CyberCrime - W/E - 072817
Arkansas Man Pleads Guilty for Developing and Distributing NanoCore RAT (07/26/2017)
Taylor Huddleston has pled guilty for aiding and abetting computer intrusions. Huddleston, according to the Department of Justice (DOJ), developed, marketed, and distributed the NanoCore RAT, a malware that was used to steal sensitive data from victim computers, and NetSeal, a licensing software that was used to distribute malware for a fee. The Arkansas native will be sentenced on December 8 and faces 10 years in prison.
Taylor Huddleston has pled guilty for aiding and abetting computer intrusions. Huddleston, according to the Department of Justice (DOJ), developed, marketed, and distributed the NanoCore RAT, a malware that was used to steal sensitive data from victim computers, and NetSeal, a licensing software that was used to distribute malware for a fee. The Arkansas native will be sentenced on December 8 and faces 10 years in prison.
ChessMaster Campaign Used to Spy on Japanese Groups (07/27/2017)
ChessMaster is a cyber espionage campaign targeting Japanese interests in education, technology enterprises, media outfits, managed service providers, and government agencies and utilizes various exploits hidden within malware-laden spear phishing emails. Analysis from Trend Micro points to a threat entity known as APT 10, and the name ChessMaster comes from pieces of chess/checkers/draughts that were discovered in the resource section of the main backdoor the group uses against its targets.
ChessMaster is a cyber espionage campaign targeting Japanese interests in education, technology enterprises, media outfits, managed service providers, and government agencies and utilizes various exploits hidden within malware-laden spear phishing emails. Analysis from Trend Micro points to a threat entity known as APT 10, and the name ChessMaster comes from pieces of chess/checkers/draughts that were discovered in the resource section of the main backdoor the group uses against its targets.
Citadel Trojan Mastermind Receives Five-Year Prison Term (07/26/2017)
Mark Vartanyan has been sentenced to five years in prison for his role in developing, improving, and maintaining the Citadel malware toolkit between 2012 and 2014. The Department of Justice (DOJ) reported that Vartanyan had been extradited from Norway in 2016 and pled guilty to computer fraud in March.
Mark Vartanyan has been sentenced to five years in prison for his role in developing, improving, and maintaining the Citadel malware toolkit between 2012 and 2014. The Department of Justice (DOJ) reported that Vartanyan had been extradited from Norway in 2016 and pled guilty to computer fraud in March.
Cryptocurrency Hack Results in Theft of $8.4 Million (07/26/2017)
Veritaseum, a peer-to-peer software company, was hacked during its Initial Coin Offering and the thieves made off with 37,000 VERI tokens ($8.4 million USD). In the Bitcoin Talk forums, founder and CEO Reggie Middleton said the attack was sophisticated and that "The tokens were stolen from me, not the token buyers...A company that we use was compromised, the vulnerability was closed, and we are investigating whether we should move against that company or not."
Veritaseum, a peer-to-peer software company, was hacked during its Initial Coin Offering and the thieves made off with 37,000 VERI tokens ($8.4 million USD). In the Bitcoin Talk forums, founder and CEO Reggie Middleton said the attack was sophisticated and that "The tokens were stolen from me, not the token buyers...A company that we use was compromised, the vulnerability was closed, and we are investigating whether we should move against that company or not."
Hansa Dark Market Now in the Hands of Law Enforcement (07/24/2017)
Europol announced that its support, along with that of the FBI, the US Drug Enforcement Agency (DEA), and Dutch National Police, resulted in the shutdown of Hansa, a Dark Web marketplace that traded in illicit drugs and other commodities. This seizure coincided with the Justice Department's (DOJ) announcement of the takedown of the AlphaBay Dark Web marketplace.
Europol announced that its support, along with that of the FBI, the US Drug Enforcement Agency (DEA), and Dutch National Police, resulted in the shutdown of Hansa, a Dark Web marketplace that traded in illicit drugs and other commodities. This seizure coincided with the Justice Department's (DOJ) announcement of the takedown of the AlphaBay Dark Web marketplace.
Info on Apple Exploits Are in Latest Dump from WikiLeaks (07/27/2017)
WikiLeaks released documentation on the Central Intelligence Agency's (CIA) Imperial project which consists of three exploits. Achilles is a capability that provides an operator the ability to Trojanize an OS X disk image (.dmg) installer with one or more desired operator specified executables for a one-time execution. Aeris is an automated implant written in C that supports a number of POSIX-based systems (Debian, RHEL, Solaris, FreeBSD, CentOS) and exfiltrates files. SeaPea is an OSX rootkit that provides stealth and tool launching capabilities.
WikiLeaks released documentation on the Central Intelligence Agency's (CIA) Imperial project which consists of three exploits. Achilles is a capability that provides an operator the ability to Trojanize an OS X disk image (.dmg) installer with one or more desired operator specified executables for a one-time execution. Aeris is an automated implant written in C that supports a number of POSIX-based systems (Debian, RHEL, Solaris, FreeBSD, CentOS) and exfiltrates files. SeaPea is an OSX rootkit that provides stealth and tool launching capabilities.
Online Dark Web Marketer "AlphaBay" Has Been Shut Down (07/24/2017)
The Justice Department (DOJ) announced the seizure of the largest criminal marketplace on the Internet, AlphaBay, which operated for over two years on the Dark Web and was used to sell illegal drugs, stolen and fraudulent identification documents and access devices, counterfeit goods, malware and other computer hacking tools, firearms, and toxic chemicals throughout the world. The international operation to seize AlphaBay's infrastructure was led by the US and involved cooperation and efforts by law enforcement authorities in Thailand, the Netherlands, Lithuania, Canada, the United Kingdom, and France, as well as Europol. Alexandre Cazes, the mastermind behind AlphaBay, was arrested in Thailand on behalf of US law enforcement on July 5, but he committed suicide several days later while in custody. His assets, along with is wife's, have been seized and frozen, including millions of dollars in cryptocurrency. AlphaBay operated as a hidden service on the Tor network. The seizure of AlphaBay coincides with Dutch law enforcement, the FBI, and Europol's investigation and seizure of Hansa Market, another major Dark Web marketplace.
The Justice Department (DOJ) announced the seizure of the largest criminal marketplace on the Internet, AlphaBay, which operated for over two years on the Dark Web and was used to sell illegal drugs, stolen and fraudulent identification documents and access devices, counterfeit goods, malware and other computer hacking tools, firearms, and toxic chemicals throughout the world. The international operation to seize AlphaBay's infrastructure was led by the US and involved cooperation and efforts by law enforcement authorities in Thailand, the Netherlands, Lithuania, Canada, the United Kingdom, and France, as well as Europol. Alexandre Cazes, the mastermind behind AlphaBay, was arrested in Thailand on behalf of US law enforcement on July 5, but he committed suicide several days later while in custody. His assets, along with is wife's, have been seized and frozen, including millions of dollars in cryptocurrency. AlphaBay operated as a hidden service on the Tor network. The seizure of AlphaBay coincides with Dutch law enforcement, the FBI, and Europol's investigation and seizure of Hansa Market, another major Dark Web marketplace.
Russian Hackers Attacked by Lawsuit that Hands C2 Servers Over to Microsoft (07/24/2017)
The Daily Beast has reported that Microsoft is going after the Russian threat entity known as Fancy Bear by slamming the hacker collective with a lawsuit and accusing it of cyber intrusion and infringing upon Microsoft's trademarks. The result is to gain control of Fancy Bear's command and control servers because they use addresses with Microsoft's name in them like "livemicrosoft.net." Although Microsoft doesn't physically take over the servers, the company can gain control of them and redirect the malicious domains to the company's, enabling it to cut off the hackers from their victims. Microsoft outside counsel Sten Jenson said in a court filing in 2016, "any time an infected computer attempts to contact a command-and-control server through one of the domains, it will instead be connected to a Microsoft-controlled, secure server."
The Daily Beast has reported that Microsoft is going after the Russian threat entity known as Fancy Bear by slamming the hacker collective with a lawsuit and accusing it of cyber intrusion and infringing upon Microsoft's trademarks. The result is to gain control of Fancy Bear's command and control servers because they use addresses with Microsoft's name in them like "livemicrosoft.net." Although Microsoft doesn't physically take over the servers, the company can gain control of them and redirect the malicious domains to the company's, enabling it to cut off the hackers from their victims. Microsoft outside counsel Sten Jenson said in a court filing in 2016, "any time an infected computer attempts to contact a command-and-control server through one of the domains, it will instead be connected to a Microsoft-controlled, secure server."
Russian National Who Pilfered Mt. Gox Bitcoin Exchange Nabbed in Greece (07/27/2017)
A Russian national who was arrested in Greece has been indicted for his role in laundering funds from the hack on the Mt. Gox bitcoin exchange. The Department of Justice's (DOJ) indictment alleges that Alexander Vinnik obtained funds from the hack of Mt. Gox and laundered those funds through various online exchanges, including his own company known as BTC-e. An investigation has revealed that BTC-e received more than $4 billion USD worth of bitcoins over the course of its operation.
A Russian national who was arrested in Greece has been indicted for his role in laundering funds from the hack on the Mt. Gox bitcoin exchange. The Department of Justice's (DOJ) indictment alleges that Alexander Vinnik obtained funds from the hack of Mt. Gox and laundered those funds through various online exchanges, including his own company known as BTC-e. An investigation has revealed that BTC-e received more than $4 billion USD worth of bitcoins over the course of its operation.
Spring Dragon Threat Group Uses Backdoors to Infiltrate Political Organizations (07/24/2017)
Spring Dragon, a threat entity that has utilized spear phishing and watering hole attacks on government organizations, political parties, universities, and the telecommunications sector in countries and territories around the South China Sea since at least 2012, is using new techniques to infect and exploit. The threat actor owns a large command and control (C2) infrastructure which comprises more than 200 unique IP addresses and C2 domains. Spring Dragon's toolset consists of multiple backdoor modules. Kaspersky Lab has published a blog post on Spring Dragon and its nefarious tools.
Spring Dragon, a threat entity that has utilized spear phishing and watering hole attacks on government organizations, political parties, universities, and the telecommunications sector in countries and territories around the South China Sea since at least 2012, is using new techniques to infect and exploit. The threat actor owns a large command and control (C2) infrastructure which comprises more than 200 unique IP addresses and C2 domains. Spring Dragon's toolset consists of multiple backdoor modules. Kaspersky Lab has published a blog post on Spring Dragon and its nefarious tools.
WikiLeaks Releases Documents on Malware from CIA Contractor (07/27/2017)
WikiLeaks has publicly dumped information from Raytheon Blackbird Technologies for the "UMBRAGE Component Library" project. The trove consists of proof-of-concept data and assessments for malware attack vectors. The documents were submitted to the CIA between November 21, 2014 (two weeks after Raytheon acquired Blackbird Technologies) and September 11, 2015. Raytheon Blackbird Technologies is a contractor for the Central Intelligence Agency (CIA).
WikiLeaks has publicly dumped information from Raytheon Blackbird Technologies for the "UMBRAGE Component Library" project. The trove consists of proof-of-concept data and assessments for malware attack vectors. The documents were submitted to the CIA between November 21, 2014 (two weeks after Raytheon acquired Blackbird Technologies) and September 11, 2015. Raytheon Blackbird Technologies is a contractor for the Central Intelligence Agency (CIA).