Breadcrumbs – Page 4 – Computer Security Articles

Administrator of RSOCKS Proxy Botnet Pleads Guilty

January 24, 2023 admin A Little Sunshine, Breadcrumbs, denis emelyantsev, IoT, iot botnets, Ne'er-Do-Well News, rsocks botnet, rsocks proxy, rusdot, rusdot socks server, spamdot

Credit to Author: BrianKrebs| Date: Tue, 24 Jan 2023 19:00:32 +0000

Denis Emelyantsev, a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. The plea comes just months after Emelyantsev was extradited from Bulgaria, where he told investigators, “America is looking for me because I have enormous information and they need it.”

Independent Krebs

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

September 23, 2022 admin 24chasa.bg, Breadcrumbs, denis emelyantsev, denis kloster, Ne'er-Do-Well News, rsocks botnet, rsocks proxy, rusdot, spamdot

Credit to Author: BrianKrebs| Date: Fri, 23 Sep 2022 18:19:51 +0000

A 36-year-old Russian man recently identified by KrebsOnSecurity as the likely proprietor of the massive RSOCKS botnet has been arrested in Bulgaria at the request of U.S. authorities. At a court hearing in Bulgaria this month, the accused hacker requested and was granted extradition to the United States, reportedly telling the judge, “America is looking for me because I have enormous information and they need it.”

Independent Krebs

No SOCKS, No Shoes, No Malware Proxy Services!

August 2, 2022 admin A Little Sunshine, alexandr smolyaninov, angry coders, Breadcrumbs, dmitry chepurko, ip-score, kc-shoes, michdomain@gmail.com, oleg iskushnykh, socks proxy, socksescort, The Coming Storm, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 02 Aug 2022 19:31:35 +0000

With the recent demise of several popular “proxy” services that let cybercriminals route their malicious traffic through hacked PCs, there is now something of a supply chain crisis gripping the underbelly of the Internet. Compounding the problem, several remaining malware-based proxy services have chosen to block new registrations to avoid swamping their networks with a sudden influx of customers.

Independent Krebs

Breach Exposes Users of Microleaves Proxy Service

July 28, 2022 admin A Little Sunshine, abhishek gupta, acidut, alexandru florea, alexandru iulian florea, blackhatworld, Breadcrumbs, constella intelligence, cpaelites, Hackforums, Intel 471, microleaves, Ne'er-Do-Well News, nevo.julian, online.io, residential proxy, reverseproxies, shifter.io, socks proxy

Credit to Author: BrianKrebs| Date: Thu, 28 Jul 2022 18:52:28 +0000

Microleaves, a ten-year-old proxy service that lets customers route their web traffic through millions of Microsoft Windows computers, exposed their entire user database and the location of tens of millions of PCs running the proxy software. Microleaves claims its proxy software is installed with user consent. But research suggests Microleaves has a lengthy history of being supplied with new proxies by affiliates incentivized to install the software any which way they can — such as by secretly bundling it with other software.

Independent Krebs

The Link Between AWM Proxy & the Glupteba Botnet

June 28, 2022 admin A Little Sunshine, alureon, awm proxy, Breadcrumbs, constella intelligence, dennstr, dmitry starovikov, domaintools, ESET, glupteba botnet, google, kaspersky lab, lycefer, meris, Ne'er-Do-Well News, pay-per-install, riley kilmer, rootkit, rsocks botnet, spur.us, tdl-4, tdss, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 28 Jun 2022 18:33:31 +0000

On December 7, 2021, Google announced it had sued two Russian men allegedly responsible for operating the Glupteba botnet, a global malware menace that has infected millions of computers over the past decade. That same day, AWM Proxy — a 14-year-old anonymity service that rents hacked PCs to cybercriminals — suddenly went offline. Security experts had long seen a link between Glupteba and AWM Proxy, but new research shows AWM Proxy’s founder is one of the men being sued by Google.

Independent Krebs

Meet the Administrators of the RSOCKS Proxy Botnet

June 22, 2022 admin 79136334444, A Little Sunshine, Breadcrumbs, constella intelligence, denis "neo" kloster, exploit, internet advertising omsk, istanx@gmail.com, Ne'er-Do-Well News, rsocks botnet, rusdot, sl mobpartners, spamdot, stanx, stanx@rusdot.com, u.s. department of justice, verified

Credit to Author: BrianKrebs| Date: Wed, 22 Jun 2022 13:06:34 +0000

Authorities in the United States, Germany, the Netherlands and the U.K. last week said they dismantled the “RSOCKS” botnet, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer. While the coordinated action did not name the Russian hackers allegedly behind RSOCKS, KrebsOnSecurity has identified its owner as a Russian man living abroad who also runs the world’s top Russian spamming forum.

Independent Krebs

Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code

April 22, 2022 admin A Little Sunshine, amtrak, apple, bitbucket, Breadcrumbs, Dan Goodin, Doxbin, Electronic Arts, emergency data request, everlynn, Flashpoint, genesis, globant, iqor, kt, lapsus$, lapsus$ jobs, michelin, microsoft, Mobile Device Management, mox, Ne'er-Do-Well News, nvidia, recursion team, russian market, Samsung, sascar, SIM swapping, slack, source code theft, SWATting, T-Mobile, t-mobile atlas, whitedoxbin

Credit to Author: BrianKrebs| Date: Fri, 22 Apr 2022 13:09:39 +0000

KrebsOnSecurity recently reviewed a copy of the private chat messages between members of the LAPSUS$ cybercrime group in the week leading up to the arrest of its most active members last month. The logs show LAPSUS$ breached T-Mobile multiple times in March, stealing source code for a range of company projects. T-Mobile says no customer or government information was stolen in the intrusion. LAPSUS$ is known for stealing data and then demanding a ransom not to publish or sell it. But the leaked chats indicate this mercenary activity was of little interest to the tyrannical teenage leader of LAPSUS$, whose obsession with stealing and leaking proprietary computer source code from the world’s largest tech companies ultimately led to the group’s undoing.

Independent Krebs

Who Wrote the ALPHV/BlackCat Ransomware Strain?

February 2, 2022 admin @cookiedays, A Little Sunshine, alphv ransomware, binrs, blackcat ransomware, blackmatter, Breadcrumbs, Catalin Cimpanu, darkside, duckerman, duckermanit, Flashpoint, jason hill, Ne'er-Do-Well News, paul roberts, ramp, Recorded Future, reversinglabs, rEvil, sergey duck, sergey kryakov, sergey penchikov, smiseo, the record, tox, varonis, ybcat

Credit to Author: BrianKrebs| Date: Fri, 28 Jan 2022 13:18:36 +0000

In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. “BlackCat”), considered to be the first professional cybercrime group to create and use a ransomware strain in the Rust programming language. In this post, we’ll explore some of the clues left behind by the developer who was reputedly hired to code the ransomware variant.