CyberCrime - W/E - 072018
Andariel Group Uses Tactics to Spy on South Korean Parties (07/17/2018)
Trend Micro has observed new scouting techniques used by the Andariel Group, a known branch of the Lazarus threat entity, to target South Korean victims. According to South Korean security researchers IssueMakersLab, the group used an ActiveX zero-day exploit for watering hole attacks on South Korean Web sites in May. In June, Trend Micro noticed that Andariel injected its script into four other compromised South Korean Web sites for reconnaissance purposes. While the code of the new script was similar to the malware used in May, it was trying to obtain different ActiveX object information and targeted objects that it hadn't previously attacked.
Trend Micro has observed new scouting techniques used by the Andariel Group, a known branch of the Lazarus threat entity, to target South Korean victims. According to South Korean security researchers IssueMakersLab, the group used an ActiveX zero-day exploit for watering hole attacks on South Korean Web sites in May. In June, Trend Micro noticed that Andariel injected its script into four other compromised South Korean Web sites for reconnaissance purposes. While the code of the new script was similar to the malware used in May, it was trying to obtain different ActiveX object information and targeted objects that it hadn't previously attacked.
Business Email Compromise Scams Eclipse $12 Billion in Global Losses (07/16/2018)
The Internet Crime Complaint Center (IC3) published an alert on business email compromise (BEC) scams. Between December 2016 and May 2018, there was a 136% increase in identified global exposed losses. The scam has been reported in all 50 states and in 150 countries. Over $12 billion USD has been lost globally as a result of BECs. The scam is frequently carried out when a subject compromises legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds. Consumers and businesses have both been victimized.
The Internet Crime Complaint Center (IC3) published an alert on business email compromise (BEC) scams. Between December 2016 and May 2018, there was a 136% increase in identified global exposed losses. The scam has been reported in all 50 states and in 150 countries. Over $12 billion USD has been lost globally as a result of BECs. The scam is frequently carried out when a subject compromises legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds. Consumers and businesses have both been victimized.
Cybercriminals Continue to Use Tech Support Scams to Swindle Money (07/17/2018)
The Federal Trade Commission (FTC) posted an alert regarding tech support scams and is warning consumers and businesses to be on the lookout for such criminal activity. Pop-up messages, fake Web sites, and phone calls are all part of the trick to get people to pay for worthless software, enroll in fake programs, or pay for nonexistent tech support, the FTC warned.
The Federal Trade Commission (FTC) posted an alert regarding tech support scams and is warning consumers and businesses to be on the lookout for such criminal activity. Pop-up messages, fake Web sites, and phone calls are all part of the trick to get people to pay for worthless software, enroll in fake programs, or pay for nonexistent tech support, the FTC warned.
LuminosityLink Malware Creator Pleads Guilty, Faces 25 Years in Jail (07/17/2018)
Colton Ray Grubbs has pled guilty to creating and distributing LuminosityLink, a hacking tool that was used by customers to gain unauthorized access to and control over computers in over 78 countries. KrebsOnSecurity reported that Grubbs, a 21-year-old from Kentucky, developed the malware and later sold it online, mostly from the HackForums portal. He sold LuminosityLink for about $40 USD. Grubbs faces up to 25 years in prison and up to $750,000 in fines.
Colton Ray Grubbs has pled guilty to creating and distributing LuminosityLink, a hacking tool that was used by customers to gain unauthorized access to and control over computers in over 78 countries. KrebsOnSecurity reported that Grubbs, a 21-year-old from Kentucky, developed the malware and later sold it online, mostly from the HackForums portal. He sold LuminosityLink for about $40 USD. Grubbs faces up to 25 years in prison and up to $750,000 in fines.
Twelve Russian Intelligence Officials Indicted for Hacking 2016 US Presidential Election (07/16/2018)
The Justice Department (DOJ) announced that a grand jury has indicted 12 Russian nationals for committing federal crimes that were intended to interfere with the 2016 US presidential election. All the defendants are members of the GRU, a Russian Federation intelligence agency within the Main Intelligence Directorate of the Russian military. The officers engaged in a sustained effort to hack into the computer networks of the Democratic Congressional Campaign Committee, the Democratic National Committee, and the presidential campaign of Hillary Clinton, and released that information under the names "DCLeaks" and "Guccifer 2.0" and through another entity. To avoid detection, the defendants used false identities while utilizing a network of computers located around the world, including the United States, paid for with cryptocurrency through mining bitcoin and other means intended to obscure the origin of the funds.
The Justice Department (DOJ) announced that a grand jury has indicted 12 Russian nationals for committing federal crimes that were intended to interfere with the 2016 US presidential election. All the defendants are members of the GRU, a Russian Federation intelligence agency within the Main Intelligence Directorate of the Russian military. The officers engaged in a sustained effort to hack into the computer networks of the Democratic Congressional Campaign Committee, the Democratic National Committee, and the presidential campaign of Hillary Clinton, and released that information under the names "DCLeaks" and "Guccifer 2.0" and through another entity. To avoid detection, the defendants used false identities while utilizing a network of computers located around the world, including the United States, paid for with cryptocurrency through mining bitcoin and other means intended to obscure the origin of the funds.
Vermin Joins Quasar and Sobaken RATs to Conduct Cyber Espionage on Ukraine (07/18/2018)
ESET published its findings on a continuous espionage campaign that has been attacking Ukrainian government institutions with sophisticated remote access tools (RATs) to exfiltrate sensitive documents from the victims' computers. The researchers have identified three different strains of .NET malware in these campaigns: the Quasar RAT, Sobaken RAT, and a custom-made RAT called Vermin. Quasar is an open-source RAT and is freely available on GitHub while Sobaken is a heavily modified version of Quasar. Vermin is a customized backdoor that currently supports 24 commands which are implemented in the main payload and several additional commands implemented via optional components, including audio recording, keylogging and password stealing.
ESET published its findings on a continuous espionage campaign that has been attacking Ukrainian government institutions with sophisticated remote access tools (RATs) to exfiltrate sensitive documents from the victims' computers. The researchers have identified three different strains of .NET malware in these campaigns: the Quasar RAT, Sobaken RAT, and a custom-made RAT called Vermin. Quasar is an open-source RAT and is freely available on GitHub while Sobaken is a heavily modified version of Quasar. Vermin is a customized backdoor that currently supports 24 commands which are implemented in the main payload and several additional commands implemented via optional components, including audio recording, keylogging and password stealing.