#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

darknet | Breaking Cybersecurity News | The Hacker News

Category — darknet
HuiOne Guarantee: The $11 Billion Cybercrime Hub of Southeast Asia

HuiOne Guarantee: The $11 Billion Cybercrime Hub of Southeast Asia

Jul 10, 2024 Online Scam / Blockchain
Cryptocurrency analysts have shed light on an online marketplace called HuiOne Guarantee that's widely used by cybercriminals in Southeast Asia, particularly those linked to pig butchering scams. "Merchants on the platform offer technology, data, and money laundering services, and have engaged in transactions totaling at least $11 billion," Elliptic said in a report shared with The Hacker News. The British blockchain analytics firm said that the marketplace is part of HuiOne Group, a Cambodian conglomerate with links to Cambodia's ruling Hun family and that another HuiOne business, HuiOne International Payments, is actively involved in laundering scam proceeds globally. According to its website , HuiOne's financial services arm is said to have 500,000 registered users. It also touts Alipay, Huawei, PayGo Wallet, UnionPay, and Yes Seatel as its customers. Southeast Asian countries like Burma, Cambodia, Laos, Malaysia, Myanmar, and the Philippines have become
Ukraine Police Arrest Suspect Linked to LockBit and Conti Ransomware Groups

Ukraine Police Arrest Suspect Linked to LockBit and Conti Ransomware Groups

Jun 13, 2024 Cyber Crime / Ransomware
The Cyber Police of Ukraine has announced the arrest of a local man who is suspected to have offered their services to LockBit and Conti ransomware groups. The unnamed 28-year-old native of the Kharkiv region allegedly specialized in the development of crypters to encrypt and obfuscate malicious payloads in order to evade detection by security programs. The product is believed to have been offered to the Conti and LockBit ransomware syndicates that then used the crypter to disguise the file-encrypting malware and launch successful attacks. "And at the end of 2021, members of the [Conti] group infected the computer networks of enterprises in the Netherlands and Belgium with hidden malware," according to a translated version of the statement released by the agency. As part of the investigation, authorities conducted searches in Kyiv and Kharkiv, and seized computer equipment, mobile phones, and notebooks. If found guilty, the defendant is expected to face up to 15 years
Agentic AI in SOCs: A Solution to SOAR's Unfulfilled Promises

Agentic AI in SOCs: A Solution to SOAR's Unfulfilled Promises

Sep 25, 2024Artificial Intelligence / SOC Automation
Security Orchestration, Automation, and Response (SOAR) was introduced with the promise of revolutionizing Security Operations Centers (SOCs) through automation, reducing manual workloads and enhancing efficiency. However, despite three generations of technology and 10 years of advancements, SOAR hasn't fully delivered on its potential, leaving SOCs still grappling with many of the same challenges. Enter Agentic AI—a new approach that could finally fulfill the SOC's long-awaited vision, providing a more dynamic and adaptive solution to automate SOC operations effectively. Three Generations of SOAR – Still Falling Short SOAR emerged in the mid-2010s with companies like PhantomCyber, Demisto, and Swimlane, promising to automate SOC tasks, improve productivity, and shorten response times. Despite these ambitions, SOAR found its greatest success in automating generalized tasks like threat intel propagation, rather than core threat detection, investigation, and response (TDIR) workloads.
Bitcoin Forensic Analysis Uncovers Money Laundering Clusters and Criminal Proceeds

Bitcoin Forensic Analysis Uncovers Money Laundering Clusters and Criminal Proceeds

May 01, 2024 Financial Crime / Forensic Analysis
A forensic analysis of a graph dataset containing transactions on the Bitcoin blockchain has revealed clusters associated with illicit activity and money laundering, including detecting criminal proceeds sent to a crypto exchange and previously unknown wallets belonging to a Russian darknet market. The  findings  come from Elliptic in collaboration with researchers from the MIT-IBM Watson AI Lab. The 26 GB dataset, dubbed  Elliptic2 , is a "large graph dataset containing 122K labeled subgraphs of Bitcoin clusters within a background graph consisting of 49M node clusters and 196M edge transactions," the co-authors  said  in a paper shared with The Hacker News. Elliptic2 builds on the  Elliptic Data Set  (aka Elliptic1), a transaction graph that was made public in July 2019 with the goal of  combating financial crime  using graph convolutional neural networks ( GCNs ). The idea, in a nutshell, is to uncover unlawful activity and money laundering patterns by taking advanta
cyber security

How to Stay Safe From Insider & User Offboarding Risks

websiteWing SecuritySaaS Security / Insider Threat
Unrevoked permissions for offboarded employees is just one of the risks that can result in data breaches.
German Police Seize 'Nemesis Market' in Major International Darknet Raid

German Police Seize 'Nemesis Market' in Major International Darknet Raid

Mar 24, 2024 Ransomware / Threat Intelligence
German authorities have announced the takedown of an illicit underground marketplace called  Nemesis Market  that peddled narcotics, stolen data, and various cybercrime services. The Federal Criminal Police Office (aka Bundeskriminalamt or BKA) said it seized the digital infrastructure associated with the darknet service located in Germany and Lithuania and confiscated €94,000 ($102,107) in cryptocurrency assets. The operation, conducted in collaboration with law enforcement agencies from Germany, Lithuania, and the U.S., took place on March 20, 2024, following an extensive investigation that commenced in October 2022. Founded in 2021, Nemesis Market is estimated to have had more than 150,000 user accounts and 1,100 seller accounts from all over the world prior to its shutdown. Almost 20$ of the seller accounts were from Germany. "The range of goods available on the marketplace included narcotics, fraudulently obtained data and goods, as well as a selection of cybercrime serv
LockBit Ransomware's Darknet Domains Seized in Global Law Enforcement Raid

LockBit Ransomware's Darknet Domains Seized in Global Law Enforcement Raid

Feb 20, 2024 Dark Web / Cybercrime
Update: The U.K. National Crime Agency (NCA) has confirmed the takedown of LockBit infrastructure. Read here for more details . An international law enforcement operation has led to the seizure of multiple darknet domains operated by  LockBit , one of the most prolific ransomware groups, marking the latest in a long list of digital takedowns. While the full extent of the effort, codenamed  Operation Cronos , is presently unknown, visiting the group's .onion website displays a seizure banner containing the message "The site is now under the control of law enforcement." Authorities from 11 countries, Australia, Canada, Finland, France, Germany, Japan, the Netherlands, Sweden, Switzerland, the U.K., and the U.S., alongside Europol participated in the joint exercise. Malware research group VX-Underground, in a  message  posted on X (formerly Twitter), said the websites were taken down by exploiting a critical security flaw impacting PHP ( CVE-2023-3824 , CVSS score: 9.8
Exposed Secrets are Everywhere. Here's How to Tackle Them

Exposed Secrets are Everywhere. Here's How to Tackle Them

Jan 05, 2024 Threat Intelligence / Security Automation
Picture this: you stumble upon a concealed secret within your company's source code. Instantly, a wave of panic hits as you grasp the possible consequences. This one hidden secret has the power to pave the way for unauthorized entry, data breaches, and a damaged reputation. Understanding the secret is just the beginning; swift and resolute action becomes imperative. However, lacking the necessary context, you're left pondering the optimal steps to take. What's the right path forward in this situation? Secrets management is an essential aspect of any organization's security strategy. In a world where breaches are increasingly common, managing sensitive information such as API keys, credentials, and tokens can make all the difference. Secret scanners play a role in identifying exposed secrets within source code, but they have one significant limitation:  they don't provide context. And without context, it's impossible to devise an appropriate response plan. Con
U.S. Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean Hackers

U.S. Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean Hackers

Nov 30, 2023 Hacking / Cryptocurrency
The U.S. Treasury Department on Wednesday imposed sanctions against  Sinbad , a virtual currency mixer that has been put to use by the North Korea-linked  Lazarus Group  to launder ill-gotten proceeds. "Sinbad has processed millions of dollars' worth of virtual currency from Lazarus Group heists, including the Horizon Bridge and Axie Infinity heists," the department said . "Sinbad is also used by cybercriminals to obfuscate transactions linked to malign activities such as sanctions evasion, drug trafficking, the purchase of child sexual abuse materials, and additional illicit sales on darknet marketplaces." In addition to the sanctions, Sinbad had its website seized as part of a coordinated law enforcement action between agencies in the U.S., Finland, and the Netherlands. The development builds on prior actions undertaken by governments in Europe and the U.S. to blockade mixers such as  Blender ,  Tornado Cash , and  ChipMixer , all of which have been accu
CISA Sets a Deadline - Patch Juniper Junos OS Flaws Before November 17

CISA Sets a Deadline - Patch Juniper Junos OS Flaws Before November 17

Nov 14, 2023 Cyber Attack / Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given a November 17, 2023, deadline for federal agencies and organizations to apply mitigations to secure against a number of security flaws in Juniper Junos OS that came to light in August. The agency on Monday  added  five vulnerabilities to the Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation - CVE-2023-36844  (CVSS score: 5.3) - Juniper Junos OS EX Series PHP External Variable Modification Vulnerability CVE-2023-36845  (CVSS score: 5.3) - Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability CVE-2023-36846  (CVSS score: 5.3) - Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability CVE-2023-36847  (CVSS score: 5.3) - Juniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability CVE-2023-36851  (CVSS score: 5.3) - Juniper Junos OS SRX Series Missing Authentication for Critical
Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities

Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities

Nov 13, 2023 Cyber Crime / Dark Web
Malaysian law enforcement authorities have  announced  the takedown of a phishing-as-a-service (PhaaS) operation called  BulletProofLink . The Royal Malaysia Police said the effort, which was carried out with assistance from the Australian Federal Police (AFP) and the U.S. Federal Bureau of Investigation (FBI) on November 6, 2023, was based on information that the threat actors behind the platform were based out of the country. To that end, eight individuals aged between 29 and 56, including the syndicate's mastermind, have been arrested across different locations in Sabah, Selangor, Perak, and Kuala Lumpur, New Straits Times  reported . Along with the arrests, authorities confiscated servers, computers, jewelry, vehicles, and cryptocurrency wallets containing approximately $213,000. BulletProofLink , also called BulletProftLink, is known for offering ready-to-use phishing templates on a subscription basis to other actors for conducting credential harvesting campaigns. These
Darknet Carding Kingpin Pleads Guilty: Sold Financial Info of Tens of Thousands

Darknet Carding Kingpin Pleads Guilty: Sold Financial Info of Tens of Thousands

May 18, 2023 Cyber Crime / Payment Security
A U.S. national has pleaded guilty in a Missouri court to operating a darknet carding site and selling financial information belonging to tens of thousands of victims in the country. Michael D. Mihalo , aka Dale Michael Mihalo Jr. and ggmccloud1, has been accused of setting up a carding site called Skynet Market that specialized in the trafficking of credit and debit card data. Mihalo and his associates also peddled their warez on other dark web marketplaces such as AlphaBay Market, Wall Street Market, and Hansa Market between February 22, 2016, and October 1, 2019. "Mihalo assembled and directed the team that helped him sell this stolen financial information on the darknet," the U.S. Department of Justice (DoJ)  said  in a press statement released on May 16, 2023. "Mihalo personally possessed, sent, and received the information associated with 49,084 stolen payment cards with the intent that the payment card information would be trafficked on darknet sites, all i
 Darknet's Largest Mobile Malware Marketplace Threatens Users Worldwide

Darknet's Largest Mobile Malware Marketplace Threatens Users Worldwide

Dec 06, 2022 Mobile Malware / Darknet
Cybersecurity researchers have shed light on a darknet marketplace called  InTheBox  that's designed to specifically cater to mobile malware operators. The actor behind the criminal storefront, believed to be available since at least January 2020, has been offering over 400 custom web injects grouped by geography that can be purchased by other adversaries looking to mount attacks of their own. "The automation allows other bad actors to create orders to receive the most up to date web injects for further implementation into mobile malware," Resecurity  said . "InTheBox may be called the largest and probably the only one in its marketplace category providing high-quality web injects for popular types of mobile malware." Web injects are  packages  used in financial malware that leverage the adversary-in-the-browser (AitB) attack vector to serve malicious HTML or JavaScript code in the form of an overlay screen when victims launch a banking, crypto, payments,
U.S. Treasury Department Sanctions Russia-based Hydra Darknet Marketplace

U.S. Treasury Department Sanctions Russia-based Hydra Darknet Marketplace

Apr 06, 2022
The U.S. Treasury Department on Tuesday sanctioned Hydra, the same day German law enforcement authorities  disrupted  the world's largest and longest-running dark web marketplace following a coordinated operation in partnership with U.S. officials. The sanctions are part of an "international effort to disrupt proliferation of malicious cybercrime services, dangerous drugs, and other illegal offerings available through the Russia-based site," the Treasury Department  said  in a statement. Along with the sanctions, the Office of Foreign Assets Control (OFAC) disclosed a list of  more than 100 virtual currency addresses  that have been identified as associated with the entity's operations to conduct illicit transactions. The sanctions come as Germany's Federal Criminal Police Office shut down the online criminal marketplace that it said specialized in narcotics trade, seizing its servers and 543 bitcoins worth 23 million euros ($25.3 million). Hydra was a Russi
Germany Shuts Down Russian Hydra Darknet Market; Seizes $25 Million in Bitcoin

Germany Shuts Down Russian Hydra Darknet Market; Seizes $25 Million in Bitcoin

Apr 05, 2022
Germany's Federal Criminal Police Office, the Bundeskriminalamt (BKA), on Tuesday announced the official takedown of Hydra, the world's largest illegal dark web marketplace that has cumulatively facilitated over $5 billion in Bitcoin transactions to date. "Bitcoins amounting to currently the equivalent of approximately €23 million were seized, which are attributed to the marketplace," the BKA said in a press release. Blockchain analytics firm Elliptic confirmed that the seizure occurred on April 5, 2022 in a series of 88 transactions totaling 543.3 BTC. The agency attributed the shutdown of Hydra to an extensive investigation operation conducted by its Central Office for Combating Cybercrime (ZIT) in partnership with U.S. law enforcement authorities that it said had been underway since August 2021. Launched in 2015, Hydra was a Russian-language darknet marketplace that opened as a competitor to the now-defunct Russian Anonymous Marketplace (aka RAMP), primarily
Deep Web Search Engines to Explore the Hidden Internet

Deep Web Search Engines to Explore the Hidden Internet

Feb 11, 2016
Do you know: There is a vast section of the Internet which is hidden and not accessible through regular search engines and web browsers. This part of the Internet is known as the Deep Web , and it is about 500 times the size of the Web that we know. What is DEEP WEB? Deep Web  is referred to the data which are not indexed by any standard search engine such as Google or Yahoo. The 'Deep Web' refers to all web pages that search engines cannot find, such as user databases, registration-required web forums, webmail pages, and pages behind paywalls. Then, there's the Dark Web or Dark Net – a specific part of that hidden Deep Web. Deep Web and Dark Web are the intriguing topics for the Netizens all around. But when you hear the term 'Deep Web' or 'Dark Web,' you usually categorize them into one. If yes, then you are wrong. What is DARK WEB? Dark Web is where you can operate without been tracked, maintaining total anonymity.
Thousands of Hacked Uber Accounts Selling on Dark Web for $1

Thousands of Hacked Uber Accounts Selling on Dark Web for $1

Mar 30, 2015
$US1 may be a very little amount, but it is enough to buy you a stolen Uber account and free car rides around the city. Two separate vendors on AlphaBay , a relatively new Dark Web marketplace launched in late 2014, are selling active Uber accounts with usernames and passwords for $1 each, Motherboard reports . Once purchased, these active Uber accounts let you order up rides using the payment information provided on the file. Additionally, other sensitive information that comes with the purchase includes partial credit card data (the last four digits and expiration date), trip history, email addresses, phone numbers, and location information of users' home and work addresses. Over on AlphaBay market, a vendor identified as " Courvoisier " is claiming to sell hacked Uber accounts for $1 each. Under the product listing for ' x1 UBER ACCOUNT - WORLDWIDE TAXI!, ' anyone can buy a Uber account anonymously. Another vendor, identified as ThinkingFo
Sheep Marketplace Owner Arrested While Trying to Buy Luxury Home

Sheep Marketplace Owner Arrested While Trying to Buy Luxury Home

Mar 29, 2015
Thomas Jiřikovský , an alleged Owner of one of the most popular Darknet website ' Sheep Marketplace , ' has been arrested after laundering around $40 Million, making it one of the biggest exit scams in Darknet history. After the arrest of Silk Road owner 'Ross Ulbricht' in 2013 -- Sheep Marketplace became the next famous anonymous underground marketplace among Black Market customers for selling illicit products, especially drugs. But only after few weeks, Sheep Marketplace was suddenly disappeared and was taken offline by its owner, who had been suspected of stealing $40 million worth of Bitcoins at the time when Bitcoin market value was at the peak. Shortly after this Bitcoin Scam, a Darknet commentator ' Gwern Branwen ' doxed the owner, and the suspect was identified -- Thomas Jiřikovský as the owner of the black market website. Unfortunately, Jiřikovský forgot to hide his identity and residential address from the Internet, which was exposed by his Facebook
Cybersecurity
Expert Insights / Articles Videos
Cybersecurity Resources