Search This Blog

Showing posts with label Russia. Show all posts

The Russians were offered $10 million from the State Department for information about Russian hackers

Residents of Russia began to receive SMS about a way to get $10 million from the US State Department. In the messages, Russians are offered this money for information about the interference of Russian hackers in the American elections.

Such SMS messages are published by residents of different cities in Russia in social networks. Among them the Deputy of the Duma of Yekaterinburg Timofey Zhukov. In the Telegram channel, he published a screenshot of such a message. "The US State Department is offering up to $10 million for information about interference in the US election. If you have information, please contact us,” said the SMS.

The link in the message leads to a verified Twitter account of the US State Department's Rewards for Justice program. According to the hashtag of the same name, Election_Reward, dozens of messages of the Department's program were published on Twitter in different languages of the world, including Russian.

Experts noted that the message was sent to Russians through the program CentrSoobsh — a service that is usually used to send spam or fake SMS in order to hack accounts by fraudsters.

Earlier, US Secretary of State Mike Pompeo announced the start of this program. He promised that Washington will pay the amount for information about persons interfering in the elections. Pompeo mentioned that the program applies to both Russia and other malicious states.

The representative of the Russian Foreign Ministry, Maria Zakharova, considered that if the US really begins to pay everyone up to 10 million dollars for such information, the state Department's website "will break down from denunciations to neighbors."

Senator of the Federation Council Frants Klintsevich called such actions an illusion and provocation, which carry a danger. He added that the messages are sent not by the US, but by emissaries with money.

According to him, it is necessary to find those who send messages, to bring everything to its logical end. Moreover, if necessary, the Russian Federation need s to change the legislation, as such actions are trying to destabilize the situation in the country.

Number of fake delivery services increased in Russia


Alexander Vurasko, a leading Infosecurity analyst at Softline Company, said that during the pandemic, scammers learned how to qualitatively fake food and electronics delivery sites.  Over the past four months, 56 clones have appeared at Delivery Club, and at least 30 at Yandex.Food. Companies try to quickly block such resources, but they do not always succeed.

The expert noted that the peak of the appearance of such Internet resources was recorded in April.

In addition to food sites, experts found fake Samsung online stores and Citilink online electronics hypermarket.

These sites almost completely copy the original ones: they have a catalog with hundreds of items, users can choose a restaurant, order dishes, enter the delivery address and pay for the order with a Bankcard.

Alexei Drozd, head of the information security department at SerchInform, noted that in April, the use of the delivery theme in the domain name increased: if in February there were 53 domain registrations with the word delivery, then in April — 288. According to him, this means that a high-quality Grabber has appeared on the Darknet,  a program that can reliably copy the look and content of the site.

Fraudsters actively used such software, but it is more difficult to copy marketplaces with a complex structure than a regular website, and if they already succeed, then we should expect new large phishing waves, warns Mr. Drozd. According to him, phishing sites live up to the first complaints from users or copyright holders, so it is important that companies themselves fight phishing.

Moreover, on the fake Delivery Club, after entering the card data, users need to enter the code from the SMS, so it can not be excluded that at this moment "someone links their number to your mobile Bank", noted the Telegram channel In4security, which discovered such a resource.

Kaspersky Lab also noticed sites that mimic well-known food delivery services. Hackers always use popular brands, says Tatiana Sidorina, a senior content analyst at the company.

The scale of data leaks of patients with coronavirus in Russia has become known


More than a third of all cases of leaks of personal data of patients with coronavirus, as well as suspected cases, occurred in Russia.

According to InfoWatch, in just the first half of 2020, there were 72 cases of personal data leakage related to coronavirus infection, of which 25 were in the Russian Federation. Leaks in Russia were caused by employees of hospitals, airports, and other organizations with access to information resources. In general, for this reason, 75% of leaks occurred in the world, another 25% were due to hacker attacks.

The company clarified that in 64% of cases worldwide, personal data associated with coronavirus was compromised in the form of lists. Patient lists were photographed and distributed via messengers or social media groups. Some leaks were due to the accidental sending of data by managers to the wrong email addresses.

According to InfoWatch, 96% of cases on the territory of the Russian Federation are leaks of lists, and 4% are leaks of databases.  In all cases, data leaks occurred due to willful violations. InfoWatch stressed that the disclosure of such data often led to a negative attitude towards coronavirus patients from the society.

The Russian Federal Headquarters for coronavirus declined to comment.  Moreover, the press service of the Moscow Department of Information Technology reported that since the beginning of 2020, there have been no leaks of personal data from the information systems of the Moscow government.

In Russia, there are no adequate penalties for organizations in which personal data leaks occurred, said Igor Bederov, CEO of Internet search. In addition, there is still no understanding of the need to protect personal data in electronic systems. There are not enough qualified specialists in this industry. As a result, network cloud storage used by companies, including for processing personal data, is poorly protected.

Personal data of one million Moscow car owners were put up for sale on the Internet


On July 24, an archive with a database of motorists was put up for sale on one of the forums specializing in selling databases and organizing information leaks. It contains Excel files of about 1 million lines with personal data of drivers in Moscow and the Moscow region, relevant at the end of 2019. The starting price is $1.5 thousand. The seller also attached a screenshot of the table. So, the file contains the following lines: date of registration of the car, state registration plate, brand, model, year of manufacture, last name, first name and patronymic of the owner, his phone number and date of birth, registration region, VIN-code, series and number of the registration certificate and passport numbers of the vehicle.

This is not the first time a car owner database has been leaked.  In the Darknet, you can find similar databases with information for 2017 and 2018 on specialized forums and online exchanges.
DeviceLock founder Ashot Hovhannisyan suggests that this time the base is being sold by an insider in a major insurance company or union.

According to Pavel Myasoedov, partner and Director of the Intellectual Reserve company, one line in a similar archive is sold at a price of 6-300 rubles ($4), depending on the amount of data contained.
The entire leak can cost about 1 bitcoin ($11.1 thousand).Information security experts believe that the base could be of interest to car theft and social engineering scammers.

According to Alexey Kubarev, DLP Solar Dozor development Manager, knowing the VIN number allows hackers to get information about the alarm system installed on the car, and the owner's data helps to determine the parking place: "There may be various types of fraud involving the accident, the payment of fines, with the registration of fake license plates on the vehicle, fake rights to cars, and so on."

Against the background of frequent scandals with large-scale leaks of citizens data, the State Duma of the Russian Federation has already thought about tightening responsibility for the dissemination of such information. "Leaks from the Ministry of Internal Affairs occur regularly. This indicates, on the one hand, a low degree of information security, and on the other — a high level of corruption,” said Alexander Khinshtein, chairman of the State Duma Committee on Information Policy.

The Council of the EU and Its First-Ever Sanctions against Persons or Entities Involved in Various Cyber-Attacks



The Council of the European Union imposed its first-ever sanction against persons or entities engaged with different cyber-attacks focusing on European citizens and its member states. 

The sanctions imposed include a ban for people traveling to any EU nations and a freeze of assets on persons and entities. 

The order has been issued against six individuals and three entities liable for or associated with different cyber-attacks. Out of the six individuals sanctioned they include two Chinese citizens and four Russian nationals. 

The companies associated with carrying out these cyber-attacks incorporate an export firm situated in North Korea, and technology companies from China and Russia.

The entities responsible for or engaged with different cyber-attacks incorporate some publicly referred to ones as 'WannaCry', 'NotPetya', and 'Operation Cloud Hopper,' just as an endeavored cyber-attack against the organization for the prohibition of chemical weapons.




As per the European Council, the detailed of these persons or entities are: 

 1. Two Chinese Individuals—Gao Qiang and Zhang Shilong—and a technology firm, named Tianjin Huaying Haitai Science and Technology Development Co. Ltd, for the Operation Cloud Hopper. 

 2. Four Russian nationals (also wanted by the FBI) — Alexey Valeryevich, Aleksei Sergeyvich, Evgenii Mikhaylovich, and Oleg Mikhaylovich—for attempting to target the Organisation for the Prohibition of Chemical Weapons (OPCW), in the Netherlands. 

 3. A Russian technology firm (exposed by the NSA) — Main Centre for Special Technologies (GTsST) of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation—for the NotPetya ransomware attack in 2017 and the cyber-attacks directed at a Ukrainian power grid in the winter of 2015 and 2016. 

 4. A North Korean export firm — Chosun Expo, for the WannaCry ransomware attack that made havoc by disrupting information systems worldwide in 2017 and linked to the well-known Lazarus group. 

The Council says, “Sanctions are one of the options available in the EU's cyber diplomacy toolbox to prevent, deter and respond to malicious cyber activities directed against the EU or its member states, and today is the first time the EU has used this tool." 

As indicated by the European Union, the two Chinese nationals who carried out Operation Cloud Hopper are members from the APT10 threat actor group, otherwise called 'Red Apollo,' 'Stone Panda,' 'MenuPass' and 'Potassium.' 

On the other hand, the four Russian nationals were agents of the Russian Intelligence agency GRU who once expected to hack into the Wi-Fi network of the OPCW, which, if effective, would have permitted them to compromise the OPCW's on-going investigatory work.

Databases of users of Russian ad services Avito and Yula have appeared on the network


Six files with tables in CSV format are in the public domain, which means that anyone can download them. Each file contains the data of about 100 thousand users (three databases with information from Avito users, and three more from Yula users). Each record contains information about the user's region of residence, phone number, address, product category, and time zone. The first database was uploaded to the hacker Forum on June 26, and the last one appeared there on July 22.

Russian media writes that they confirmed the relevance of at least part of the published data by calling users at the specified phone numbers.

A representative of Yula said that the uploaded files do not contain personal data of users of the service.

"They only contain information that anyone could get directly from the site, or by parsing (copying using scripts) ads.

Yula is extremely attentive to the security of our users and the safety of their data. We do not disclose information about addresses from ads even when parsing (and this is visible in the files) and allow our users to completely hide their phone numbers, accepting calls only through the service's app," said the service.

The press service of Avito also reported that the user data contained in the databases was publicly available and this is not a leak of information.

The head of the Zecurion analytical center, Vladimir Ulyanov, noted that it may even be a manual data collection since user numbers on Avito and Yula websites are usually covered with stars. The published information, in his opinion, can be used by fraudsters in social engineering.

An IT expert at the Russian State Duma Explains Data Risks of Using VPN


"To prevent hackers from getting personal data of users, users don't need to use a VPN connection in their daily life", said Yevgeny Lifshits, a member of the expert council of the State Duma Committee on Information Policy, Information Technology and Communications.

He explained that a VPN is a virtual network that is supposed to protect the user's personal data from hackers. It is assumed that using this network allows users to maintain network privacy. However, according to the expert, VPN services carry more danger than protection.According to Lifshits, such services are not needed in everyday life.

"Sometimes VPN services are necessary for work to transfer commercial data. In everyday life, they have no value."

According to the expert, if a person does not commit crimes that he wants to hide with a VPN, then he does not need to protect himself.  Otherwise, passwords may end up in the hands of hackers.

"A user installing a VPN believes that he has secured himself, but the service provider may allow a data leak,” said Lifshitz. 

According to him, if the VPN service is unreliable, hackers can get passwords and other personal data of the user. The expert noted that now there are thousands of companies offering a secure connection and an ordinary person can make a mistake with the choice of a reliable one.

Earlier it was reported that the personal data of 20 million users of free VPN services were publicly available on the Internet. Experts found on the open server email addresses, smartphone model data, passwords, IP addresses, home addresses, device IDs, and other information with a total volume of 1.2 terabytes. It is noted that the leak occurred from networks such as UFO VPN, Fast VPN, Free VPN, Super VPN, Flash VPN, Secure VPN and Rabbit VPN. Some of them have millions of downloads from Google Play and the App Store and high ratings.

Russian Foreign Ministry urged whole world to abandon cyber attacks on healthcare facilities during a pandemic


Against the background of the coronavirus pandemic, Moscow calls for an end to cyberattacks on healthcare facilities and critical infrastructure. This was announced on Monday, July 20, by the Russian President's Special Representative for International Cooperation in the Field of Information Security, Director of the Department of International Information Security of the Russian Foreign Ministry, Andrei Krutskikh.

He stressed that Russia shares the opinion of many countries that the information and communication infrastructure in the health sector is needed.

"We propose to secure the obligation for states to refrain from attacks not only on medical facilities, but also in general on the critical information infrastructure of institutions that provide vital public services," said Krutskikh.

In particular, the diplomat noted the spheres of education, energy, transport, as well as banking and finance. In addition, he added that work on this will continue at the  United Nations platforms on international information security.

In addition, the Russian Ministry of Foreign Affairs offered Germany to hold consultations on cybersecurity.

"We consider it extremely important to resume a full-scale dialogue in this format with the involvement of the necessary range of experts on international information security. This will help neutralize an unnecessary irritant in our bilateral relations and transfer interaction on the issue of information security into a practical plane," said Krutskikh.

Moreover, the special representative commented on the situation with  Russian Dmitry Badin.
According to Krutskikh, Russia has offered Germany several times to hold consultations on information security, including in 2018, but the German side disrupted the planned talks.

Earlier, E Hacking News reported that the Office of the German Federal Public Prosecutor issued an arrest warrant for a Russian whom they suspect of hacking into the computer systems of the German Parliament in 2015. The publication reports that the suspect's name is Dmitry Badin, he is allegedly an officer of the GRU.  Russia repeatedly denied accusations of involvement in hacker attacks. 

Representatives of the Russian government commented on the statements of Western media about the attack of "Russian Hackers"


The media of the United Kingdom and the United States are working in the interests of the authorities, trying to reduce the intensity of critical sentiment among British and American residents, said Alexander Malkevich, First Deputy Chairman of the Commission on Media of the Public Chamber of the Russian Federation, President of the Foundation for the Protection of National Values.

The Daily Telegraph, New York Times, Financial Times and Metro said that the hacker group ART29, allegedly linked to Russian intelligence services, attacked British research centers working on the creation of a vaccine against COVID-19.

In addition, British Foreign Secretary Dominic Raab said that in December last year, Russian hackers "almost certainly" tried to influence the outcome of the parliamentary elections in Great Britain by circulating "illegally obtained" government documents on the Internet.
London threatened to retaliate at the diplomatic level, without providing any evidence of confirmation about the "Russian hackers".

According to Maria Zakharova, spokesman for the Russian Foreign Ministry, British and American tabloids, and newspapers like the New York Times and the Financial Times, do not need real evidence: anti-Russian publications are published there regularly. Britain did not make any real attempts to understand the situation.

“The British authorities are aware of the Russian National Coordination Center for Computer Incidents, specially created for this purpose. However, we did not receive any calls in connection with these incidents through official channels, ”said an employee of the Russian embassy in London.

Russia's ambassador to the UK, Andrei Kelin, called “meaningless” accusations of attempts to steal data on a coronavirus vaccine by hackers led by Russian intelligence services.  According to him, in the current world, it is impossible to attribute hacker attacks to any country.

Telegraph service was unblocked in Russia


Russia stopped blocking the popular Telegram messenger almost a month ago. However, the related Telegraph service continued to be blocked. Now Russia has also unblocked the Telegraph platform for publishing and creating articles. 

The Telegraph platform was launched by the Telegram team in November 2016. It is designed to quickly create and publish articles, notes, and other similar content, a link to which can then be easily shared. Registration is not required for publication.

The blocking of the Telegra[.]ph service in Russia began at the end of 2018, a little later than the Telegram messenger.

According to the Roskomsvoboda resource, which closely monitors the registry of blocked sites, all pages with the Telegra.ph domain, which were blocked in Russia by the decision of a particular authority, are now excluded from the blocking registry. The last two similar pages were removed from the blacklist only on July 11.

It is interesting to note, according to Press Secretary of the President of Russia Dmitry Peskov, the cancellation of restrictions on access to the Telegram messenger in Russia is perceived positively in the Kremlin, as it is in line with the course of President Vladimir Putin on the development of the high-tech industry.

The Press Secretary of the Head of State also noted as a positive fact the participation of heads of the company that owns the messenger in government events on the development of the IT industry.
Recall that in Russia since April 2018, Telegram was blocked for non-compliance with the requirements for providing encryption keys, but during the coronavirus pandemic, the government began to use the messenger to distribute official information. In this regard, the State Duma even introduced a bill to unblock Telegram.  On June 18, Roskomnadzor decided to remove restrictions on access to the messenger, the creator of which, Pavel Durov, congratulated the Russians on this event.

The Russian Prime Minister spoke about the growth of cybercrime activity in Russia


Russian Prime Minister Mikhail Mishustin said that this spring there was an increase in cybercrime activity. The Prime Minister said this on July 8 in a video message to participants of the international online training on cybersecurity Cyber Polygon-2020

“This spring, we observed an increase in the activity of cybercriminals. More than 90% of successful attacks are carried out using social engineering methods: fraudsters attack us with phishing emails and use the technology of number substitution, trying to take citizens by surprise,” said the prime minister.

According to Mishustin, cyber threats can come from entire states. "Geopolitical differences also extend to the digital environment, thus adding countries to the list of possible sources of threats to digital security," said he.

The Prime Minister drew attention to the fact that security researchers regularly detect complex malware that is specifically designed to disable critical functionality and cause physical damage to industries and infrastructure.

He said that the government, in cooperation with Russian companies in the field of information technology security, is working to inform the population about cyber risks and cyber threats. This makes it possible to solve many problems, but there are still many issues that require attention.
Mishustin pointed out that the national action plan for the recovery of the Russian economy after the crisis is based on the increasing digitalization of the economy and government.

"We will radically increase the number of e-government services provided and create fundamentally new systems to support digital business. In these conditions, one of the most important areas is the protection of cyberspace," added the head of the Cabinet of Ministers.

In addition, the Prime Minister said that the key to a secure digital future for the entire world is cooperation in the field of cybersecurity, and Russia is ready to share its achievements in this field with the world.

He noted that Russia is today one of the leaders in technological progress. According to the Prime Minister, Russian developments in the field of information security successfully compete on the international market.

Ozon launched a bug bounty on HackerOne


The reward for each bug found will depend on the degree of its impact on the service, the potential damage that the vulnerability can cause, the quality of the report and other factors

Ozon, one of the largest online stores in Russia, has launched its own program to search for vulnerabilities on the well-known site HackerOne. Since this is the first Russian e-Commerce company, it is hoped that it will set the right path for other projects.

To launch the bug bounty program, Ozon first plans to invest $41,800 in working with researchers searching for vulnerabilities in systems.

At the same time, not only Russian cybersecurity experts but also experts from abroad can participate in the online store program.

According to the company, the launch of the program will provide round-the-clock security monitoring, but it will not cancel the work of the Ozon IT laboratory team in ensuring the security of Ozon services but will complement it. Currently, more than 1,000 engineers work in the Ozon IT lab, and 3.5 million users visit the Ozon website and app every day.

"Now the company has the necessary resources not only to develop its own security services but also to work with the hacker community," said Ozon.

Today, not many Russian companies resort to an organized search for vulnerabilities. Among these, it is possible to allocate giants like Yandex, Mail.ru and Qiwi. Ozon became the next major project, as the company had resources not only to develop its own security services but also to interact with the community of ethical hackers.

Like programs of other companies, the bug bounty from Ozon involves a cash reward, the amount of which depends on the severity of the bug found. For example, a company can pay about $240 for an XSS hole.

But something more dangerous, such as an RCE vulnerability that leads to remote code execution, can bring the researcher up to 1,600 dollars.

In May, HackerOne representatives said that the platform had paid researchers a total of $100 million over the entire lifetime of the project. And in early July, the list of the most generous HackerOne participating companies became known.

Hackers "showed ethics" and did not attack medical services in Russia during the pandemic


During the pandemic, there were no hacker attacks on medical institutions in Russia, unlike in many countries of the world, Group-IB reported. The company believes that the hackers showed "rare ethics for our observation"

Many computer hackers during the coronavirus pandemic refused to attack the information system s of Russian medical institutions, said Ilya Sachkov, CEO of a cybersecurity company Group-IB.

According to Sachkov, attackers who launch DDoS attacks can have “professional ethics” - unlike those who create fraudulent resources for fraud. Group-IB noticed attacks on medical institutions in many countries of the world, but this did not happen in Russia: there weren’t even any announcements on hacker forums or attacks by ransomware, said Sachkov.

The head of Group-IB added that the company noticed "some rare ethics for our observation" from hackers. “As if taking into account what is happening, everyone understood that in Russia medical facilities are a matter of life or death for many people ... This, of course, is my guess, I did not communicate with hackers, but I noticed. In principle, this [attack on the hospital] would be super-moral,” added Sachkov.

In April, Group-IB reported that the pandemic had divided the hacker community: some tried to profit from people's panic, while others condemned it. Several users on hacker forums at the time urged others to stop using the coronavirus for harmful purposes. In the spring, fraudsters actively used the COVID-19 theme to trick money from the Russians. The Central Bank also noticed the problem.

In May, Group-IB said that fraudsters activated a theft scheme with online purchases and false courier services. Due to the fact that many people were self-isolated and began to actively use the services of couriers, the number of registrations of fake sites similar to the sites of real delivery services has increased several times.

In six months, hackers attacked Russian government systems more than a billion times


Since the beginning of the year, infrastructural digital objects of Russia have undergone cyber-attacks more than a billion times, said the Director of international information security of the Russian Foreign Ministry Andrey Krutskikh in an interview published on June 29 in the journal International Life.

“Since the beginning of this year, more than 1 billion malicious information impacts on the critical information infrastructure of the Russian Federation have been recorded,” said Krutskikh.
According to him, coordinated targeted attacks have become more frequent. Over the past few months, the number of such actions has exceeded 12 thousand, while the objects of state authorities, the credit and financial sector, healthcare, the defense industry, science and education were chosen as the main goal.

"These figures confirm the enormous danger posed by computer attacks, since the attacked objects ensure the daily life of society and the state, and the security of our citizens," stressed the special representative of the President.

According to him, the greatest danger is that incidents in the online space can lead to a full-scale conflict in the offline environment.  Therefore, Krutskikh once again recalled Russia's calls to the world community to cooperate against terrorism in the new digital age. The expert is sure that the use of Information and Communication Technologies (ICT) threatens the sovereignty of States.

"Russia calls for more effective international cooperation in the fight against the threat of terrorism, especially in the digital age. The use of ICT by terrorists is a clear challenge to international peace and security arising from the illegal use of these technologies. This is not just a criminal problem, it is also a political problem. Such actions pose a threat of violating the sovereignty of States and interfering in their internal Affairs," said the diplomat.

Recall that in 2019, Krutskikh stated that the number of cyber attacks is growing, only about 70 million attacks are carried out per year on Russian state structures. The damage from this on a global scale is already measured in trillions of dollars, by 2022 it will reach up to 8 trillion dollars.

The Public Chamber of the Russian Federation reported a DDoS attack on its website


The website of the Public Chamber (OP) of Russia was attacked by hackers. The site of the project on the fight against fakes at all levels feikam[.]net was also subjected to a DDoS attack. Currently, there is no access to sites, an error appears when trying to access them.

Alexander Malkevich, the head of the expert advisory group of the Public Chamber of Russia on public control of remote electronic voting, said that the attack began after the end of receiving votes from online voters.

In his opinion, the attack is connected with the active work of the Public Chamber of the Russian Federation to expose fakes about the all-Russian vote on amendments to the Constitution.

"In the evening of June 30, after the official end of the online voting process, the website of the Public Chamber of the Russian Federation was attacked by hackers who managed to interrupt its normal operation for a while. This is very similar to the retribution of those who were prevented by members of the Chamber from wreaking havoc during the voting, especially considering that there was the hack of the site http://feikam.net/  at the same time," he noted.

According to Mr. Malkevich, 5 thousand fakes were found on the Internet, and their number has grown several times as the voting began to approach. Earlier, he noted that mostly false information about the amendments to the Constitution is distributed through the media-foreign agents and in social networks.

It's important to note that All-Russian voting began on June 25 throughout Russia and lasted until July 1. On it, citizens were asked whether they approve of the amendments to the Constitution. The "Yes" and "No" options were indicated in the Bulletin. The main amendment is the nullification of Vladimir Putin’s presidency so that he can become president again.

Russian Medvedev pleaded guilty to cybercrime in a US court


The US Department of Justice considers Sergei Medvedev one of the founders of the transnational organization Infraud, which sold stolen personal, banking and financial data, as well as information from credit and debit cards

Russian Sergei Medvedev, accused in the United States of cybercrime and causing damage of $568 million, pleaded guilty, said the US Justice Department on June 26.

"Sergey Medvedev, also known as Stells, segmed, serjbear, aged 33, from the Russian Federation, pleaded guilty to US District Court judge James Mahan in Nevada," said the Department in a statement.
According to the Ministry of Justice, Infraud engaged in large-scale acquisition, sale and distribution of stolen identification data, information from compromised debit and credit cards, personal information, banking and financial data, and malicious computer programs.

The prosecution believes that Infraud was created in October 2010 by a native of Ukraine Svyatoslav Bondarenko, also known as Obnon, Rector, Helkern. In the United States, Medvedev is also considered one of the creators of the platform. The organization's slogan is "In Fraud We Trust". By March 2017, the organization had almost 11,000 registered members (according to the US Department of Justice). The loss from Infraud's operations amounted to more than $568 million.

Recall that on February 8, 2018, the Agency reported that 36 people were accused of involvement in the activities of Infraud. At the same time, the Ministry of Justice reported on the arrest of 13 people who were members of the organization. They were citizens of the United States, Australia, Britain, France, Italy, Kosovo and Serbia.

The next day, it became known about the detention of Sergei Medvedev in Thailand. The operation to detain the Russian was conducted by local police at the request of the FBI. The Bangkok Post then reported that Medvedev was engaged in illegal online trading for bitcoins. More than 100 thousand bitcoins were found on the Russian's accounts.

Earlier on Friday, it was reported that a court in the United States found Russian Alexey Burkov guilty of cybercrime and sentenced him to nine years in prison.

Group-IB disclosed data about a Russian-speaking hacker who hacked hundreds of companies


Computer security specialists at Group-IB have identified a suspected hacker with nickname Fxmsp who has been trading on the Darknet for three years with access to corporate networks of international companies.

He is called one of the most dangerous criminals in this area: more than 130 companies around the world, including the leading American antivirus corporations, were affected by the actions of this representative of the Darknet. Allegedly, the attacker is a resident of Kazakhstan, Andrei Turchin.
Group-IB believes that the hacker compromised 135 companies in 44 countries, including the United States, England, France, Italy, the Netherlands, Japan, Australia and others. Allegedly, the attacker earned about $1.5 million through criminal means. Materials on the hacker were transferred to international law enforcement agencies.

For the first time, a criminal with the nickname Fxmsp became active in the second half of 2017. Group-IB noted that the attacker attacked banks, telecommunications operators, energy sector organizations, government organizations, IT service providers and retail. After some time of its activity, he began to sell access not as a product, but as a service.

The main activity of Fxmsp occurred in 2018, after which this area was empty for some time, and since the beginning of 2019, the cybercriminal has followers who are now active in the underground, taking up the techniques of Fxmsp, the Group-IB company said in a document.

At the same time, the "invisible God of the network" (as Fxmsp was named by his accomplice Lampeduza) became widely known after the incident that occurred in May 2019. Information stolen from three American antivirus titans: Symantec, Trend Micro and McAfee was put up for sale on the network. For providing access to their corporate networks and stolen information, the attackers asked for more than $300 thousand.

A hacker is one of the most dangerous cybercriminals. Computer security experts do not rule out that it still continues its activities. In total, Fxmsp has about 40 followers on underground forums.

Secondary Infektion: A Russian Disinformation Operation Agency You Need to Know About


The secret campaign was famous as "Secondary Infektion," and it worked separately from the IRA and GRU, staying hidden for many years. The IRA (Internet Research Agency) is known for its notorious disinformation campaigns, where it floods the social media platforms with false information and propaganda. Whereas the GRU, also known as the Main Intelligence Directorate in Russia, is infamous for planning cyberattacks and even strategic data leaks. But in recent times in Russia, it is suspected that there might be a third intelligence agency responsible for such cyberattacks and was able to penetrate even more in-depth. It is believed that this third party that worked distinctly from the former two managed to stay undercover for a long time in Russia and only recently came to public knowledge. Here's what we know.


Known as Secondary Infektion, cybersecurity experts found about the operation in 2019. As of now, a social media analyst firm named Graphika published a report on the intelligence group's activities, which seemed to have started in 2014. According to the report's analysis, this group is known to cover its tracks, and all Secondary Infektion operations online are protected by robust security, which uses hallmark accounts that disappear soon after publishing a comment or a post on social media.

"Secondary Infektion targeted countries across Europe and North America with fake stories and forged documents. Its focus and areas of interest were often of a diplomatic and foreign policy nature: it appeared primarily aimed at provoking tensions between Russia's perceived enemies, and its stories typically concerned relationships between governments and often specifically focused on government representatives. It is also notable for launching smear campaigns against Kremlin critics and for targeting presidential candidates in 2016 in the U.S., in 2017 in France, in Germany, Sweden, and elsewhere," says Graphika's executive summary.

Hence, Secondary Infektion's operations are quite the opposite of the IRA and GRU's way of working. The IRA and GRU believe in building an online presence and increase their reach that is aimed to leave a long-lasting impression, through their disinformation campaigns.

Experts fear an increase in the number of cyber attacks after the end of self-isolation


As 62% of respondents answered, when companies transferred employees to remote work at the beginning of the pandemic, the most concern was ensuring secure remote access and VPN. 47% of respondents reported that they were concerned about preventing attacks using social engineering methods, and 52% called the protection of endpoints and home Wi-Fi networks of employees one of the main challenges.

"Even before the introduction of self-isolation, many companies allowed employees to work remotely. As soon as the regime entered into force, organizations had no choice but to organize remote access for all their employees as soon as possible. Of course, these measures have led to the emergence of new opportunities for attackers to carry out attacks. Despite the fact that we are now gradually returning to the normal life, the threat of cyber attacks is not decreasing. Companies need to use comprehensive zero-day security solutions to avoid being hit by a large number of next-generation cyber attacks," explained Vasily Diaghilev, head of Check Point Software Technologies representative office in Russia and the CIS.

At the same time, 65% of information security experts noted that their companies are blocking the access of external computers to corporate VPNs. 51% of specialists said that the greatest threat comes from home devices, 33% see the main security threat in mobile devices of employees.

According to Dmitry Medvedev, Deputy Chairman of the Security Council of the Russian Federation, the number of cybercrimes in the past five months in Russia has exceeded 180 thousand, which is 85% more than in the same period of time in 2019.

He stressed the importance of taking into account that new schemes and techniques are being developed for cyber attacks.

The number of vulnerable computers in Russia tripled during the period of self-isolation


DeviceLock analysts claim that the number of computers with the Windows operating system in Russia, that are vulnerable to Remote Desktop Protocol (RDP) access attempts, increased by 230%, to 101 thousand during the time of self-isolation.

The company's founder, Ashot Hovhannisyan, explained that the rapid growth was due to the fact that during the coronavirus pandemic, the number of servers, including those open to the Internet, also grew rapidly.

According to him, most companies allow users to connect via the Remote Desktop Protocol only using VPN technology, while a small percentage of servers are allowed to log in without a password, which is a serious threat to corporate networks.

Alexey Novikov, Director of the Positive Technologies expert center, added that botnets scanning the network for vulnerable computers had new goals when companies started transferring employees to remote work.  According to him, the rapid transition to remote work contributed to the fact that the priority was put on the performance of the infrastructure, rather than information security.

Hackers sell company accounts on the Darknet for 300-500 rubles ($4-7). The information obtained can help cyber criminals in stealing the user's personal data. This way, criminals will be able to get into the Bank account or, for example, to the crypto exchange or e-wallet.

According to Igor Zalevsky, head of the JSOC CERT cyber incident investigation department, the number of attacks has increased with the growth of the number of targets. For example, the number of attempts to select RDP passwords increased from 3-5 times to 9-12. The attacks began to last longer – from two to three hours. According to him, it takes attackers an average of one and a half days to access large companies with a large information security department.