Security News

As many as 34 Russian-speaking gangs distributing information-stealing malware under the stealer-as-a-service model stole no fewer than 50 million passwords in the first seven months of 2022. Aside from looting passwords, the stealers also harvested 2.11 billion cookie files, 113,204 crypto wallets, and 103,150 payment cards.

At least 34 distinct Russian-speaking cybercrime groups using info-stealing malware like Raccoon and Redline have collectively stolen 50,350,000 account passwords from over 896,000 individual infections from January to July 2022. "The influx of a huge number of workers into the popular scam Classiscam, at its peak, comprised over a thousand criminal groups and hundreds of thousands of fake websites has led to criminals competing for resources and looking for new ways to make profits," comments Group-IB. "The popularity of schemes involving stealers can be explained by the low entry barrier. Beginners do not need to have advanced technical knowledge as the process is fully automated, and the worker's only task is to create a file with a stealer in the Telegram bot and drive traffic to it." - Group-IB. Currently, there are 34 active cybercrime groups on Telegram that operate as mass-scale information-stealing gangs, each with roughly 200 members.

Google has won a lawsuit filed against two Russian nationals in connection with the operation of a botnet called Glupteba, the company said last week. The defendants' move to press sanctions against Google was denied.

Google sued Dmitry Starovikov and Alexander Filippov - along with 15 other John and Jane Does - in December 2021, saying in the original complaint [PDF] that the botnet "Is distinguished from conventional botnets in its technical sophistication: unlike other botnets, the Glupteba botnet leverages blockchain technology to protect itself from disruption." Judge Cote said in her opinion and order [PDF] that the Defendants had "Attempted to negotiate a discovery plan in bad faith, requesting an exchange of electronic devices" - although they knew they could not provide the devices they said they had. According to the judge, the defendants and their lawyer told Google that pertinent discovery information was held by their former employer Valtron LLC,, a limited liability company based in Moscow.

Anton Napolsky and Valeriia Ermakova, two Russian nationals, were charged with intellectual property crimes linked to Z-Library, a pirate online eBook repository. Of the two defendants, Napolsky is burdened by evidence, based on records obtained from Google and Amazon, that he was in control of Z-Library.

Computer code developed by a company called Pushwoosh is in about 8,000 Apple and Google smartphone apps. The company pretends to be American when it is actually Russian.

The Ukrainian CERT has uncovered an attack campaign aimed at compromising Ukrainian organizations and irretrievably encrypting their files. To do that, they are leveraging a specific version of the Somnia ransomware that, "According to the attackers' theoretical plan, does not provide for the possibility of data decryption."

Russian hacktivists have infected multiple organizations in Ukraine with a new ransomware strain called 'Somnia,' encrypting their systems and causing operational problems. The group previously disclosed creating the Somnia ransomware on Telegram and even posted evidence of attacks against tank producers in Ukraine.

The U.S. Department of Justice has announced charges against a dual Russian and Canadian national for his alleged participation in LockBit ransomware attacks across the world.Also found were a text file with instructions to deploy LockBit ransomware, the malware's source code, and a website that's believed to be the control panel operated by the group to administer the ransomware.

Microsoft on Thursday attributed the recent spate of ransomware incidents targeting transportation and logistics sectors in Ukraine and Poland to a threat cluster that shares overlaps with the Russian state-sponsored Sandworm group. The Microsoft Threat Intelligence Center is now tracking the threat actor under its element-themed moniker Iridium, citing overlaps with Sandworm.