Search This Blog

Showing posts with label Russian Hacker. Show all posts

The FBI arrested a Russian associated with Deer.io


The Federal Bureau of Investigation arrested a Russian citizen who allegedly supported the sale of hacked accounts and personal data of Internet users. The arrest occurred at the John F. Kennedy Airport.

"We received information from American law enforcement agencies that he was detained on March 7. He is in New York now in a Manhattan detention center," said Alexei Topolsky, a spokesman for the Russian Consulate.

According to him, the initial initiative for the arrest comes from the San Diego FBI. The Russian has not yet contacted the Consulate.

According to the FBI, Mr. Firsov managed the platform Deer.io where online stores engaged in illegal activities were located. The arrest warrant indicates that Firsov took part in the work Deer.io since its launch (October 2013).

According to the prosecution, Firsov is the administrator of this platform, which is located in Russia and provides an opportunity for criminal elements to sell their "products and services". The prosecution claims that the platform is selling the hacked American and international financial and corporate information, personal data, stolen accounts of many American companies.

The prosecution said that a cybercriminal who wants to sell contraband or offer criminal services through the platform can do it for $12 a month. The monthly fee is paid in bitcoins or via a number of Russian payment systems, such as WebMoney. According to Firsov, more than 24 thousand stores worked on the site, which brought in more than $17 million.

American law enforcement officers opened a criminal case, according to which Deer.io almost completely used for cybercrime purposes. FBI found stores on the Firsov site that sell access to hacked accounts, servers and personal data of users.

The Bureau said that Kirill Firsov was aware of who uses his platform, and more than once advertised Deer.io on cybercrime forums.

Russian hacker accused the ex-employee of Kaspersky Lab of forced hacking


Hacker, who has been in the pretrial detention center for the fifth year, made a statement to the head of the Investigative Committee of Russia. He insists that his case was fabricated with the participation of a Kaspersky Lab convicted of high treason along with FSB officers.

Russian hacker Dmitry Popelysh, accused of stealing money from the accounts of Sberbank and VTB together with his twin brother Eugene, said that he sent a complaint to the head of the Russian Investigative Committee. According to the hacker, the criminal case against him and his twin brother was fabricated.

The hacker said that ex-employee of Kaspersky Lab Stoyanov blackmailed and threatened him. Later, he demanded that brothers Popelysh provide technical support to some servers.

It is reported that mentions of an unknown employee who forced the hackers to commit hacks is in the surrender of Popelysh for 2015. However, this information was not verified by the investigation.

Previously, Stoyanov was the head of the computer incident investigation Department at Kaspersky Lab. He also participated in the examination of case of Popelysh.

The representative of Kaspersky Lab told that the company is not aware of Dmitry Popelysh’s appeal to the Investigative Committee.

Recall that in 2012 the brothers Popelysh were convicted of embezzlement of 13 million rubles from customers of banks. In 2015, they were again detained and accused of creating and actively using malware. According to the case, the men stole about 12.5 million rubles ($195,000) in two years. In the summer of 2018, they were sentenced to eight years. In 2019, the sentence was canceled in connection with "violations committed during the preliminary investigation." In total, they have been detained for four years and four months.

It is interesting to note that Dmitry Popelysh is already the second Russian hacker who publicly stated that experts investigating his criminal case forced him to commit hacks. Konstantin Kozlovsky, who has been in a pretrial detention center since May 2016 on charges of organizing a hacker group Lurk, claimed that he was recruited by FSB in 2008 and done various cyber attacks for a long time. He also mentioned that his supervisor was FSB major Dmitry Dokuchaev.

JPMorgan hacker to plead guilty next week in New York




One of the key suspects in the enormous JPMorgan Chase hack in 2014, a Russian hacker Andrei Tyurin, is all set to plead next week in New York.

He was one of the several people charged for the case in 2015, and was on the loose until Georgian officials caught hold of him a year ago. Gery Shalon, the supposed instigator of the conspiracy, was arrested in Israel in 2015 and handed over to the US as he has allegedly been in touch with American authorities.

During Tyurin's first New York court appearance; it was proposed that his associations in the criminal world may enable specialists to examine the Russian endeavours to disrupt the 2016 US presidential election through cyber-attacks and hacking.

Tyurin was first produced in a US court in September the previous year after he was handed over from the Republic of Georgia and he had pleaded not guilty to charges including hacking, wire fraud, identity theft and conspiracy.

From that point forward, various hearings for his situation have been cancelled as prosecutors and defence attorneys worked through for an agreement and just last week, the Manhattan US attorney's office endeavoured to solidify his New York case with one in Atlanta, in which he is one of the few accused for hacking E*Trade.

Georgia has suspended the extradition of a Russian hacker suspected of killing an investigator


The Georgian authorities decided to suspend the extradition of Russian hacker Yaroslav Sumbaev, who is accused of organizing a criminal community and massive ongoing fraud and ordering the murder of a Moscow investigator Evgenia Shishkina.

According to Russian media, the extradition process was suspended due to changes in relations between Georgia and Russia. Lawyers of Sumbaev appealed the extradition decision in the Supreme Court of the country and asked Georgian journalists for support. According to them, Sumbaev allegedly had information about Russia's cyber-interference in the Internal Affairs of other States. Therefore he faces charges of murder, which he did not commit, and long imprisonment in the case of extradition. As a result, the authorities decided to suspend extradition.

Recall that in November 2018, Sumbaev was detained in Tbilisi on charges of illegal carrying weapons and using fake documents. Later it turned out that Sumbaev is wanted by Interpol at the request of the Russian Prosecutor's Office in the commission of several crimes, including possible participation in the murder of the investigator Shishkina.

According to the lawyer of Sumbaev, the investigation wanted to check his client for possible involvement in the murder of the investigator Shishkina. However, the investigation had no evidence against him.

Later it turned out, the 19-year-old medical student acted as the perpetrator of the crime, the 17-year-old schoolboy became the intermediary. The schoolboy told during his interrogation that the customer of murder was the drug dealer from the Darknet. He offered him to kill a "bad woman" in Moscow for a million rubles (15 900 $).

In addition, on July 16, it became known that the staff of the Ukrainian Security Service detained hackers controlling 40% of the Darknet. Since 2007, members of the group have provided hackers and criminals from around the world access through Ukrainian networks in the Darknet.

The head of the group was a resident of Ukraine; about 10 accomplices were under his command, as well as dozens of intermediaries in different countries and thousands of customers.

A hacker data center, equipped with a backup power supply, was discovered near Odessa (the city in Ukraine). Law enforcement officers seized nearly one and a half hundred servers, which hosted fifteen hundred hacker resources.

Cybercriminal Gang behind $100million theft busted









An international cybercrime network that used Russian malware to steal $100 million from tens of thousands of victims have been busted by the joint operation of Unites States and European police.  

The gang used an extremely powerful GozNym banking malware to infect the computers which allowed them to steal the user’s bank login details, it involves "more than 41,000 victims, primarily businesses and their financial institutions," Europol said. 

The malware GozNym is a combination of two other malware — Gozi and Nymaim. According to the IBM X-Force Research team the malware took the most powerful elements of each one. “From the Nymaim malware, it leverages the dropper’s stealth and persistence; the Gozi parts add the banking Trojan’s capabilities to facilitate fraud via infected internet browsers,” the team said, adding: “The end result is a new banking Trojan in the wild.”

The prosecutions have been launched against the gang in Georgia, Moldova, Ukraine and the United States. While five Russians charged in the US remain on the run, the EU police agency Europol said.

Alexander Konovolov, 35, of Tbilisi, Georgia, is a prime accused and the leader of the network, and  is currently being prosecuted in Georgia.


Police in Germany and Bulgaria were also involved.

Russian hackers claim to have breached 3 US antivirus makers

A group of elite Russian hackers claims to have infiltrated their networks and stolen the source code for their software.

Researchers with Advanced Intelligence (AdvIntel) have been tracking the activity of the group on underground forums for some time. The hackers, who operate under the handle Fxmsp, have an established reputation for infiltrating well-protected networks. Their targets typically include highly-sensitive corporate and government information.

Two months ago AdvIntel saw Fxmsp reappear on hacking forums after a half-year hiatus. It's probably no coincidence that the group reported that its campaign against security software firms had kicked off six months earlier.

Fxmsp laid low until it had achieved its goal. When its stealth operation concluded, the hackers allegedly made off with more than 30 terabytes of data from their latest victims. They posted screenshots showing folders, files, and source code.

The asking price for this trove of data: a cool $300,000. They also claimed to still have access to the networks and would throw that in at no extra charge to the lucky buyer.

If what they're offering is the real deal, then this is pretty much a worst-case scenario for the three firms that were compromised. Access to the source code allows hackers the opportunity to locate showstopping vulnerabilities and exploit them, rendering the software useless... or worse. They could even turn what was once legitimate protection from malware into an incredibly effective spying tool.

Russian Hackers attacked European Embassies






According to a report in Check Point Research, Russian hackers attacked several European embassies by sending them malicious email attachments disguised as official documents.

The European embassies in Italy, Guyana, Nepal, Liberia, Bermuda, Lebanon and Kenya were targeted by the hackers . The malicious email attachment looked like document from United States State department and contained Microsoft Excel sheets that contained macros, once those macros were opened, the hackers took complete control of the infected system through TeamViewer, which is a popular remote access service.

According to the Press release “It is hard to tell if there are geopolitical motives behind this campaign by looking solely at the list of countries it was targeting,” it further added “since it was not after a specific region and the victims came from different places in the world”

According to the Checkpoint government officials from revenue were the intended target “They all appear to be handpicked government officials from several revenue authorities,” the press release says.

CheckPoint suggested that the attackers are from Russia but denied the possibility of state — sponsored attack. One of the hacker was traced back and it was found that it has a registration on carding forum as a username “Evapiks," the hacker has instructed how to carry out cyberattacks on forums . Because of the attackers involvement in the carding community, checkPoint suggested the attack  could have been “Money motivated”

Russian Hacking Trouble for the Cyber World



According to data analysis by computer security company CrowdStrike, Russian hacking attack team spares only 19 minutes to the victim to respond to the attack. The next fastest group were North-Koreans who took two hours to jump to the next server to spread the attack,the third on the list comes Chinese attackers who on average gives four hours to the victim to foil their target attack.

Statistically the calculated time is coined as  “dubbed time“ and is the time attacker takes to jump from one network to another to spread the attack. Introducing the concept, CrowdStrike wrote in its report “shows how much time defenders have on average to detect an initial intrusion, investigate it and eject the attacker before sensitive data can be stolen or destroyed.”

According to the author, Pete Singer, the new analysis is eye-opening, "These stats are driven by a whole variety of factors, among them the skills and capability, the relative risk each is making in their likelihood of getting caught and the consequences. No matter how you look at it, an average of 18 minutes is quite amazing given the scale."

The Russians hackers have attacked many defense and military establishments throughout Europe and NATO since last year. Russian hackers were alleged to attack PyeongChang Winter Olympic Games in 2018.

Chris Krebs, DHS Cybersecurity and Infrastructure Security Agency Director, told defenseone.com recently, “We are doubling down on election security in advance of the 2020 election. Despite what some of the reporting might be, election security and countering foreign influence efforts aren’t going anywhere.”

According to a research from Arizona state University, researchers revealed that the exploiting a known vulnerability depended greatly on the country of the attacker.For Instance, the researchers looked at the Dark Web chat rooms , If attackers were discussing  vulnerabilities in National Database and If the hackers discussing the bug were Chinese, the chances to exploit the vulnerability in question was nine percent, But if the conversation was between Russians, then the probability of exploiting vulnerability is forty percent.

Russia hacks Winter Olympics, shifts blame on North Korea

According to a report in Washington Post on Sunday, U.S. Intelligence has found that Russian military spies hacked several hundred computers used by authorities during the 2018 Winter Olympic Games in South Korea.

Over 300 Olympic-related computers were hacked early in February, continuing a string of cyber attacks in the Winter Olympics.

U.S. officials say that this was a “false-flag” operation, where they carried out the attack while making it appear as though North Korea was behind it by using North Korean IP addresses. Olympics confirmed at the beginning of the games that an attack had taken place but did not reveal who the attackers were.

The attack took down internet and WiFi access during the opening ceremonies on February 9th, as well the event’s website, and also case the failure of several other Olympic-liked websites and broadcast systems.

Due to the attack, many attendees were unable to print their tickets, leading to empty seats.

Some analysts believe that the attack was in retribution to Russia’s ban in the Winter Olympics after an investigation into doping violations by Russia.

However, Russia’s foreign ministry has denied Russia’s involvement in the attacks. "We know that Western media are planning pseudo-investigations on the theme of ‘Russian fingerprints’ in hacking attacks on information resources related to the hosting of the Winter Olympic Games in the Republic of Korea," it said.

US charges Russians for interfering in 2016 Elections, Identity theft in the centre

On Friday, Special Counsel Robert Mueller charged against 13 Russian nationals and three Russian groups for interfering with the 2016 U.S. elections.

The charges included creation of false U.S. identities as well as identity theft of six U.S. residents. The charges of identity theft were brought against four Russian nationals.

According to the indictment, the Russian nationals used stolen Social Security numbers, home addresses, and birth dates of the six persons to open bank and PayPal accounts and obtain fake government documents between June 2016 and May 2017.

“This indictment serves as a reminder that people are not always who they appear to be on the Internet,” Deputy Attorney General Rod J. Rosenstein said at a press briefing announcing the indictments.

The Russians allegedly used the stolen identities to open four accounts at an undisclosed U.S. bank and purchased more than a dozen bank account numbers from online sellers.

The stolen information was also allegedly used to evade PayPal security measures.

“We work closely with law enforcement, and did so in this matter, to identify, investigate and stop improper or potentially illegal activity,” PayPal said in a statement.

The Russians are claimed to have used the accounts to pay for the promotion of politically inflammatory social media posts, IRA expenses, political rallies and political props including banners, buttons and flags, in efforts to boost President Trump’s campaign, and are alleged to have been paid $25 to $50 per post from U.S. persons to promote content on IRA-controlled Facebook and Twitter accounts.

Zero Day Telegram Vulnerability Exploited by Hackers for Cryptomining

Kaspersky Lab has revealed that in October 2017, they had discovered a flaw in Telegram Messenger’s Windows desktop client that was being exploited “in the wild”. According to Kaspersky, the flaw has allegedly been by Russian cybercriminals in a cryptomining campaign.

The Telegram vulnerability involves the use of an RLO (right-to-left override) attack when the user sends a file through the messenger.

RLO Unicode method is primarily used for coding languages that are written right-to-left, such as Hebrew or Arabic, but hackers can use it to trick users into downloading malicious files. When an app is vulnerable to attack, it will display a filename incompletely or in reverse.

Kaspersky has said that it seems that only Russian cybercriminals were aware of this flaw and were exploiting it — not to spread ransomware but cryptomining malware.

The attacks enabled cybercriminals to not just spread the cryptomining malware but also to install a backdoor to remotely control victims’ computers.

“We don’t have exact information about how long and which versions of the Telegram products were affected by the vulnerability. What we do know is that its exploitation in Windows clients began in March 2017,” read the report Kaspersky published on the flaw.

In the report, Alexey Firsh, cyberthreat researcher at Kaspersky, has outlined several scenarios that show cases of how the vulnerability was actually exploited.

He also wrote that Telegram was informed of this flaw and it no longer occurs in their products.

Russia-linked hackers Fancy Bears leak data from International Luge Federation

A Russia-linked hacker group called “Fancy Bears” released a statement on Wednesday claiming to have leaked emails and documents that demonstrate violations of anti-doping rules, just two weeks before Winter Olympics 2018.

“The obtained documents of the International Luge Federation (FIL) show the violations of the principles of fair play: widespread TUE approvals, missed anti-doping tests and the double standards approach towards guilty athletes,” read the report.

This is the same group that was implicated in the 2016 Democratic National Committee (DNC) hack, and is also known by the names “Pawn Storm” or “APT 28”.

This is believed to be in response to Russia’s ban from the 2018 Winter Olympics following the controversy in the 2016 games where the same group is believed to have been responsible for the hack that leaked sensitive athlete data stolen from the World Anti-Doping Agency (WADA), which too was in response to the organization’s recommendation to ban Russian athletes from the 2016 games in Rio over allegations of state-sponsored doping.

The hacking group’s “About Us” on their website reads, “We are going to tell you how Olympic medals are won. We hacked World Anti-Doping Agency databases and we were shocked with what we saw.”

Russian President website hacker sentenced to 18 months probation


A Russian hacker from Tomsk city has been sentenced to 18 months probation for hacking the Russian President website last year. 

The unnamed hacker carried out a cyber attack on the official website of the Russian President in May 2012.  The attack led to difficulty in accessing the website resources and information blocking.

"A criminal case was opened against the hacker, who was charged with the creation, use and dissemination of harmful computer programs"

According to the Voice of Russia report, the hacker admitted his guilt.  The court ordered him not to move from the city for next 18 months.