Search This Blog

Showing posts with label Cyber Crime Report. Show all posts

The Russian Federation submitted to the United Nations the world's first draft convention against cybercrime

The Prosecutor General's Office of the Russian Federation reported that Russia has submitted to the UN the world's first draft convention on countering cybercrime and the criminal use of cryptocurrency.

Recall that last year an interdepartmental working group on combating information crime was established, one of the main tasks of which was to develop a draft of a universal comprehensive international convention on combating the use of information and communication technologies for criminal purposes.

The project has a number of advantages. It takes into account modern challenges and threats in the field of international information security, including the criminal use of cryptocurrency, introduces new elements of crimes committed using information and communication technologies.

It is stressed that Russia was the first country that developed and submitted to the special committee a draft convention to combating information crimes.

"Today cyber attacks are as much a weapon of mass destruction as a tactical nuclear weapon. Infrastructure, from the fuel supply to the water supply, can be stopped in an entire city. The settlement will be paralyzed with zero casualties. Thus, I would call cyberattacks bloodless killers, they do not set themselves the goal of destroying the population but simply teleport this population, in fact, to the Stone Age,” commented on the news the State Duma deputy Ruslan Balbek.

According to him, the Russian draft convention is timely and relevant.

In March, the President of Russia Vladimir Putin announced an increase in the number of crimes in the IT-sphere. He pointed out that over the past six years, the number of such crimes has increased 10 times.

Earlier, E Hacking News was reported that Russia-US summit was held in Geneva on June 16. Summing up the negotiations, Vladimir Putin said that the sides will start consultations on cybersecurity.

Experts Said How Cybercriminals Make Money on Russian Gamers

One of the most popular fraud schemes involves buying or selling an account in online games. An attacker can offer an account, but after transferring funds for it, the buyer does not get access to it.

Experts advise using specialized platforms for buying and selling an account, which charge a commission of about 10% for their services.

If there is no such platform, but there is a forum dedicated to the game, the expert advises to study the user's account and his rating on the forum as much as possible before selling or buying.

Gamers can also be deceived when buying expensive computer components, for example, video cards. Scammers create copies of popular online stores, in which the cost of components will be declared 2-3 times lower than the market price. The buyer most likely will not be able to return the money.

Another method of fraud is associated with the purchase of expensive goods, such as a game console through a private classifieds service. In this case, the buyer is offered to get an e-wallet on one of the legitimate services. His virtual card is allegedly linked to this account, which is used to make the payment.

The client transfers money to the wallet and informs the seller about it, after which he receives an SMS message with the virtual card data. However, the notification does not come from the service number, but from the phone of the scammers. So, the gamer makes the transfer to scammers and remains without money and the desired product.

Another method of fraud is connected with watching streams of other gamers. Scammers copy the broadcasts of famous players and add banners with ads for easy earnings to the video. By clicking on them, people get to the resources of scammers, where they lose money by providing their bank card details.

According to the expert, the solution to the problem in the game world could be the active development and use of escrow services, as it is used when selling domain names on the Internet.

The Russian who hacked JPMorgan was demanded $20 million in compensation

In January, Andrei Tyurin was sentenced to 12 years in prison for the largest theft of personal data of bank clients in US history.  He acted as part of a hacker group and stole data that brought the hackers hundreds of millions of dollars

The Federal Court for the Southern District of New York ordered to pay compensation in the amount of $19.9 million to Russian Andrei Tyurin, who was sentenced in January to 12 years in prison for cybercrimes.  This is evidenced by the documents received on Monday in the electronic database of the court.

As follows from these materials, the parties came to an agreement on the amount that Tyurin should provide to individuals and legal entities affected by his actions.  According to the agreements approved by the court, Tyurin "will pay compensation in the amount of $19,952,861."  The full list of companies and individuals who will receive these funds is not provided in the documents.  It is also not specified whether Tyurin has the ability to pay the specified amount.

In early January, Tyurin was sentenced to 144 months in prison.  According to Judge Laura Taylor Swain, the Russian was involved in "large-scale criminal activities of a financial nature."  According to the investigation, he was involved in cyber attacks on large American companies in order to obtain customer data.

The US prosecutor's office said that Tyurin hacked the data of nearly 140 million customers and stole information from 12 companies.  Among them are JPMоrgan Chase Bank, Dow Jones & Co, Fidelity Investments, E-Trade Financial.  The authorities called the actions of the Russian the largest theft of data from the bank's clients in the history of the country.

Tyurin was extradited to the United States from Georgia in September 2018.  The American authorities charged him with hacking into the computer systems of financial structures, brokerage houses and the media specializing in the publication of economic information.  Representatives of the Secret Service claimed that the Russian was involved in "the largest theft of customer data from US financial structures in history."  They noted that Tyurin could be sentenced to imprisonment for up to 92 years.

 The Russian initially declared his innocence.  According to the materials of the court, in September 2019 Tyurin made a deal with the prosecutor's office.  He pleaded guilty to several counts.  The US Secret Service claimed that Tyurin and his accomplices "embezzled hundreds of millions of dollars."

Russian hackers suspected of stealing thousands of US State Department emails

In 2020, Russian hackers stole thousands of emails from U.S. State Department employees. As Politico reported, this is the second major hack of the department's email server in the last ten years, carried out "with the support of the Kremlin."

According to Politico sources, this time, hackers accessed the emails of the U.S. State Department's Bureau of European and Eurasian Affairs, as well as the Bureau of East Asian and Pacific Affairs. A Politico source said it was unclear whether classified information was among the stolen emails. It also remains unclear whether the hack was part of a larger SolarWinds attack that gave hackers access to dozens of U.S. federal agencies.

The U.S. State Department declined to comment to the publication on the likely attack. "For security reasons, we cannot discuss the nature or extent of any alleged cybersecurity incidents at this time," said a State Department spokesman. Politico also sent a request to the Russian embassy in the United States. At the time of publication, the Russian side had not responded.

Recall, U.S. media reported on the large-scale hacking attack on the U.S. government on December 14, 2020. The hack was later confirmed by U.S. intelligence agencies. According to their information, dozens of agencies were hacked, it was organized by Russian hackers. U.S. President Joe Biden announced his intention to impose sanctions against Russia for cyber attacks. On March 8, 2021, the media reported on White House plans to conduct covert cyberattacks on Russian networks in response to the SolarWinds hack.

Russian presidential press secretary Dmitry Peskov stressed Moscow's noninvolvement in the cyberattacks. Russian Foreign Ministry spokeswoman Maria Zakharova also said that U.S. accusations that Russia was involved in a massive hacking attack on U.S. federal agencies were unproven.

Russian Kryuchkov pleaded guilty to conspiring to hack Tesla's computer network

 Tesla CEO Elon Musk commented in Russian on the news that Russian Egor Kryuchkov had pleaded guilty on Twitter on Friday

According to the federal prosecutor's office in the state of Nevada, the verdict of Russian Egor Kryuchkov, who pleaded guilty to conspiracy to hack Tesla's computer network, will be sentenced on May 10.

"A Russian national pleaded guilty in federal court today to conspiracy to travel to the US to hire a Nevada-based employee to install software on the company's computer network," the document said.

It specifies that the Russian "pleaded guilty to one count of intentionally damaging a protected computer, and is scheduled to be sentenced on May 10."

According to the US Department of Justice, the Russian was trying to bribe a Tesla employee for $1 million to install the necessary software. The attackers intended to use the data to blackmail the company by threatening to make the information public. "This was a serious attack," Musk said at the time.

An employee with whom the Russian allegedly tried to negotiate in the summer of 2020 notified his management about this plan. It informed the US FBI.

The US Justice Department reported in August that Kryuchkov had been detained in Los Angeles, California, on charges of conspiracy to intentionally harm a protected computer. Initially, the Russian did not admit his guilt. His relatives and acquaintances said Kryuchkov had nothing to do with the IT industry and had never programmed.

However, on March 18, the US Department of Justice announced that the man had pleaded guilty to one count of deliberately damaging a protected computer.

It is worth noting that Tesla CEO Elon Musk commented in Russian on the news that Russian Egor Kryuchkov had pleaded guilty. Musk published a corresponding entry on Twitter on Friday.

The head of Tesla, following the rules of the pre-reform spelling of the Russian language, wrote the title of the novel by Fyodor Dostoevsky (1821-1881) "Crime and Punishment".

Musk had previously tweeted in Russian on several occasions. 

Ukrainian police arrested members of a well-known cyber ransomware group

Members of the Egregor group, which provides the service using the Ransomware-as-a-Service (RaaS) model, have been arrested by the Ukrainian police.

The arrest is the result of a joint operation of the French and Ukrainian law enforcement systems. The names of the arrested citizens were not disclosed, but it is known that they provided logistical and financial support for the service.

It is worth noting that this ransomware has been active since the fall of 2020 and works according to the Ransomware-as-a-Service (RaaS) model. That is, the authors of the malware rent it out to other criminals, who are already hacking companies, stealing data, encrypting files, and then demanding a “double ransom” from victims (for decrypting files, as well as for not disclosing the data stolen in the process of hacking).

If the victims pay a ransom, the group that organized the hack keeps most of the funds, and the developers of Egregor receive only a small share. The attackers laundered funds through the Bitcoin cryptocurrency.

Those arrested are suspected, among other things, of providing such financial schemes.

According to Allan Liska, a cybersecurity researcher at Recorded Future, Recorded Future has discovered that the Egregor infrastructure, including the site and the management and control infrastructure, has been offline since at least Friday (February 12).

The French side joined the investigation after the Egregor software was used in attacks on the computer game developer Ubisoft and the logistics organization Gefco in 2020.

Although the Egregor system based on the RaaS model was launched in September 2020, a number of cybersecurity experts believe that the service operators are the well-known cyber ransomware group Maze.

The number of crimes with bank cards in Russia has increased by 5.5 times

Last year, 510.4 thousand crimes committed using information and telecommunications technologies were registered in Russia. According to the data of the Ministry of Internal Affairs, this figure is 73.4% more than it was in the previous year.

In 2020, cybercriminals used bank cards, the Internet, and a telephone to commit crimes. In particular, during the year, the number of acts involving the use of plastic cards increased by a record 453.1%, reaching 190.2 thousand. In 2019, according to the Ministry, there were only 34.4 thousand. 

The Central Bank confirmed an increase in the number and volume of transactions without the consent of bank customers in 2020.

The director of the company Anti-Phishing Sergey Voldokhin confirmed that massive phone fraud, malicious banking applications for smartphones and fake payment system sites have become a real problem in 2020. According to him, with the beginning of the pandemic and the transition to remote work, cyber fraudsters have received new opportunities for attacks. "Judging by the volume of thefts, banks and financial companies were not ready for a large-scale impact on their customers", added he.

According to Sergey Golovanov, a leading expert at Kaspersky Lab, fraud trends are likely to continue in 2021.

"But a significant increase in their number is unlikely, as financial organizations and telecom operators are actively fighting such schemes, and the news agenda has made citizens wary of suspicious calls", noted he.

According to Pavel Utkin, a leading lawyer at Parthenon, the problem of phone fraud with plastic cards will disappear by itself when banks establish control over the personal data of customers.

The banks noted that in order to minimize attacks, they have already implemented comprehensive anti-fraud systems, as well as information campaigns among customers about new types of fraud and methods of countering them.

Earlier, E Hacking News reported that Sberbank is the most targeted organization in Europe by hackers.

The Russian pleaded guilty to cybercrime charges in the United States

 Kirill Firsov admitted his guilt in trying to obtain secret information about the clients of a certain company for fraudulent purposes

A hearing on the sentencing of Russian citizen Kirill Firsov, who pleaded guilty in the United States to data theft, will be held on April 12.

As noted, before the announcement of the punishment, the court will be presented with additional materials about the case. Firsov agreed to attend the meeting via videoconference.

Recently, the Russian has reached an agreement with representatives of the prosecutor's office. Firsov pleaded guilty to trying to fraudulently obtain confidential information about the clients of a certain company. He could be sentenced to up to 10 years in prison and ordered to pay a fine of up to $250,000.

The prosecution agreed not to seek the most severe punishment for the Russian. He waived the right to insist on a trial and to challenge the charges in question.

Recall, the US authorities detained Firsov on suspicion of stealing the personal data of California residents for their further sale with the aim of using them in false identity cards. The Prosecutor's Office of the Southern District of California names Firsov the administrator of the platform DEER.IO.

The US authorities claimed that this platform is based in Russia. This resource was allegedly used to sell information stolen by hackers, including personal data and information about bank accounts.

As follows from the materials, the site operated from 2013 to 2020, the income from illegal sales amounted to $17 million.

Firsov said that most of his victims were Russians, but about $1.2 million was earned by selling information about Americans. This fact allowed the FBI to pursue Firsov and detain him upon arrival in the country.

The Russian was arrested on March 7 at the John F. Kennedy Airport, in New York. Three days earlier, the FBI made a "test purchase" on his website, acquiring information about 1,100 gamers for $20 in bitcoins.

After the global attack by the hackers, the FBI became interested in the company JetBrains

FBI officers began checking the JetBrains company. So far, there are no specific accusations, but the special services are investigating whether the products of the above company could be used in the hacking of the American SolarWinds, which is considered the starting point of the global hacker attack.

JetBrains, founded in Prague in 2000, sells customers software that makes it much easier to create applications. For millions of developers, its tools are indispensable: the company now has more than 10 million users in more than 213 countries.  In an interview with Forbes, the company's CEO, Maxim Shafirov, said that despite the pandemic, revenue has grown by 10% over the past year, and the company suggests that this year it can reach $400 million. According to a JetBrains representative, the company is worth more than $1 billion.

On Wednesday, The New York Times, Reuters and The Wall Street Journal reported that the investigation does not exclude the possibility of connecting JetBrains with one of the largest acts of cyberespionage in recent times. The publications contained hints that hackers could have hacked JetBrains or one of its products, the TeamCity testing, and code-sharing service, in order to then gain access to the systems of SolarWinds, which used this service. 

As a result of the attack, hackers compromised one of the SolarWinds tools and used it to break into the networks of customers, including government departments and major US IT companies. Among the victims of the cyberattack were the US Department of Justice, which announced that 3% of its messages sent through Office 365 were compromised, as well as the US Department of Energy and Treasury, Microsoft, Cisco and other organizations. The US claims that the attacks are linked to Russia. The Kremlin denies any involvement.

It is noted that the reputation of JetBrains can be seriously damaged if it is proved that its employees are involved in compromising the software and its misuse.

Court in the United States has sentenced Russian Andrey Tyurin to 12 years in prison for cybercrime

The Federal Court of the Southern District of New York sentenced Russian Andrey Tyurin to 12 years in prison for committing a number of cybercrimes. In addition, he was ordered to pay the United States 19 million dollars

The Russian Consulate General in New York is in contact with law enforcement agencies in the United States in the case of the Russian Andrei Tyurin, who was sentenced by the court to 12 years in prison for cybercrime, said the press secretary of the diplomatic mission Alexey Topolsky.

According to him, the conditions of detention of the Russian citizen were difficult in the context of the COVID-19 pandemic. Topolsky recalled that Tyurin contracted the coronavirus in an American prison.

"The Russian Consulate General in New York is monitoring the case of Andrei Tyurin and is in contact with US law enforcement agencies," said Topolsky.

In his last speech, Tyurin said that he sincerely repents for what he did.

According to the judge, Tyurin must reimburse the United States 19 million 214 thousand 956 dollars, this is the profit that he derived from his criminal activities.

By US standards, a 12-year sentence is not the harshest for such a crime, says international lawyer Timur Marchani.

"In the United States, for crimes related to cybersecurity, for crimes that entail hacking the banking system, some of the harshest penalties are provided. Here, the court took into account first of all the hacker's remorse and, most importantly, cooperation with the preliminary investigation authorities and then with the court," said Mr. Marchani.

Recall that the Russian was detained in Georgia at the request of the United States in December 2017. In September 2018, he was extradited to the United States. In September 2019, the Turin pleaded guilty to six counts of the indictment.

According to the investigation, Tyurin participated in a "global hacking campaign" against major financial institutions, brokerage firms, news agencies and other companies, including Fidelity Investments, E-Trade Financial and Dow Jones & Co.

Prosecutor Jeffrey Berman said that Tyurin ultimately collected client data from more than 80 million victims, "which is one of the largest thefts of American client data for one financial institution in history."

The head of Group-IB Mr. Sachkov described the portrait of a typical Russian hacker

Not only a programmer but also just a specialist with a good knowledge of mathematics can become a hacker in Russia, said the head of Group-IB Ilya Sachkov. The entrepreneur believes that for such people money is a priority.

"This is a talented young man, whose task is to earn money and that's all. He is not always well-educated in the humanities, not someone who will cause you sympathy. The priority is money, expensive cars, expensive watches, holidays abroad," said Sachkov.

Ten years ago, the career of a hacker was chosen exclusively by students, mostly children from disadvantaged families. However, the situation has changed: this profession is now chosen by those who "live in very rich families, with normal relations between parents".

A typical Russian hacker "tries to play Don Corleone", communicates with former or current law enforcement officers, and also looks for political assistants who will explain to him that real Russian hackers steal money from foreigners because of the "war with America".

He noted that the creators of viruses are often people with special needs, autistic children who have fallen into an aggressive environment. At the same time, the opinion that Russian-speaking hacker groups are leading in the world is already outdated. Today, all of them are mixed by nationality, although in the 90s, it was people from the post-Soviet space who were among the first to engage in such things, who communicated among themselves in Russian.

Group-IB specializes in products that help protect against cyber attacks and fight online fraudsters. In particular, the company investigates cybercrimes and helps to monitor attacking hackers. The group cooperates with Europol and Interpol.

Experts listed the possible goals of cyber criminals who hack websites

According to Positive Technologies, in 2020, cybercriminals have become increasingly interested in hacking sites: in seven out of ten cases, the purpose of an attack is to gain access to a resource, including for its further sale to another attacker.

The company's experts, to find out the most popular targets of hacking sites, examined more than 80 million messages on the ten most active forums in the shadow segment of the Internet, which provide services for hacking sites, buying and selling databases, and accessing web resources.

According to Positive Technologies analyst Yan Yurakov, since March 2020, interest in the topic of hacking sites has been identified. He also explained that this trend could lead to an increase in the number of companies represented on the Internet, which was provoked by the pandemic.

In seven out of ten requests related to hacking sites, the main goal is to gain access to a web resource. Attackers can not only steal confidential information but also sell access to a web application.

In another 21% of cases, the purpose of hacking a site is to extract and obtain databases of users or clients of the attacked resource. According to Positive Technologies, competitors and spammers who collect lists of addresses for targeted thematic mailing lists aimed at a specific audience are primarily interested in acquiring such information.

For about 4% of hackers, the main goal is not to hack the site itself, but to place malware on it. About 3% of customers are looking for a hacker to remove certain data from the site after hacking, and 2% sell ready-made programs and scripts for hacking.

Recently it became known that the list of pre-installed Russian software for smartphones, tablets, computers and Smart TV will include an application that combines sites with free access. Since April 1, the Ministry of Digital Industry has been conducting an experiment to provide residents of Russia with free access to 371 sites.

Police detained hackers who stole more than 20 million rubles

Police officers of the Chuvash Republic, with the assistance of BI.ZONE experts detained the organizers of a criminal group that stole money from customers of Russian banks using the FakeToken malicious software. The group operated for more than 5 years, the damage from its activities exceeds 20 million rubles ($272 200,00).

During a search at the addresses of one of the fraudsters, network devices, communication devices and computer equipment containing clear traces of the development and distribution of Trojan Banker.AndroidOS.FakeToken were found and seized. Also, employees of the Ministry of Internal Affairs found SIM cards of various telecom operators and electronic correspondence in Telegram, which confirms the involvement of the detainee in illegal activities.

According to BI.ZONE experts, the attackers used Trojan Banker.AndroidOS.FakeToken for stealing money from users of mobile devices based on the Android OS. The program infected devices, intercepted SMS messages from the Bank and transmitted them to the server of criminals, as well as collected Bank card data. The fraudsters used this information to transfer money from the victims' mobile and Bank accounts. "Over the past five months, the hacker group has gained access to more than 5,000 phones and data from at least 2,500 Bank cards," said experts.

"In February 2020, we recorded the activation of the FakeToken malware, which infected more than 2,000 victims every day. The group that manages this software is considered one of the most active in the Russian Federation, and we are glad that we were able to help stop the criminals," said Evgeny Voloshin, director of the BI.ZONE expert services unit.

It's important to note that the FakeToken Banking Trojan has been known since 2016. It is able to attack more than 2 thousand financial applications, its victims of steel of about 16 thousand users in 27 countries, including Russia, the Ukraine and Germany.

Russian hackers broke into the systems of the United States Department of the Treasury and Department of Commerce

The Russian Embassy in the United States has already called the accusations against Moscow baseless. They recalled that Vladimir Putin offered to restore bilateral relations in the field of international information security, but Russia did not receive a response from the United States

According to Reuters and the Washington Post, Russian hackers broke into the systems of the US Department of the Treasury and the National Telecommunications and Information Administration, a division of the US Department of Commerce.

According to media reports, a group of hackers Cozy Bear, close to Russian intelligence, was involved in the attack. After breaking into the system, the hackers gained access to Microsoft Office and read the Ministry of Finance's e-mail for several months.

The New York Times has already called this hack the largest in the last five years. The data leak was confirmed only by the Department of Commerce. According to Reuters, a meeting of the national security Council was held at the White House on Saturday. The investigation is just beginning, the amount of data that hackers received is unknown.

"Unfortunately, publications in the press have ceased to be a reliable source of information for us. As for why these hacks continue or why they allow them to be hacked, it seems to me that this is an endless race of the security system. Among other things, this is a huge business," comments Yuri Rogulev, Director of the Franklin Roosevelt Foundation for the study of the United States.

"Again, there is no evidence that Russian hackers are involved", said Roman Romachev, General Director of the R-Techno intelligence technology agency.

According to him, everything is aimed at once again increasing tensions in the first place in cyberspace in relation to Russia. And in order for taxpayers to understand where their billions are going, the US authorities periodically whip up such hysteria against alleged Russian hackers.

The Russian Embassy in the United States has already called the accusations against Moscow baseless. They recalled that Vladimir Putin offered to restore bilateral relations in the field of international information security, but Russia did not receive a response from the United States.

In 2020, cybercriminals started laundering four times more money

According to the Kaspersky Fraud Prevention report, in 2020, attackers most often tried to make unauthorized money transfers by using a compromised account (in 36% of cases) or by infecting the device with malware (31%).

In 2019, malware attacks were the absolute leader, 63% of the total number was recorded. The share of incidents related to money laundering increased fourfold this year and amounted to 12%.

Hackers use complex and multi-stage money laundering schemes: they change accounts, companies, presentation, currency, and jurisdiction many times. In this regard, financial organizations need to build a cybersecurity system in such a way as to minimize the possibility of hacking, as well as to promptly monitor any illegitimate actions.

In e-commerce, the most common form of fraud is the abuse of welcome bonuses in loyalty programs. The scheme is quite simple: attackers massively register accounts in the marketplace, receive welcome bonus points, and buy products with a discount under the bonus program. For example, in one case, a fraudster bought diapers and candy and then sold the purchased goods at a profit on popular trading platforms. In the future, the created accounts were not used, their average life was 1-2 days.

"As before, one of the most common methods of fraud is the use of applications with remote access tools. Also, the attackers have mastered the scheme of spoofing numbers for incoming calls. Bank customers, unfortunately, are often deceived, because they are used to the fact that a real call from a financial institution can be made from different numbers. The Kaspersky Fraud Prevention platform, aimed specifically at banks and other financial institutions, allows tracking the activity of hackers by analyzing a variety of parameters, including user behavior, device parameters, and the presence of malicious or dangerous programs," said Ekaterina Danilova, Business Development Manager at Kaspersky Fraud Prevention.


Russian experts says the number of cyber threats increased during COVID-19

Cyber attack prevention experts recorded a sharp increase in the number of cyber threats and outlined the main trends in computer crimes during the COVID-19.

The report was presented at the international forum of the Academy of Management of the Ministry of Internal Affairs of the Russian Federation "Strategic development of the system of the Ministry of Internal Affairs of Russia: state, trends, prospects".

The main conclusion of the study is the rapid growth of computer crime, primarily financial fraud using social engineering, as well as the exploitation of the COVID-19 theme in malicious mailings, switching operators of encryption viruses to large targets, as well as active recruitment of new participants to criminal communities.

According to the Ministry of Internal Affairs, one of the main trends of digital transformation is the development of remote methods of committing crimes, crimes have gone from offline to online. Almost 70% of registered crimes related to illegal arms trafficking in 2020 were committed using the Internet - remotely and anonymously. The same applies to the illegal sale of drugs, counterfeit money, securities and documents.

Throughout 2020, Group-IB recorded an increase in the number of financial scams using social engineering - vishing, phishing -the victims of which were mainly Bank customers.

At the same time, the fraud implementation schemes themselves have not actually changed. The main motive of cybercriminals is the same: stealing money or information that can be sold. Now it is popular to sell fake digital passes, send messages about fines for violation of quarantine, fake courier sites, fraudulent mailings on behalf of the Zoom video conferencing service.

This year has given birth to even more groups and partner programs, as well as new collaborations. So the operators of the QakBot banking Trojan joined Big Game Hunting, and recently the FIN7 group, which actively attacked banks and hotels, joined the REvil ransomware partner program. The size of the ransom has also increased significantly: cryptolocker operators often ask for several million dollars, and sometimes tens of millions.

The Russian Embassy denies the US charge of six Russians in hacking

The Russian Embassy in Washington denies US accusations against Russian citizens of hacking and destabilizing activities around the world

Russia has not been and is not engaged in carrying out cyberattacks in the world, said the Russian Embassy in Washington. The Department believes that the accusation of Russians in hacking is aimed at warming up Russophobic sentiments.

Earlier, the US Department of Justice and the FBI brought charges against six Russians of involvement in a series of hacker attacks and the spread of malware in order to attack the infrastructure of other countries. In particular, they are charged with spreading the NotPetya virus in 2017. It is alleged that these individuals are GRU employees. 

The Russian Embassy said that Russia "has no intention of engaging in any destabilizing operations around the world", as this does not correspond to foreign policy and national interests.

"It is quite obvious that such information occasions have nothing to do with reality and are aimed only at warming up Russophobic sentiments in American society, at deploying a "witch hunt" and espionage,” said the Embassy. According to the document, the US authorities are destroying Russian-American relations and artificially imposing on the Americans "a toxic perception of Russia and everything connected with it."

According to the US Department of Justice, the damage to the United States from the actions of Russian hackers amounted to more than $1 billion. They attacked companies and hospitals in the United States, Ukraine's energy systems, the French presidential election, and the Winter Olympics in Pyeongchang. US Secretary of State Mike Pompeo said this shows Russia's disregard for public security and international stability in cyberspace.

The Russian was convicted as a LinkedIn hacker


The Federal court for the Northern District of California in San Francisco sentenced Russian Yevgeny Nikulin to seven years and four months in prison for computer fraud. According to the Americans, Nikulin hacked the databases of LinkedIn, Dropbox and Formspring,  as a result of which about 117 million account login codes were stolen.

One of his lawyers, Arkady Bukh, informed the Russian about the verdict. According to him, the four years spent in prison after the arrest of Yevgeny Nikulin in Prague in October 2016 at the request of the FBI will be counted in the sentence.

The Prosecutor's Office recommended that the court appoint Nikulin 12 years in prison after the jury ruled guilty on all nine counts. The Russian did not admit his guilt and refused the last word before sentencing.

The judge, determining the punishment, noted the mind, abilities and sense of humor of Nikulin, but considered that these qualities only aggravate the guilt of the Russian.

Yevgeny Nikulin was extradited to the United States in March 2018. He was accused of hacking the databases of LinkedIn, Dropbox and Formspring, as a result of which about 117 million login codes were stolen, causing damage to computer devices, and transferring stolen personal data to third parties. The prosecution materials are classified as "secret", their volume is six terabytes of information.

Recall that in Prague, Nikulin claimed that an FBI employee during interrogation put pressure on him to get information about Russian interference in the US presidential election in 2016.

The Russian Foreign Ministry previously called the Nikulin case an example of how American intelligence agencies are hunting for Russians around the world.

Russian citizen arrested in the United States on charges of organizing a cyber crime


According to the Ministry of Justice, 27-year-old Yegor Kryuchkov tried to pay $1 million to an employee of a company from Nevada in order to introduce malware into its computer network. When the FBI joined the investigation, the Russian tried to run from the United States

A Federal Court in Los Angeles has arrested a Russian citizen, Yegor Kryuchkov, on charges of conspiring to commit cybercrime. This was reported by the press service of the US Department of Justice.

According to the Department, 27-year-old Kryuchkov in the period from July 15 to August 22 this year tried to bribe an employee of an unnamed American company located in the state of Nevada. The statement claims that the Russian offered him $1 million for participation in the implementation of the fraudulent scheme.

The Ministry of Justice reported that Kryuchkov allegedly planned to load malicious software into the computer system of this company. This would allow him and his associates to gain unhindered access to company data.

Last week, Kryuchkov was contacted by the Federal Bureau of Investigation (FBI), after which he left Reno (Nevada) and went to Los Angeles in order to leave the United States. The Russian, according to the Department, asked his friend to buy him a plane ticket.

Kryuchkov was detained in Los Angeles on August 22. According to the Ministry of Justice, the Russian entered the United States on a tourist visa.

The Russian Embassy in the United States said that diplomats are aware of Kryuchkov's arrest. "We will contact the Russian in the near future to find out the problem. We will provide him with the necessary consular and legal assistance,” said the diplomatic mission.

Group-IB has identified a group of hackers engaged in corporate espionage

The hacker group RedCurl hacked companies around the world and stole corporate documents. The damage from its activities can amount to tens of millions of dollars

Group-IB, a cybersecurity company, has uncovered a previously unknown hacker group that engaged in corporate espionage.

B Group-IB found that in total, the group carried out 26 attacks on companies from such sectors as construction, finance, retail, banks, insurance, tourism. The hackers targeted commercial organizations in Russia, the United Kingdom, Germany, Canada, Norway, and Ukraine.  The victims of the hackers were 14 organizations. At the same time, at least 10 companies were attacked in Russia.

The group allegedly consists of Russian-speaking hackers. Group-IB notes that RedCurl used a unique tool that allowed it to remain unnoticed for a long time for its victims.

The first known hacker attack occurred in May 2018. Hackers used phishing emails to access corporate information. Most often, employees of one Department of the victim company received an email allegedly from the HR Department, for example, about annual bonuses. The fake emails contained the company's signature, logo, and fake domain name.

When opening bonus documents attached to emails, a Trojan was launched on the victim's computer, which was controlled by RedCurl through legitimate cloud storage. Using them, as well as the PowerShell language in the development of Trojans, allowed hackers to remain unnoticed for a long time for traditional cyber defenses.

After that, hackers analyzed the contents of hard drives of users and stole information. First, they were interested in business correspondence, trade secret documents, personal data and passwords of employees.

At the same time, the launched Trojans continued to spread within the victim's network, infecting more and more computers. Group-IB specialists found that the hackers stayed there from two months to six months. According to Rustam Mirkasymov, head of the Group-IB Dynamic Malware Analysis Department, despite the absence of direct financial damage, indirect losses of victim companies from RedCurl actions can amount to tens of millions of dollars.

Experts continue to record new attacks by the hacker group in different countries of the world.