Security News

A well-connected Russian hacker once described as "An asset of supreme importance" to Moscow was sentenced on Friday to nine years in a U.S. prison after pleading guilty to running a site that sold stolen payment card data, and to administering a highly secretive crime forum that counted among its members some of the most elite Russian cybercrooks. Aleksei Burkov of St. Petersburg, Russia admitted to running CardPlanet, a site that sold more than 150,000 stolen credit card accounts, and to being a founder of DirectConnection - a closely guarded underground community that attracted some of the world's most-wanted Russian hackers.

New Zealand police revealed Monday they had frozen NZ$140 million in assets linked to a Russian man accused of laundering money for organised crime using cyber currency. Police said they acted after discovering funds belonging to Alexander Vinnik, who is in custody in France facing fraud charges, were being held in a New Zealand company.

Targeted attacks delivering a new piece of malware leveraged an exploit previously associated with the Russian-linked Turla hacking group, Palo Alto Networks reveals. Believed to be operating on behalf of the Russian Federal Security Service and also known as Waterbug, Venomous Bear and KRYPTON, Turla was the first threat actor known to have abused a third-party device driver to disable Driver Signature Enforcement, a security feature introduced in Windows Vista to prevent the loading of unsigned drivers.

Facebook last week began slapping "State controlled" labels on media outlets that it's determined are under the thumb of a government. According to NPR, as of Thursday's announcement, Pages and posts from at least 18 media outlets had been labelled "State-controlled media," including Russia Today, Russia's Sputnik News, China's People's Daily, China Xinhua News, and Iran's Press TV. The Facebook Pages for all of the outlets are now carrying transparency notices that advise users that they're "Wholly or partially under the editorial control of a state," as determined by factors including funding, structure and journalistic standards.

The U.S. National Security Agency on Thursday published information on the targeting of Exim mail servers by the Russia-linked threat actor known as Sandworm Team. The open-source Exim mail transfer agent is used broadly worldwide, powering more than half of the Internet's email servers and also being pre-installed in some Linux distributions.

Germany said Thursday it is seeking EU sanctions against a Russian man over his alleged role in the hacking of the German parliament at a time when evidence shows he was working for Russian intelligence. Germany's Foreign Ministry said it called in Russian ambassador Sergei Nechayev to inform him in person of the move.

The U.S. National Security Agency says the same Russian military hacking group that interfered in the 2016 presidential election and unleashed a devastating malware attack the following year has been exploiting a major email server program since last August or earlier. It took Williams about a minute of online probing on Thursday to find a potentially vulnerable government server in the U.K. He speculated that the NSA might have issued to advisory to publicize the IP addresses and a domain name used by the Russian military group, known as Sandworm, in its hacking campaign - in hopes of thwarting their use for other means.

German Chancellor Angela Merkel voiced frustration Wednesday that Russia was targeting her in hacking action, saying she had concrete proof of the "Outrageous" spying attempts. "I can honestly say that it pains me. Every day I try to build a better relationship with Russia and on the other hand there is such hard evidence that Russian forces are doing this," she told parliament.

Justice has already been slow in this case, and the pandemic isn't helping: His trial has been postponed for a third time. Nikulin's trial in San Francisco federal court began 9 March but was paused on 18 March because of the coronavirus.

The man accused of hacking LinkedIn, Dropbox and the Formspring Q&A forum, and later selling the stolen data of hundreds of millions of users, has seen his trial disrupted a third time by the coronavirus pandemic. At a hearing on Tuesday, Judge William Alsup again delayed the US trial of alleged Russian hacker Yevgeniy Nikulin until June 1; the third such delay since the COVID-19 virus appeared in San Francisco, where proceedings are unfolding.