Tag Archive for: arrests

United States Leads Seizure of One of the World’s Largest Hacker Forums and Arrests Administrator

/in


The Department of Justice announced Tuesday the seizure of the RaidForums website, a popular marketplace for cybercriminals to buy and sell hacked data, and unsealed criminal charges against RaidForums’ founder and chief administrator, Diogo Santos Coelho, 21, of Portugal. Coelho was arrested in the United Kingdom on Jan. 31, at the United States’ request and remains in custody pending the resolution of his extradition proceedings.

Court records unsealed today indicate that the United States recently obtained judicial authorization to seize three domains that long hosted the RaidForums website. These domains were “raidforums.com,” “Rf.ws,” and “Raid.lol.” According to the affidavit filed in support of these seizures, from in or around 2016 through February 2022, RaidForums served as a major online marketplace for individuals to buy and sell hacked or stolen databases containing the sensitive personal and financial information of victims in the United States and elsewhere, including stolen bank routing and account numbers, credit card information, login credentials and social security numbers.

“The takedown of this online market for the resale of hacked or stolen data disrupts one of the major ways cybercriminals profit from the large-scale theft of sensitive personal and financial information,” said Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department’s Criminal Division. “This is another example of how working with our international law enforcement partners has resulted in the shutdown of a criminal marketplace and the arrest of its administrator.”

“Our interagency efforts to dismantle this sophisticated online platform – which facilitated a wide range of criminal activity – should come as a relief to the millions victimized by it, and as a warning to those cybercriminals who participated in these types of nefarious activities,” said U.S. Attorney Jessica D. Aber for the Eastern District of Virginia. “Online anonymity was not able to protect the defendant in this case from prosecution, and it will not protect other online criminals either.”

“The seizure of the RaidForums website – which facilitated the sale of…

Source…

Russia Arrests REvil Ransomware Gang Responsible for High-Profile Cyber Attacks

/in


REvil Ransomware

In an unprecedented move, Russia’s Federal Security Service (FSB), the country’s principal security agency, on Friday disclosed that it arrested several members belonging to the notorious REvil ransomware gang and neutralized its operations.

The surprise operation, which it said was carried out at the request of the U.S. authorities, saw the law enforcement agency conduct raids at 25 addresses in the cities of Moscow, St. Petersburg, Moscow, Leningrad and Lipetsk regions that belonged to 14 suspected members of the organized cybercrime syndicate.

“In order to implement the criminal plan, these persons developed malicious software, organized the theft of funds from the bank accounts of foreign citizens and their cashing, including through the purchase of expensive goods on the Internet,” the FSB said in a statement.

Automatic GitHub Backups

In addition, the FSB seized over 426 million rubles, including in cryptocurrency, $600,000, €500,000, as well as computer equipment, crypto wallets used to commit crimes, and 20 luxury cars that were purchased with money obtained by illicit means.

One of the most active ransomware crews last year, REvil took responsibility for high-profile attacks against JBS and Kaseya, among a string of several others. The U.S. government told Reuters that one of the arrested individuals was also behind the ransomware attack on Colonial Pipeline in May 2021, once again confirming REvil’s connections to another group called DarkSide.

REvil Ransomware

The group formally closed shop in October 2021 after the U.S. intervened to take its network of dark web servers offline. The next month, Romanian law enforcement authorities announced the arrest of two individuals for their roles as affiliates of the REvil ransomware family, even as the U.S. charged a 22-year-old Ukrainian citizen linked to the ransomware gang for orchestrating the Kaseya ransomware attack.

All those detained have been charged with “illegal circulation of means of payment,” a criminal offense punishable by up to six years in prison. The suspects weren’t named, but Reuters noted that a Moscow court identified two of the men as Roman Muromsky and Andrei Bessonov.

Prevent Data Breaches

The crackdown also comes as threat actors likely affiliated with…

Source…

Ukraine arrests ‘Phoenix’ hackers behind Apple phishing attacks

/in


phoenix_office

The Security Service of Ukraine (SSU) has arrested five members of the international ‘Phoenix’ hacking group who specialize in the remote hacking of mobile devices.

The SSU’s announcement states that all five suspects live in Kyiv or Kharkiv and are higher technical education institutes graduates.

The goal of ‘Phoenix’ was to gain remote access to the accounts of mobile device users and then monetize them by hijacking their e-payment or bank accounts or selling their private information to third parties.

To steal mobile accounts of mobile device users, the actors used phishing sites that were clones of Apple’s and Samsung’s login portals.

This activity went on for at least two years, during which Phoenix hacked several hundred people’s accounts.

The hackers also offered remote mobile phone hacking services to others, charging between $100 and $200.

Messages between Phoenix and a client
Messages between Phoenix and a client
Source: SSU

Finally, the group was also unlocking stolen or lost devices made by Apple, tied to the original purchaser by locking them to the first account created on the device.

The police have conducted five searches in each arrest location, seizing computer equipment, mobile phones, specialized software, and hardware.

Stolen devices prepared to be resold as new
Stolen devices prepared to be resold as new
Source: SSU

While conducting searches of homes and fake telephone shops, officers found several devices that appeared to have been stolen and were being prepared for reselling as new in the Kyiv region.

The threat actors now face charges relevant to Article 361 of the Criminal Code of Ukraine for illegal interference in the work of electronic computers, systems, and computer networks.

While the five arrested individuals are most likely all the ‘Phoenix’ group members, the authorities will continue the investigations to potentially identify more conspirators.

Ukraine has been actively cracking down on cybercrime activity originating from their country, with recent arrests of ransomware membersmoney launderers, and threat actors behind DDoS attacks.

Source…

Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group

/in


The Security Service of Ukraine (SBU) has made five arrests in an investigation targeting the international hacking group known as Phoenix, allegedly specialized in hacking and selling stolen mobile phones.

According to the investigation, the five are residents of Kyiv and Kharkiv and all have “higher technical education.” They used social engineering tactics like phishing and website spoofing to steal victims’ passwords and defraud them or sell their data.

According to a machine-translated version of the SBU’s press release:

To gain access to the accounts of mobile device users, hackers used “phishing” resources – copies of sites of well-known manufacturers of mobile devices “Apple”, “Samsung” and others.

The user of the mobile device, downloading the application or application on such a “pseudo-official” site, provided the attackers with a password to their account. The attackers then copied the information stored on the hacked phone.

The data obtained in this way allowed the attackers to withdraw funds from citizens’ accounts and sell information about their private lives to third parties.

Victims lost $200 on average from the hacks, according to the SBU.

Phoenix was also engaged in hardware hacks, unlocking lost or stolen iPhones and reselling them through “a network of controlled stores” in Kyiv and Kharkiv.

Phoenix’s business, conducted under the guise of phone repair shops, reportedly ran for more than two years and claimed hundreds of victims.

Ukrainian Police seized “computer equipment and mobile phones with evidence of criminal activity, software and hardware for unauthorized interference with accounts, [and] stolen mobile phones, which were being prepared for sale under the guise of new ones.”

With these five arrests, the SBU believes it has apprehended all of the Phoenix gang members. For good measure, investigations continue to “identify and prosecute all persons involved in illegal activities,” just in case others can be linked to Phoenix.

Source…