Security News

The Justice Department has recovered most of a multimillion-dollar ransom payment made to hackers after a cyberattack that caused the operator of the nation's largest fuel pipeline to halt its operations last month, officials said Monday. The operation to seize cryptocurrency paid to the Russia-based hacker group is the first of its kind to be undertaken by a specialized ransomware task force created by the Biden administration Justice Department.

The US Department of Justice has recovered the majority of the $4.4 million ransom payment paid by Colonial Pipeline to the DarkSide ransomware operation. On May 7th, Colonial Pipeline suffered a DarkSide ransomware attack that forced them to shut down their fuel pipeline operation.

Navistar International Corporation, a US-based maker of trucks and military vehicles, says that unknown attackers have stolen data from its network following a cybersecurity incident discovered on May 20, 2021. "Upon learning of the cybersecurity threat, the Company launched an investigation and undertook immediate action in accordance with its cybersecurity response plan, including employing containment protocols to mitigate the impact of the potential threat, engaging internal and third-party information technology security and forensics experts to assess any impact on the Company's IT System, and utilizing additional security measures to help safeguard the integrity of its IT System's infrastructure and data contained therein," Navistar said.

A Latvian woman has been charged with developing malicious software used by a cybercrime organization that infected computers worldwide and looted bank accounts of millions of dollars, the Justice Department said Friday. Alla Witte is charged as part of a 47-count indictment with participating in an organization known as the Trickbot Group, which authorities say operated in Russia and several other countries.

Fans of John le Carré's Tinker Tailor Soldier Spy know how top military secrets are extracted from the enemy. If head KGB spy Karla wanted to learn intricate details of the British military today, he'd just have to check WhatsApp.

The new PayloadBIN ransomware has been attributed to the Evil Corp cybercrime gang, rebranding to evade sanctions imposed by the US Treasury Department's Office of Foreign Assets Control. As cybergangs started to transition to highly profitable ransomware attacks, Evil Corp launched a ransomware operation called BitPaymer, which was delivered via the Dridex malware in compromised corporate networks.

The US Department of Justice announced today that a Latvian national was charged for her alleged role as a malware developer in the Trickbot transnational cybercrime organization. As a Trickbot malware developer, Witte wrote the code used by the malware to control, deploy, and manage payments of ransomware, the DOJ said in a press release published today.

The memo, from deputy national security advisor for Cyber and Emerging Technology Anne Neuberger, said the private sector has a "Critical responsibility" to protect their businesses against ransomware. "Much as our homes have locks and alarm systems and our office buildings have guards and security to meet the threat of theft, we urge you to take ransomware crime seriously and ensure your corporate cyber defenses match the threat."

The group, identified as the Sodinokibi REvil ransomware gang, also said it was not afraid of being labeled a cyber-terrorist group. The validity of the REvil source cannot be independently confirmed by Threatpost, however the REvil ransomware gang has used the Russian OSINT channel several times to discuss criminal activities such as future targets, alliances and revenue.

A Nigerian national was arrested recently in the United States on charges related to hacking into user accounts at a payroll processing company, to steal payroll deposits. The man, Charles Onus, 34, who was arrested in San Francisco on April 14, is accused of participating in a scheme that resulted in the compromise of approximately 5,500 user accounts at an unnamed human resources and payroll services company in the U.S. In 2017 and 2018, Onus allegedly employed a credential stuffing attack to gain unauthorized access to user accounts at the targeted company.