The operations of one of the world's most notorious cybercrime gangs has been disrupted by a group of international law enforcement agencies. TechCrunch has the details:
Cybercrime became a $1 billion industry in 2023, according to data from crypto-forensics startup Chainalysis, as exorbitant ransom demands rose right along with increasingly extreme hacking tactics. From Tech Crunch, here’s why ransomware gangs are making so much money — and the glimmer of good news for the near future. https://flip.it/lTMrQq #Tech#Technology#Cybercrime#Ransomware
someone on a Japanese hacker forum decided it was a good idea to spam the entire Fediverse because they wanted to cancel a minor that DDoSed a Discord bot which apparently made them lost millions (what?)
A Discord bot. I can't make this shit up man.
The real culprit seems to be someone who goes by mumei in the ctkpaarr.org forums, whose first post was literally a threat to ap12, that if they don't delete their "Kuroneko Server" Discord bot, they will spam every blog, forum and SNS and cancel him.
This shit is ridiculous.
The ap12 account from mastodon-japan was actually fake, and this dude impersonated a minor to get all of the Fediverse (us) to bully him.
There's currently an incident involving some kind of Japanese skids who call themselves the "Kuroneko" organization.
They seem to be attempting to commit DDoS attacks on Misskey servers, constantly creating new accounts on compromised instances and spamming advertisements for their hacking services.
Admins who are federating with these compromised servers, while they might not get compromised themselves, may be affected by the sheer amount of traffic volume from their spam.
Admins are advised to #fediblock or temporarily stop sending requests to affected servers for now, if they don't want to get secondhand DoS'd
IMO I never expected them to be Japanese out of all things, kinda funny. They also host VOICEROID and VOICEVOX TTS bots on their Discord apparently. Kinda a weird flex I guess.
U.S. Justice Department cracks down on #cybercrime, seizing infrastructure used to sell the notorious "Warzone RAT" and arresting two individuals involved in its distribution and support.
BitDefender identified a MacOS backdoor written in Rust that has possible link to ALPHV/BlackCat ransomware group. "Specifically, three out of the four command and control servers have been previously associated with ransomware campaigns targeting Windows clients. ALPHV/BlackCat is a ransomware family (also written in Rust), that first made its appearance in November 2021, and that has pioneered the public leaks business model." IOC provided.
🔗 https://www.bitdefender.com/blog/labs/new-macos-backdoor-written-in-rust-shows-possible-link-with-windows-ransomware-group/
Check Point highlights the persistent threat of malicious Word/Excel Documents (maldocs):
Old Vulnerabilities Still Pose Risks: Despite being several years old, CVEs from 2017 and 2018 in Microsoft Word and Excel remain active threats in the cybersecurity landscape. Examples include CVE-2017-11882, CVE-2017-0199, and CVE-2018-0802.
Widespread Use by Cybercriminals: These vulnerabilities are exploited by well-known malware such as GuLoader, Agent Tesla, Formbook, and others. APT groups also got on the list, with Gamaredon APT being a notable example. They target lucrative sectors like finance, government, and healthcare, indicating a strategic approach by attackers.
Challenges in Detection: Despite their age, these MalDocs can evade detection due to their sophisticated construction and the use of various tricks to bypass security measures.
Recorded Future has an 18 page report on Ransomware Exploitation of vulnerabilities for the past six years (2017). Here are the key findings:
Ransomware groups alone in exploiting three or more vulnerabilities exhibit a clear targeting focus, which defenders can use to prioritize security measures. For example, CL0P has uniquely and infamously focused on file transfer software from Accellion, SolarWinds, and MOVEit. Other ransomware groups with high levels of unique exploitation exhibit similar patterns.
All of the vulnerabilities ransomware groups have targeted most widely are in software frequently used by major enterprises and can be easily exploited via penetration testing modules or single lines of curl code. These vulnerabilities are ProxyShell (CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207), ZeroLogon (CVE-2020-1472), Log4Shell (CVE-2021-44228), CVE-2021-34527, and CVE-2019-19781.
Vulnerabilities requiring unique or custom vectors to exploit (for example, malicious files using particular forms of compression) are more likely to be exploited by only one or two groups.
Ransomware operators and affiliates are highly unlikely to discuss specific vulnerabilities, but the cybercriminal ecosystem that supports them has discussed publicly known vulnerabilities andproducts as targets of interest for exploitation
Trustwave discovered Ov3r_Stealer, an infostealer distributed using Facebook advertising and phishing emails. Their report provides an in-depth dive into Ov3r_Stealer, exposing what the Threat Hunt team learned about the threat actors, their techniques, tactics, and procedures and how the malware functions. Observed IOC listed.