After being deported from South Korea, a Russian cybercriminal leader has made his first appearance in the US District Court for the District of Maryland to face his charges. Evgenii Ptitsyn, 42, is a Russian national who allegedly administered the sale, distribution, and operation of Phobos ransomware, which has been used against more than 1,000 victims, including public and private entities in the United States and globally. According to the indictment, its affiliates have extorted ransom paym
russian (15)
This week, Rust-based file-encrypting ransomware was found to be impersonating the cybersecurity firm Sophos https://www.sophos.com as part of its operation. The malware named ‘SophosEncrypt’, the malware is being offered under the Ransomware-as-a-Service (RaaS) business model and appears to have already been used in malicious attacks. After several security researchers warned of the new RaaS, Sophos said it was aware of the brand's impersonation and was investigating the threat.
See: https:/
A recently identified information stealer named ‘RisePro’ is being distributed by pay-per-install malware downloader service ‘PrivateLoader’, cyber threat investigators reported. RisePro, a new malware, was recently observed on a dark web forum run by Russian cybercriminals. Since 13 December 2022, the virus has been offered for sale as a log credential stealer on underground forums, leading many to believe it is a clone of the Vidar Stealer. RisePro was featured on a Russian Market cybercrim
Network credentials and virtual private network (VPN) access for colleges and universities based in the US are being advertised for sale on underground and public criminal marketplaces. "This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber-attacks against individual users or affiliated organizations," the US Federal Bureau of Investigation (FBI) said in an advisory published last week. See: https://www.ic3.gov
Has the notorious REvil, aka Sodinokibi, ransomware operation come back? Researchers suspect former developers may have restarted the server and data leak site. On 20 April 2022, the original Happy Blog leak site began redirecting to the new blog, which lists both old and seemingly new victims, including Oil India Limited. Cybersecurity researchers on Twitter attributed a recent ransomware attack at Oil India Limited to either REvil or imposters using the gang's name.
In early April 2022, at th
In 2010, Iran’s uranium enrichment centrifuges were attacked and rendered useless through a computer virus that became known as Stuxnet. It was the first case in which a hacker attack, coordinated by nations (presumably the US and Israel), hit a large military target in the “real world.” A worldwide race to create or acquire cyber weapons was then just taking shape.
Fast forward to last week (11 years later), Ukraine was hit by a massive cyber-attack that targeted government websites. Posted
The US head of the US National Security Agency (NSA), Cyber Command says the US will continue to battle ransomware for many years into the future. Some of the highest-ranking cybersecurity officials in the US government discussed the pervasive threat of ransomware on 05 October 2021, comparing it to an issue of national security with the ability to inflict measurable damage on major world powers.
Speaking at security firm Mandiant's Cyber Defense Summit, the deputy national security adviser for
A Russian-linked group known as Turla has been deploying a secondary backdoor against numerous targets to maintain persistence within compromised devices even after the primary malware has been discovered and removed from the infrastructure, according to a research report released by Cisco Talos this week.
The newly discovered backdoor, which the researchers call "TinyTurla," has been deployed against targets in the U.S. and Germany over the last two years. More recently, however, Turla has used
An emerging information-stealing malware, sold and distributed on underground Russian underground forums has been written in Rust, is signaling a new trend where threat actors are increasingly adopting exotic programming languages to bypass security protections, evade analysis, and hamper reverse engineering efforts. Rust is a multi-paradigm, high-level, general-purpose programming language designed for performance and safety, especially safe concurrency. Rust is syntactically similar to C++ b
The current US administration has a message for Russia: Rein in the criminal hackers operating from inside your borders who hit Western targets, or we will do it for you. The White House says that is the imperative being stressed in ongoing talks between high-level officials in the US and Russian national security teams following the mid-June summit in Geneva between the US President and the Russian President.
Experts say disrupting ransomware will take more than diplomacy, and needed cybersec
The infamous cybercrime organization known as Evil Corp may be running cyberespionage operations on behalf of a Russian intelligence agency, security consulting company Truesec reports. Active since at least 2009 and also referred to as TA505, the hacking group is known for the use of the Dridex banking Trojan, but also for ransomware families such as Locky, Bart, Jaff, and BitPaymer, along with the more recent WastedLocker and Hades.
Evil Corp is allegedly run by Russian nationals Maksim Yakub
Critical infrastructure in any country relies on energy sources and transmission for proper and safe national operations. A direct cyber shot was delivered to the US oil and gas industry by a Russian criminal group known as DarkSide. DarkSide was identified in the ransomware attack that shut down the US-Georgia-based Colonial Pipeline, which immediately created fuel shortages to cars, trucks, and the airline industry. The ransom of $5 million USD was eventually paid to get the pipeline back i
The past few months have seen a new ransomware variant emerge that is being distributed by the TrickBot malware. The appearance of this new ransomware, named Conti, corresponded with an observed decrease in Ryuk deployments. This suggested that Conti is the “successor” of Ryuk. Some media outlets have also reported that Conti was an evolved version of Ryuk, suggesting that it has evolved from the RYUK source code. While this may have been true for very early samples, a Red Sky analysis of recent
Throughout the USA, State and County election computer networks are still vulnerable to cyber-attacks and Election Day is only 29 days. In a little-noticed episode in 2016, an unusual number of voters in Riverside, California, complained that they were turned away at the polls during the primary because their voter registration information had been changed.
The Riverside County district attorney, Mike Hestrin, investigated and determined that the voter records of dozens of people had been tampe
Cyber threat researchers have examined security incidents over the past several years that appear to connect North Korea's Lazarus Group with Russian speaking attackers. A recent analysis has examined reports from years of security incidents to pinpoint links between Lazarus Group, historically tied to North Korea, and Russian-speaking cybercriminals.
In a summary of his findings, Mark Arena, CEO of security firm Intel 471, holds two generally accepted assumptions: that Lazarus Group is tied to