Flashpoint – Computer Security Articles

A Closer Look at the Snatch Data Ransom Group

September 30, 2023 admin Breadcrumbs, cisa, constella intelligence, databreaches.net, FBI, Flashpoint, Ne'er-Do-Well News, perchatka, ransomware, semen7907, semyon tretyakov, snatch ransomware, snatch team, tretyakov-files@yandex.ru

Credit to Author: BrianKrebs| Date: Sat, 30 Sep 2023 19:47:57 +0000

Earlier this week, KrebsOnSecurity revealed that the darknet website for the Snatch ransomware group was leaking data about its users and the crime gang’s internal operations. Today, we’ll take a closer look at the history of Snatch, its alleged founder, and their claims that everyone has confused them with a different, older ransomware group by the same name.

Independent Krebs

Ask Fitis, the Bear: Real Crooks Sign Their Malware

June 1, 2023 admin 165540027, 774748@gmail.com, akafitis@gmail.com, Breadcrumbs, code-signing certificates, constella intelligence, DomainTools.com, featar24, fitis, Flashpoint, glavmed, Intel 471, konstantin evgenievich fetisov, megatraffer, Ne'er-Do-Well News, o.r.z., Spamit, spampage@yandex.ru

Credit to Author: BrianKrebs| Date: Thu, 01 Jun 2023 16:15:34 +0000

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. Both of these qualities make stolen or ill-gotten code-signing certificates attractive to cybercriminal groups, who prize their ability to add stealth and longevity to malicious software. This post is a deep dive on “Megatraffer,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015.

Independent Krebs

Giving a Face to the Malware Proxy Service ‘Faceless’

April 18, 2023 admin accessapproved, asus666, constella intelligence, denis viktorovich pankov, faceless, Flashpoint, gaihnik, lesstroy@mgn.ru, liberty reserve, mrmurza, Ne'er-Do-Well News, omega^gg4u, riley kilmer, Shodan, spur.us, u1018928, vadim panov, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 18 Apr 2023 20:59:39 +0000

For the past seven years, a malware-based proxy service known as “Faceless” has sold anonymity to countless cybercriminals. For less than a dollar per day, Faceless customers can route their malicious traffic through tens of thousands of compromised systems advertised on the service. In this post we’ll examine clues left behind over the past decade by the proprietor of Faceless, including some that may help put a face to the name.

Independent Krebs

FBI Seizes Bot Shop ‘Genesis Market’ Amid Arrests Targeting Operators, Suppliers

April 4, 2023 admin A Little Sunshine, FBI, Flashpoint, genesis market, genesis security, Intel 471, u.s. district court for the eastern district of wisconsin

Credit to Author: BrianKrebs| Date: Tue, 04 Apr 2023 21:04:11 +0000

Several domain names tied to Genesis Market, a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. Sources tell KrebsOnsecurity the domain seizures coincided with “dozens” of arrests in the United States and abroad targeting those who allegedly operated the service, as well as suppliers who continuously fed Genesis Market with freshly-stolen data.

Independent Krebs

A Retrospective on the 2015 Ashley Madison Breach

July 26, 2022 admin A Little Sunshine, ashley madison breach, avid life media, Flashpoint, impact team, Intel 471, noel biderman, per thorsheim, robert graham, wired.com

Credit to Author: BrianKrebs| Date: Wed, 27 Jul 2022 01:04:51 +0000

It’s been seven years since the online cheating site AshleyMadison.com was hacked and highly sensitive data about its users posted online. The leak led to the public shaming and extortion of many AshleyMadison users, and to at least two suicides. To date, little is publicly known about the perpetrators or the true motivation for the attack. But a recent review of AshleyMadison mentions across Russian cybercrime forums and far-right underground websites in the months leading up to the hack revealed some previously unreported details that may deserve further scrutiny.

Independent Krebs

Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code

April 22, 2022 admin A Little Sunshine, amtrak, apple, bitbucket, Breadcrumbs, Dan Goodin, Doxbin, Electronic Arts, emergency data request, everlynn, Flashpoint, genesis, globant, iqor, kt, lapsus$, lapsus$ jobs, michelin, microsoft, Mobile Device Management, mox, Ne'er-Do-Well News, nvidia, recursion team, russian market, Samsung, sascar, SIM swapping, slack, source code theft, SWATting, T-Mobile, t-mobile atlas, whitedoxbin

Credit to Author: BrianKrebs| Date: Fri, 22 Apr 2022 13:09:39 +0000

KrebsOnSecurity recently reviewed a copy of the private chat messages between members of the LAPSUS$ cybercrime group in the week leading up to the arrest of its most active members last month. The logs show LAPSUS$ breached T-Mobile multiple times in March, stealing source code for a range of company projects. T-Mobile says no customer or government information was stolen in the intrusion. LAPSUS$ is known for stealing data and then demanding a ransom not to publish or sell it. But the leaked chats indicate this mercenary activity was of little interest to the tyrannical teenage leader of LAPSUS$, whose obsession with stealing and leaking proprietary computer source code from the world’s largest tech companies ultimately led to the group’s undoing.

Independent Krebs

Russian Govt. Continues Carding Shop Crackdown

February 9, 2022 admin alexander kovalev, artem bystrykh, denis pachevsky, department k, ferum shop, Flashpoint, Gemini Advisory, get-net llc, Infraud, Ne'er-Do-Well News, saratovfilm film company llc, sky-fraud, Stas Alforov, tass, transtekhkom llc, Trump's-Dumps, Unicc, vladislav gilev, Web Fraud 2.0, yaroslav solovyov

Credit to Author: BrianKrebs| Date: Thu, 10 Feb 2022 01:34:48 +0000

Russian authorities have arrested six men accused of operating some of the most active online bazaars for selling stolen payment card data. The crackdown — the second closure of major card fraud shops by Russian authorities in as many weeks — comes closely behind Russia’s arrest of 14 alleged affiliates of the REvil ransomware gang, and has many in the cybercrime underground asking who might be next.

Independent Krebs

Who Wrote the ALPHV/BlackCat Ransomware Strain?

February 2, 2022 admin @cookiedays, A Little Sunshine, alphv ransomware, binrs, blackcat ransomware, blackmatter, Breadcrumbs, Catalin Cimpanu, darkside, duckerman, duckermanit, Flashpoint, jason hill, Ne'er-Do-Well News, paul roberts, ramp, Recorded Future, reversinglabs, rEvil, sergey duck, sergey kryakov, sergey penchikov, smiseo, the record, tox, varonis, ybcat

Credit to Author: BrianKrebs| Date: Fri, 28 Jan 2022 13:18:36 +0000

In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. “BlackCat”), considered to be the first professional cybercrime group to create and use a ransomware strain in the Rust programming language. In this post, we’ll explore some of the clues left behind by the developer who was reputedly hired to code the ransomware variant.

← Previous