Security News
A new self-spreading worm named 'CMoon,' capable of stealing account credentials and other data, has been distributed in Russia since early July 2024 via a compromised gas supply company website. [...]
In a historic prisoner exchange between Belarus, Germany, Norway, Russia, Slovenia, and the U.S., two Russian nationals serving time for cybercrime activities have been freed and repatriated to their country. U.S. President Joe Biden called the deal a "Feat of diplomacy," adding "Some of these women and men have been unjustly held for years." Other nations that played a role in the swap include Poland and Turkey.
The United Kingdom's National Crime Agency (NCA) has shut down Russian Coms, a major caller ID spoofing platform used by hundreds of criminals to make over 1.8 million scam calls. [...]
Russian-speaking threat actors accounted for at least 69% of all crypto proceeds linked to ransomware throughout the previous year, exceeding $500,000,000. "Russian-speaking threat actors from across the former Soviet Union consistently drive most types of crypto-enabled cybercrime, from ransomware to illicit crypto exchanges and darknet markets," explains TRM. Ransomware is a form of cybercrime in which attackers steal and encrypt data on compromised systems and then demand a ransom payment in exchange for a decryption key and a promise to delete the stolen files.
The US government has imposed sanctions on two Russian cybercriminals for cyberattacks targeting critical infrastructure. [...]
Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, named by the US government as CARR's leader and attacker-in-chief respectively, were designated for their alleged roles in attacks on US critical national infrastructure. Despite much of CARR's work since its inception in 2022 revolving around what the US Department of the Treasury describes as "Low-impact, unsophisticated DDoS attacks in Ukraine," the group was blamed for various attacks on US and European water facilities earlier this year.
Two Russian nationals have pleaded guilty in a U.S. court for their participation as affiliates in the LockBit ransomware scheme and helping facilitate ransomware attacks across the world. The development comes more than two months after the U.K. National Crime Agency unmasked a 31-year-old Russian national named Dmitry Yuryevich Khoroshev as the administrator and developer of the LockBit ransomware operation.
Two Russian nations have pleaded guilty to involvement in many LockBit ransomware attacks, which targeted victims worldwide and across the United States. LockBit affiliates like Vasiliev and Astamirov would identify and breach vulnerable systems on victims' networks, steal sensitive stored data, and help deploy ransomware payloads to encrypt files.
The U.S. Department of Justice said it seized two internet domains and searched nearly 1,000 social media accounts that Russian threat actors allegedly used to covertly spread pro-Kremlin disinformation in the country and abroad on a large scale. "The social media bot farm used elements of AI to create fictitious social media profiles - often purporting to belong to individuals in the United States - which the operators then used to promote messages in support of Russian government objectives," the DoJ said.
The US Justice Department has seized two US-based domains used by Russian threat actors to create fake profiles on X that would spread disinformation in the United States and abroad. This bot farm was created and operated via Meliorator, an AI-enhanced software package. "Development of the social media bot farm was organized by an individual identified in Russia. In early 2022, Individual A worked as the deputy editor-in-chief at RT, a state-run Russian news organization based in Moscow," the DoJ claims.