Security News

"My warning to the public is that digital currency exchanges are not like banks. The security of digital currency exchanges is only as good as your own vigilance. While law enforcement will do everything within our power to protect you, you must also protect yourself." How could the North Korean Lazarus Group become any more of a threat to the rest of the internet? We're glad you asked.

The United States Department of Justice on Wednesday unsealed an indictment against two Russian nationals allegedly engaged in cryptocurrency fraud schemes. The two, Danil Potekhin and Dmitrii Karasavidi, allegedly targeted three cryptocurrency exchanges - two in the United States and one abroad - and their customers to defraud them of at least $16.8 million in virtual currency.

Immediately after revealing criminal charges against 5 Chinese and 2 Malaysian hackers, the United States government yesterday also made two separate announcements charging two Iranian and two Russian hackers and added them to the FBI's most-wanted list. In addition to the criminal charges, the U.S. Department of the Treasury has also sanctioned both Russian hackers, freezing all their assets under U.S. jurisdiction and banning them from doing business with Americans.

U.S. authorities today announced criminal charges and financial sanctions against two Russian men accused of stealing nearly $17 million worth of virtual currencies in a series of phishing attacks throughout 2017 and 2018 that spoofed websites for some of the most popular cryptocurrency exchanges. Prosecutors say the men then laundered the stolen funds through an array of intermediary cryptocurrency accounts - including compromised and fictitiously created accounts - on the targeted cryptocurrency exchange platforms.

Security researchers with Intel 471 have identified connections between cyber-activities attributed to North Korean hackers and those of Russian cybercriminals. In a report published today, Intel 471 says malware that only the North Korean hackers use "Was very likely delivered via network accesses held by Russian-speaking cybercriminals."

Thousands of e-commerce stores built using Magento 1 have been poisoned with malicious code that steals customers' bank card information as they enter their details to order stuff online. Sansec, a software company focused on these so-called "Digital skimming" attacks, discovered that 1,904 cyber-shops had been altered by miscreants over the weekend to include malicious JavaScript that siphoned off folks' card info.

For the past year, Russia-linked threat actor Strontium has targeted hundreds of organizations in the United States and the United Kingdom to harvest account credentials, Microsoft reveals. On Thursday, Microsoft published information on a newly identified Strontium campaign that focused on harvesting Office365 credentials for tens of thousands of accounts at organizations in the US and UK, many of them directly involved in political elections.

"What we've seen is consistent with previous attack patterns that not only target candidates and campaign staffers but also those who they consult on key issues," Tom Burt, a Microsoft vice president, said in a blog post. Although U.S. intelligence officials said last month that the Russians favor President Donald Trump and the Chinese prefer former Vice President Joe Biden, the Democratic challenger, Microsoft noted Thursday that Chinese state-backed hackers have targeted "High profile individuals associated with the election," including people associated with the Biden campaign.

A Russian national has been indicted in the United States for conspiring to recruit a Tesla employee to install malware onto the company's network. The man, Egor Igorevich Kriuchkov, 27, was arrested on August 22, when the U.S. Department of Justice announced that he had attempted to recruit an employee of a company in Nevada, offering them $1 million to install malware within the enterprise environment.

The failed attempt by Russian hackers to recruit an employee to install malware onto an enterprise network was targeting electric car maker Tesla, a tweet from Elon Musk confirms. According to the criminal complaint the DoJ made public earlier this week, Tesla's employee was approached by Kriuchkov in July, and the two met socially in early August, after Kriuchkov arrived in Nevada on a tourist visa.