#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

darknet | Breaking Cybersecurity News | The Hacker News

German Police Seize 'Nemesis Market' in Major International Darknet Raid

German Police Seize 'Nemesis Market' in Major International Darknet Raid
Mar 24, 2024 Ransomware / Threat Intelligence
German authorities have announced the takedown of an illicit underground marketplace called  Nemesis Market  that peddled narcotics, stolen data, and various cybercrime services. The Federal Criminal Police Office (aka Bundeskriminalamt or BKA) said it seized the digital infrastructure associated with the darknet service located in Germany and Lithuania and confiscated €94,000 ($102,107) in cryptocurrency assets. The operation, conducted in collaboration with law enforcement agencies from Germany, Lithuania, and the U.S., took place on March 20, 2024, following an extensive investigation that commenced in October 2022. Founded in 2021, Nemesis Market is estimated to have had more than 150,000 user accounts and 1,100 seller accounts from all over the world prior to its shutdown. Almost 20$ of the seller accounts were from Germany. "The range of goods available on the marketplace included narcotics, fraudulently obtained data and goods, as well as a selection of cybercrime serv

LockBit Ransomware's Darknet Domains Seized in Global Law Enforcement Raid

LockBit Ransomware's Darknet Domains Seized in Global Law Enforcement Raid
Feb 20, 2024 Dark Web / Cybercrime
Update: The U.K. National Crime Agency (NCA) has confirmed the takedown of LockBit infrastructure. Read here for more details . An international law enforcement operation has led to the seizure of multiple darknet domains operated by  LockBit , one of the most prolific ransomware groups, marking the latest in a long list of digital takedowns. While the full extent of the effort, codenamed  Operation Cronos , is presently unknown, visiting the group's .onion website displays a seizure banner containing the message "The site is now under the control of law enforcement." Authorities from 11 countries, Australia, Canada, Finland, France, Germany, Japan, the Netherlands, Sweden, Switzerland, the U.K., and the U.S., alongside Europol participated in the joint exercise. Malware research group VX-Underground, in a  message  posted on X (formerly Twitter), said the websites were taken down by exploiting a critical security flaw impacting PHP ( CVE-2023-3824 , CVSS score: 9.8

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future
Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu

Exposed Secrets are Everywhere. Here's How to Tackle Them

Exposed Secrets are Everywhere. Here's How to Tackle Them
Jan 05, 2024 Threat Intelligence / Security Automation
Picture this: you stumble upon a concealed secret within your company's source code. Instantly, a wave of panic hits as you grasp the possible consequences. This one hidden secret has the power to pave the way for unauthorized entry, data breaches, and a damaged reputation. Understanding the secret is just the beginning; swift and resolute action becomes imperative. However, lacking the necessary context, you're left pondering the optimal steps to take. What's the right path forward in this situation? Secrets management is an essential aspect of any organization's security strategy. In a world where breaches are increasingly common, managing sensitive information such as API keys, credentials, and tokens can make all the difference. Secret scanners play a role in identifying exposed secrets within source code, but they have one significant limitation:  they don't provide context. And without context, it's impossible to devise an appropriate response plan. Con

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

U.S. Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean Hackers

U.S. Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean Hackers
Nov 30, 2023 Hacking / Cryptocurrency
The U.S. Treasury Department on Wednesday imposed sanctions against  Sinbad , a virtual currency mixer that has been put to use by the North Korea-linked  Lazarus Group  to launder ill-gotten proceeds. "Sinbad has processed millions of dollars' worth of virtual currency from Lazarus Group heists, including the Horizon Bridge and Axie Infinity heists," the department said . "Sinbad is also used by cybercriminals to obfuscate transactions linked to malign activities such as sanctions evasion, drug trafficking, the purchase of child sexual abuse materials, and additional illicit sales on darknet marketplaces." In addition to the sanctions, Sinbad had its website seized as part of a coordinated law enforcement action between agencies in the U.S., Finland, and the Netherlands. The development builds on prior actions undertaken by governments in Europe and the U.S. to blockade mixers such as  Blender ,  Tornado Cash , and  ChipMixer , all of which have been accu

CISA Sets a Deadline - Patch Juniper Junos OS Flaws Before November 17

CISA Sets a Deadline - Patch Juniper Junos OS Flaws Before November 17
Nov 14, 2023 Cyber Attack / Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given a November 17, 2023, deadline for federal agencies and organizations to apply mitigations to secure against a number of security flaws in Juniper Junos OS that came to light in August. The agency on Monday  added  five vulnerabilities to the Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation - CVE-2023-36844  (CVSS score: 5.3) - Juniper Junos OS EX Series PHP External Variable Modification Vulnerability CVE-2023-36845  (CVSS score: 5.3) - Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability CVE-2023-36846  (CVSS score: 5.3) - Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability CVE-2023-36847  (CVSS score: 5.3) - Juniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability CVE-2023-36851  (CVSS score: 5.3) - Juniper Junos OS SRX Series Missing Authentication for Critical

Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities

Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities
Nov 13, 2023 Cyber Crime / Dark Web
Malaysian law enforcement authorities have  announced  the takedown of a phishing-as-a-service (PhaaS) operation called  BulletProofLink . The Royal Malaysia Police said the effort, which was carried out with assistance from the Australian Federal Police (AFP) and the U.S. Federal Bureau of Investigation (FBI) on November 6, 2023, was based on information that the threat actors behind the platform were based out of the country. To that end, eight individuals aged between 29 and 56, including the syndicate's mastermind, have been arrested across different locations in Sabah, Selangor, Perak, and Kuala Lumpur, New Straits Times  reported . Along with the arrests, authorities confiscated servers, computers, jewelry, vehicles, and cryptocurrency wallets containing approximately $213,000. BulletProofLink , also called BulletProftLink, is known for offering ready-to-use phishing templates on a subscription basis to other actors for conducting credential harvesting campaigns. These

Darknet Carding Kingpin Pleads Guilty: Sold Financial Info of Tens of Thousands

Darknet Carding Kingpin Pleads Guilty: Sold Financial Info of Tens of Thousands
May 18, 2023 Cyber Crime / Payment Security
A U.S. national has pleaded guilty in a Missouri court to operating a darknet carding site and selling financial information belonging to tens of thousands of victims in the country. Michael D. Mihalo , aka Dale Michael Mihalo Jr. and ggmccloud1, has been accused of setting up a carding site called Skynet Market that specialized in the trafficking of credit and debit card data. Mihalo and his associates also peddled their warez on other dark web marketplaces such as AlphaBay Market, Wall Street Market, and Hansa Market between February 22, 2016, and October 1, 2019. "Mihalo assembled and directed the team that helped him sell this stolen financial information on the darknet," the U.S. Department of Justice (DoJ)  said  in a press statement released on May 16, 2023. "Mihalo personally possessed, sent, and received the information associated with 49,084 stolen payment cards with the intent that the payment card information would be trafficked on darknet sites, all i

Darknet's Largest Mobile Malware Marketplace Threatens Users Worldwide

 Darknet's Largest Mobile Malware Marketplace Threatens Users Worldwide
Dec 06, 2022 Mobile Malware / Darknet
Cybersecurity researchers have shed light on a darknet marketplace called  InTheBox  that's designed to specifically cater to mobile malware operators. The actor behind the criminal storefront, believed to be available since at least January 2020, has been offering over 400 custom web injects grouped by geography that can be purchased by other adversaries looking to mount attacks of their own. "The automation allows other bad actors to create orders to receive the most up to date web injects for further implementation into mobile malware," Resecurity  said . "InTheBox may be called the largest and probably the only one in its marketplace category providing high-quality web injects for popular types of mobile malware." Web injects are  packages  used in financial malware that leverage the adversary-in-the-browser (AitB) attack vector to serve malicious HTML or JavaScript code in the form of an overlay screen when victims launch a banking, crypto, payments,

U.S. Treasury Department Sanctions Russia-based Hydra Darknet Marketplace

U.S. Treasury Department Sanctions Russia-based Hydra Darknet Marketplace
Apr 06, 2022
The U.S. Treasury Department on Tuesday sanctioned Hydra, the same day German law enforcement authorities  disrupted  the world's largest and longest-running dark web marketplace following a coordinated operation in partnership with U.S. officials. The sanctions are part of an "international effort to disrupt proliferation of malicious cybercrime services, dangerous drugs, and other illegal offerings available through the Russia-based site," the Treasury Department  said  in a statement. Along with the sanctions, the Office of Foreign Assets Control (OFAC) disclosed a list of  more than 100 virtual currency addresses  that have been identified as associated with the entity's operations to conduct illicit transactions. The sanctions come as Germany's Federal Criminal Police Office shut down the online criminal marketplace that it said specialized in narcotics trade, seizing its servers and 543 bitcoins worth 23 million euros ($25.3 million). Hydra was a Russi

Germany Shuts Down Russian Hydra Darknet Market; Seizes $25 Million in Bitcoin

Germany Shuts Down Russian Hydra Darknet Market; Seizes $25 Million in Bitcoin
Apr 05, 2022
Germany's Federal Criminal Police Office, the Bundeskriminalamt (BKA), on Tuesday announced the official takedown of Hydra, the world's largest illegal dark web marketplace that has cumulatively facilitated over $5 billion in Bitcoin transactions to date. "Bitcoins amounting to currently the equivalent of approximately €23 million were seized, which are attributed to the marketplace," the BKA said in a press release. Blockchain analytics firm Elliptic confirmed that the seizure occurred on April 5, 2022 in a series of 88 transactions totaling 543.3 BTC. The agency attributed the shutdown of Hydra to an extensive investigation operation conducted by its Central Office for Combating Cybercrime (ZIT) in partnership with U.S. law enforcement authorities that it said had been underway since August 2021. Launched in 2015, Hydra was a Russian-language darknet marketplace that opened as a competitor to the now-defunct Russian Anonymous Marketplace (aka RAMP), primarily

Deep Web Search Engines to Explore the Hidden Internet

Deep Web Search Engines to Explore the Hidden Internet
Feb 11, 2016
Do you know: There is a vast section of the Internet which is hidden and not accessible through regular search engines and web browsers. This part of the Internet is known as the Deep Web , and it is about 500 times the size of the Web that we know. What is DEEP WEB? Deep Web  is referred to the data which are not indexed by any standard search engine such as Google or Yahoo. The 'Deep Web' refers to all web pages that search engines cannot find, such as user databases, registration-required web forums, webmail pages, and pages behind paywalls. Then, there's the Dark Web or Dark Net – a specific part of that hidden Deep Web. Deep Web and Dark Web are the intriguing topics for the Netizens all around. But when you hear the term 'Deep Web' or 'Dark Web,' you usually categorize them into one. If yes, then you are wrong. What is DARK WEB? Dark Web is where you can operate without been tracked, maintaining total anonymity.

Thousands of Hacked Uber Accounts Selling on Dark Web for $1

Thousands of Hacked Uber Accounts Selling on Dark Web for $1
Mar 30, 2015
$US1 may be a very little amount, but it is enough to buy you a stolen Uber account and free car rides around the city. Two separate vendors on AlphaBay , a relatively new Dark Web marketplace launched in late 2014, are selling active Uber accounts with usernames and passwords for $1 each, Motherboard reports . Once purchased, these active Uber accounts let you order up rides using the payment information provided on the file. Additionally, other sensitive information that comes with the purchase includes partial credit card data (the last four digits and expiration date), trip history, email addresses, phone numbers, and location information of users' home and work addresses. Over on AlphaBay market, a vendor identified as " Courvoisier " is claiming to sell hacked Uber accounts for $1 each. Under the product listing for ' x1 UBER ACCOUNT - WORLDWIDE TAXI!, ' anyone can buy a Uber account anonymously. Another vendor, identified as ThinkingFo

Sheep Marketplace Owner Arrested While Trying to Buy Luxury Home

Sheep Marketplace Owner Arrested While Trying to Buy Luxury Home
Mar 29, 2015
Thomas Jiřikovský , an alleged Owner of one of the most popular Darknet website ' Sheep Marketplace , ' has been arrested after laundering around $40 Million, making it one of the biggest exit scams in Darknet history. After the arrest of Silk Road owner 'Ross Ulbricht' in 2013 -- Sheep Marketplace became the next famous anonymous underground marketplace among Black Market customers for selling illicit products, especially drugs. But only after few weeks, Sheep Marketplace was suddenly disappeared and was taken offline by its owner, who had been suspected of stealing $40 million worth of Bitcoins at the time when Bitcoin market value was at the peak. Shortly after this Bitcoin Scam, a Darknet commentator ' Gwern Branwen ' doxed the owner, and the suspect was identified -- Thomas Jiřikovský as the owner of the black market website. Unfortunately, Jiřikovský forgot to hide his identity and residential address from the Internet, which was exposed by his Facebook

Deep Web Drug Market Disappeared suddenly Overnight, $12 Million in Bitcoin Missing

Deep Web Drug Market Disappeared suddenly Overnight, $12 Million in Bitcoin Missing
Mar 18, 2015
Evolution -- The largest Deep Web drugs marketplace, disappeared suddenly overnight from the Internet. But unlike Silk Road, there is no indication that the law enforcement took down the Evolution marketplace. The Darknet's most popular markets for drugs and bespoke carjacking services is mysteriously offline Wednesday with rumours circulating over the Internet that its own administrators may have just scammed its huge user base and stole $12 Millions in Bitcoin. The Evolution black marketplace opened in January 2014, and gained popularity after the shutdown of Silk ​Road and arrest of its unassuming founder, Ross U​lbricht , with a promise of less fraud. Like Silk Road , Evolution also dealt in drugs, as well as illegal weapons, counterfeit goods, stolen credit cards and guides to committing fraud. Evolution was only accessible through anonymity Tor network. At the time of its apparent vanish, Evolution was home to nearly 20,000 drug sales, far more than Silk Road

Onion.City — Search Engine for Deep Web that Works From Normal Web Browser

Onion.City — Search Engine for Deep Web that Works From Normal Web Browser
Feb 21, 2015
There is an entire section of the Internet that you probably don't see on daily basis, it's called the " Darknet " or " Deep Web ", where all browsing is done anonymously. About a week ago, we reported about the 'Memex' Deep Web Search Engine , a Defense Advance Research Projects Agency (DARPA) project to create a powerful new search engine that could find things on the deep web that isn't indexed by Google and other commercial search engines, but it isn't available to you and me. Now, there is another search engine that will let anyone easily search the Deep Web for large swaths of information for free, and without an application; you only need is an Internet connection. Onion.City , a new search engine for online underground markets that makes it more easier to find and buy drugs, guns, stolen credit cards directly from your Chrome, Internet Explorer or Firefox browser without installing and browsing via Tor Browser . Just two

Warrant Authorized FBI to Track and Infect Computers with Malware

Warrant Authorized FBI to Track and Infect Computers with Malware
Aug 06, 2014
Tor has always been a tough target for law enforcement for years, but the United States Federal Bureau of Investigation ( FBI ) has found a way to successfully track users across the network. Just a few days back, Tor made a difficult announcement that an attack on its system likely exposed its users of anonymity. Now, a new report from Wired suggests that the FBI has been running a malware campaign to identify Tor users by infecting their computers for years on a large scale. FBI USES DRIVE-BY HACKING TO TRACK USERS Tor is generally thought to be a place where users come online to hide their activities and remain anonymous, but a court case has revealed an opposite story. FBI has been using a tactic called drive-by hacking to track computers using the Tor anonymous computing system. Security researchers call the tactic a " drive-by download " in which a hacker infiltrates a high-traffic website to deliver the malware to large swaths of visitors. That simply means t
Cybersecurity Resources