Intel 471 – Computer Security Articles

Who’s Behind the SWAT USA Reshipping Service?

November 6, 2023 admin A Little Sunshine, apathyp, apathyr8@jabber.ccc.de, Breadcrumbs, constella intelligence, gezze@mail.ru, gezze@yandex.ru, Intel 471, ivan sherban, mynetwatchman, Ne'er-Do-Well News, swat usa drop service, triploo@mail.ru, universalo, verified, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Mon, 06 Nov 2023 13:51:31 +0000

Last week, KrebsOnSecurity broke the news that one of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. In today’s Part II, we’ll examine clues about the real-life identity left behind by “Fearless,” the nickname chosen by the proprietor of the SWAT USA Drops service.

Independent Krebs

Why Malware Crypting Services Deserve More Scrutiny

June 21, 2023 admin +7.9235059268, Breadcrumbs, cdek, constella intelligence, crypt[.]guru, gumboldt@gmail.com, Intel 471, kerens, kolumb, masscrypt@exploit.im, Ne'er-Do-Well News, obelisk57@gmail.com, pepyak@gmail.com, sergey y purtov, sergey yurievich purtov, spurtov@gmail.com, vip crypt, Web Fraud 2.0, Сергей Юрьевич Пуртов

Credit to Author: BrianKrebs| Date: Wed, 21 Jun 2023 18:39:36 +0000

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. In fact, the process of “crypting” malware is sufficiently complex and time-consuming that most serious cybercrooks will outsource this critical function to a handful of trusted third parties. This story explores the history and identity behind Cryptor[.]biz, a long-running crypting service that is trusted by some of the biggest names in cybercrime.

Independent Krebs

Ask Fitis, the Bear: Real Crooks Sign Their Malware

June 1, 2023 admin 165540027, 774748@gmail.com, akafitis@gmail.com, Breadcrumbs, code-signing certificates, constella intelligence, DomainTools.com, featar24, fitis, Flashpoint, glavmed, Intel 471, konstantin evgenievich fetisov, megatraffer, Ne'er-Do-Well News, o.r.z., Spamit, spampage@yandex.ru

Credit to Author: BrianKrebs| Date: Thu, 01 Jun 2023 16:15:34 +0000

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. Both of these qualities make stolen or ill-gotten code-signing certificates attractive to cybercriminal groups, who prize their ability to add stealth and longevity to malicious software. This post is a deep dive on “Megatraffer,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015.

Independent Krebs

$10M Is Yours If You Can Get This Guy to Leave Russia

May 9, 2023 admin 79608229389, A Little Sunshine, Breadcrumbs, constella intelligence, denis gennadievich kulkov, Intel 471, Joker's stash, k022yb190, kreenjo, mazafaka, Ne'er-Do-Well News, nordex, nordexin, nordia@yandex.ru, polkas@bk.ru, try2check, u.s. department of justice, u.s. department of state, U.S. Secret Service, Unicc, vault market

Credit to Author: BrianKrebs| Date: Fri, 05 May 2023 01:50:08 +0000

The U.S. government this week put a $10 million bounty on the head of a Russian man who for the past 18 years operated Try2Check, one of the cybercrime underground’s most trusted services for checking the validity of stolen credit card data. U.S. authorities say 43-year-old Denis Kulkov’s card-checking service made him at least $18 million, which he used to buy a Ferrari, Land Rover, and other luxury items.

Independent Krebs

FBI Seizes Bot Shop ‘Genesis Market’ Amid Arrests Targeting Operators, Suppliers

April 4, 2023 admin A Little Sunshine, FBI, Flashpoint, genesis market, genesis security, Intel 471, u.s. district court for the eastern district of wisconsin

Credit to Author: BrianKrebs| Date: Tue, 04 Apr 2023 21:04:11 +0000

Several domain names tied to Genesis Market, a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. Sources tell KrebsOnsecurity the domain seizures coincided with “dozens” of arrests in the United States and abroad targeting those who allegedly operated the service, as well as suppliers who continuously fed Genesis Market with freshly-stolen data.

Independent Krebs

Who’s Behind the Botnet-Based Service BHProxies?

February 24, 2023 admin A Little Sunshine, abdala tawfik, abdalla khafagy, bhproxies, bitsight, constella intelligence, hassan_isabad_subar, Intel 471, lewklabs, minerva labs, mylobot, Ne'er-Do-Well News, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Fri, 24 Feb 2023 19:51:23 +0000

A security firm has discovered that a five-year-old crafty botnet known as Mylobot appears to be powering a residential proxy service called BHProxies, which offers paying customers the ability to route their web traffic anonymously through compromised computers. Here’s a closer look at Mylobot, and a deep dive into who may be responsible for operating the BHProxies service.

Independent Krebs

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

February 9, 2023 admin A Little Sunshine, adam meyers, christina svechinskaya, CrowdStrike, dyre, Group-IB, ilya sachkov, Intel 471, kaspersky lab, michael debolt, Ne'er-Do-Well News, ransomware, Ruslan Stoyanov, Sergey Mikhaylov, trickbot, u.s. department of treasury, vitaly "bentley" kovalev, wizard spider

Credit to Author: BrianKrebs| Date: Thu, 09 Feb 2023 20:23:58 +0000

Authorities in the United States and United Kingdom today levied financial sanctions against seven men accused of operating “Trickbot,” a cybercrime-as-a-service platform based in Russia that has enabled countless ransomware attacks and bank account takeovers since its debut in 2016. The U.S. Department of the Treasury says the Trickbot group is associated with Russian intelligence services, and that this alliance led to the targeting of many U.S. companies and government entities.

Independent Krebs

Breach Exposes Users of Microleaves Proxy Service

July 28, 2022 admin A Little Sunshine, abhishek gupta, acidut, alexandru florea, alexandru iulian florea, blackhatworld, Breadcrumbs, constella intelligence, cpaelites, Hackforums, Intel 471, microleaves, Ne'er-Do-Well News, nevo.julian, online.io, residential proxy, reverseproxies, shifter.io, socks proxy

Credit to Author: BrianKrebs| Date: Thu, 28 Jul 2022 18:52:28 +0000

Microleaves, a ten-year-old proxy service that lets customers route their web traffic through millions of Microsoft Windows computers, exposed their entire user database and the location of tens of millions of PCs running the proxy software. Microleaves claims its proxy software is installed with user consent. But research suggests Microleaves has a lengthy history of being supplied with new proxies by affiliates incentivized to install the software any which way they can — such as by secretly bundling it with other software.

← Previous