, " We've got all the anti-virus stuff in place - there's no sign of a virus. They literally got in, hijacked the server and then ran their encryption software ". The server with encrypted information is being held offline and an IT contractor is working with the practice to restore a backup of patient records. IT security exper

A Russian hacker going by name - " kOS " hack into the Bulgarian torrent tracker " Arenabg " website ( https://forum.arenabg.com/ ) and leak the complete database of their forum and accused of collecting IP of users like PirateBay. Hacker said, " Why I hack this tracker? Because they store IP information and NO tracker must do, not on any of their service - blog, forum, custom CMS or else. If ARENABG not fix mistake, I dump main tracker information with all IP/username/pass! " Leaked Database include data of 22675 Users with their name, email, encrypted password and IP address and other forum based information. This Torrent site provide links and tracers for downloading movies, music, games, serials, programs, pictures, mobile applications. Hacker upload the complete SQL database on File sharing site .

Team GhostShell hackers group who was responsible for the recent leak of some millions of records from top universities around the world once again strike back. As the part of " Project Blackstar " Hacking group GhostShell Declares War On Russia and leaks 2.5 millions of accounts belong to  governmental, educational, academical, political, law enforcement, telecom, research institutes, medical facilities, large corporations in such fields as energy, petroleum, banks, dealerships and many more. This set of hacks is spread out across 301 links, many of which simply contain raw dump files uploaded to GitHub and mirrored on paste sites like Slexy.org and PasteSite.com. The files include IP addresses, names, logins, email addresses, passwords, phone numbers, and even addresses. " The average citizen is forced to live an isolated life from the rest of the world imposed by it's politicians and leaders. A way of thinking outdated for well over 100 years now, " Team GhostShell mem

In march 2011 CERT-Georgia has Discovered Cyber Espionage Attack Incident on country of Georgia.  Advanced Malicious Software was Collecting Sensitive, Confidential Information about Georgian and American Security Documents and then uploading it to some of Command and Control Servers. After a challenging investigating by CERT-Georgia researchers they found that this attack was linked Russian Official Security Agencies, Moreover investigators was able to turn on the webcam of mastermind behind the malware and they caught him on camera. Hacker hack some Georgian news sites and inject " Georbot Botnet " behind that, after visiting that page most of the readers get infected and malware take control of their systems. Malware was able to send any file from the local hard drive to the remote server, Steal certificates, Record audio using the microphone and web cams,  Scan the local network to identify other hosts on the same network. Malware was also using  CVE-2010-0842, CVE-20

We have already seen vulnerability in Remote Desktop Protocol (RDP) is a potential dangers of desktop remote-access tools commonly used by IT departments to handle help-desk issues and by administrators to manage virtualized machines. According to reports from krebsonsecurity, A Russian company called " dedicated express " ( Dedicatexpress.com ) is selling access to private company servers for as little as $4. Cyber criminals have hacked around 17,000 computers worldwide using such insecure applications in server and selling them in underground markets. Although almost 300,000 compromised systems have passed through this service since its inception in early 2010. New customers who contact the service's owner via instant message and pay a $20 registration fee via WebMoney, a virtual currency. The price of any hacked server is calculated based on several qualities, including the speed of its processor and the number of processor cores, the machine's download and up

Gary's 10 years spent living on a knife-edge has been nothing short of cruel and unnecessary punishment. There is another new hope for Gary McKinnon who is fighting extradition after being accused of hacking US military computers. Computer hacker Gary McKinnon will win his 10-year legal battle against extradition have been significantly raised after Home Office-appointed psychiatrists warned that he would be very likely to attempt suicide if sent for trial in the US. It comes as the result of a medical report by two Home Office psychiatrists, which found there is a "significant risk" of suicidal behaviour by Mr McKinnon. The Home Secretary will tell MPs of her final decision on the case on Tuesday. McKinnon's mother, Janis Sharp, has called on government figures to honour their promises to save her son. But despite this it remains unclear if the Home Secretary, Theresa May, will halt his extradition or not, having previously put it on hold to consider new evidence. McKin

Antivirus company Symantec has detected a malicious campaign in which hackers managed to deceive thousands of people allegedly signed by a paid proxy service. They expose that hundreds of thousands of users signing up for a cheap and supposedly legitimate proxy service have ended up downloading malware and being ensnared into a botnet. Three months ago, Symantec researchers started an investigation into a piece of malware called Backdoor.Proxybox that has been known since 2010, but has shown increasing activity recently. " The malware is Backdoor.Proxybox, and our investigation has revealed an entire black hat operation, giving us interesting information on the operation and size of this botnet, and leading us to information that may identify the actual malware author ," Symantec. The service - ProxyBox - supposedly provides access to its entire list of thousands of proxies for only $40 a month, which is obviously too cheap a price for the provider to break eve

" Cernaianu Manole Razvan " akka TinKode , the Romanian behind attacks against NASA, Oracle, the Pentagon, and U.S. Army, was sentenced this week to a two-year suspended sentence, according to local media reports and was ordered to pay damages totalling more than US$120,000. He was arrested in January for his part in a number of attacks. According to Cernianu's case file summary on the Romanian Ministry of Justice Web portal, he was sentenced on September 26 and received six prison sentences of one or two years for separate computer-related offenses. The offenses included: gaining unauthorized access to a protected computer system; transferring data from a computer system without authorization; affecting the normal operation of a computer system by deleting, modifying or sending electronic data; creating, selling or distributing a devices or a computer program designed to be used in computer crimes; creating, selling or distributing a password or access cod

Dmitry Olegovich Zubakha, a  Russian  man accused of launching distributed-denial-of-service (DDOS) attacks on Amazon.com, has been arrested this week by authorities in Cyprus based on an international warrant, the Department of Justice revealed. Zubakha, a native of Moscow, was indicted for two denial of service attacks in 2008 on the Amazon.com website. The indictment, unsealed Thursday, also details denial of service attacks on Priceline.com and eBay. " Orders from Amazon.com customers dropped significantly, as legitimate customers were unable to access the website and complete their e-commerce transactions during the pendency of the attack ," read an indictment unsealed in district court in western Washington on Thursday. The botnet involved requested "large and resource-intensive web pages" on a magnitude of between 600 and 1,000 percent of normal traffic levels, according to the indictment. The hacker is charged with conspiracy to intentionally cause damage

Bulgarian Hackers Group arrested Bulgarian authorities say that after months of investigation they have busted the "most powerful hacker group" in the country, the Cyber Warrior Invasion. The operation was conducted by Bulgaria's Sector for Computer Crimes, Intellectual Property and Gambling and the territorial units of the Chief Directorate for Fight with Organized Crime in the municipalities of Pleven, Shumen, Plovdiv, Burgas, Haskovo, Stara Zagora and Kyustendil. Using cyber "terrorist" methods, the group had attacked more than 500 websites worldwide, including those of financial institutions, web-based companies, and governmental and non-governmental organizations. On the confiscated computers, police discovered databases with large amounts of stolen emails, social network profiles and associated passwords, as well as stolen credit card data. The site www.cwi-group.org was used by the members of the group to coordinate their activities. Constantly changing its location and usin

Anonymous Hacks Japanese Government Websites against  Anti-Piracy Laws in Japan Japan's legislature has approved a bill revising the nation's copyright law to add criminal penalties for downloading copyrighted material or backing up content from a DVD. The penalties will come into effect in October.The Upper House of the Japanese Diet approved the bill by a vote of 221-12, less than a week after the measure cleared the lower house with almost no opposition. Violators risk up to two years in prison or fines up to two million yen (about $25,000). Hacker activist group Anonymous has attacked Japanese government websites, and is threatening further action in protest at new stiffer penalties for illegal downloading that were passed in a copyright law amendment. A Twitter feed, @op_japan, associated with hacking collective Anonymous claimed responsibility, reacting to the country's new anti-piracy bill.The new law outlines jail terms for those who download copyrighted content. The

Russian Botnet Hacker arrested for hacking into six million computers Police have detained a 22-year-old hacker who created a system of networked computers that was used to steal more than 150 million rubles ($4.47 million) from people's bank accounts and already one of the most wanted hacker in the world. But now, "Hermes" is, has been tapped over six million computers and earns around 5 million francs, was caught in Russia. The network infected around six million computers with a Trojan virus, which helped get access to users' bank accounts.  A bout the Trojans secretly installed, he had arranged illegal money transfers, said the interior ministry in Moscow on Friday. Police from Division K, the cybercrime branch of the Interior Ministry, searched the hacker's place of residence, confiscating computers and arresting the suspect. The statement did not specify when the arrest was made.The botnet built by the hacker included around 6 million computers from reg

LinkedIn Confirms Millions of Account Passwords Hacked LinkedIn Wednesday confirmed that at least some passwords compromised in a major security breach correspond to LinkedIn accounts. Norweigan IT website Dagens IT first reported the breach, noting that "Two days ago a package on the 6.5 million encrypted passwords posted on a Russian hacker site. Vicente Silveira, Director at LinkedIn, confirmed the hack on the company's blog Wednesday afternoon and outlined steps that LinkedIn is taking to deal with the situation. He wrote that those with compromised passwords will notice that their LinkedIn account password is no longer valid. "It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases," Linkedn director Vicente Silveira said in the blog post. The file only contains password

We are extremely delighted to announce the Call for Papers for The Hackers Conference 2012   It is a unique event, where the elite of the hacker world, leaders in the information security industry and the Internet community meet face to face to join their efforts to cooperate in addressing the most topical issues of the IT world. Conference will be held in New Delhi, India and aims to get together industry, government, academia and underground hackers to share knowledge and leading-edge ideas about information security and everything related to it. The following list contains major topics the conference will cover. Please consider submitting even if the subject of your research is not listed here. Topics Cloud Security Wireless hacking GSM/VoIP Security Smartphone / Mobile Security Exploit development techniques Advance in reverse engineering National Security & Cyber Warfare New Vulnerabilities and Exploits/0-days Antivirus/Firewall/UTM Evasion Techniques New Web atta