Tag Archive for: arrests

Ukraine arrests hackers behind Apple phishing schemes

/in




AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

The Security Service of Ukraine (SSU) has arrested five individuals believed to be involved in the international “Phoenix” hacking group, which performed phishing attacks using cloned Apple support websites.

The SSU notes that the suspects lived in Kyiv or Kharkiv, and all five were higher technical education institute graduates. Police have since seized computer equipment, mobile phones, software, and hardware believed to be used by the group.

Phoenix specialized in gaining remote control of mobile devices through phishing attacks. The group would direct users to phishing sites that were clones of official Apple and Samsung support sites.

According to BleepingComputer, the scheme went on for at least two years, with the hackers successfully gaining access to several hundred people’s accounts.

Phoenix also offered remote mobile phone hacking services to individuals, charging between $100 and $200.

Investigators also discovered that the hackers had been unlocking stolen or lost devices made by Apple. Once unlocked, the group would sell the devices to unwitting customers.

SSU believes that the five arrested individuals comprise the entirety of Phoenix but plan to continue investigations to find any remaining conspirators.

Phoenix now faces charges relevant to Article 361 of the Criminal Code of Ukraine, which focuses on illegal interference in the work of electronic computers, systems, and computer networks.

In August, a hacker known for data breaches had allegedly gained access to gigabytes of AT&T customer information, including social security numbers. The hacker, known as “ShinyHunters,” had requested $1 million to take the data offline.

AT&T denied the information had come from their servers.

That same month, T-Mobile had become aware of a breach of its servers that had resulted in harvested data on over 100 million customers being sold on a hacker forum.

Source…

Estonia arrests hacker who stole 286K ID scans from govt database

/in


Estonia arrests hacker who stole 286K ID scans from govt database

Image: Stanislav Rabunski

A Tallinn man was arrested a week ago in Estonia under suspicion that he has exploited a government photo transfer service vulnerability to download ID scans of 286,438 Estonians from the Identity Documents Database (KMAIS).

The attacker was apprehended on July 23, following a Cybercrime Bureau of the National Criminal Police and RIA joint investigation that started after RIA was alerted of a higher than the usual number of queries.

“During the searches, investigators found the downloaded photos from a database in the person’s possession, along with the names and personal identification codes of the people,” Oskar Gross, head of the police’s cybercrime unit, said.

“Currently, we have no reason to believe that the suspect would have used or transmitted this data maliciously, but we will further clarify the possible motives for the act in the course of the proceedings.”

Stolen info cannot be used for fraud

The suspect downloaded the government document photos using the targets’ names and personal ID codes (available from various public databases).

RIA added that the stolen information could not be used to perform notarial or financial transactions or gain access to state digital services by impersonating the impacted individuals.

“It is not possible to gain access to e-services, give a digital signature, or to perform different financial transactions (incl. bank transfers, purchase and sales transactions, notarial transactions, etc.) using a document photo, personal identification code, or name,” RIA Director General Margus Noormaa added.

“People whose document photos have been stolen need not apply for a new physical or digital document (passport, ID-card, residence permit card, mobile-ID or Smart-ID, etc.) or take a new document photo. All identity documents and photos remain valid.”

All impacted individuals to be notified via email

Although the vulnerability was introduced in the system and could’ve been exploited several years ago, current evidence doesn’t show that such an attack has happened since then.

RIA also said that the data was not transferred from the suspect’s computer after it was stolen from KMAIS, and there is no reason to believe…

Source…

Interpol arrests Moroccon hacker over global phishing, malware scam

/in


“Dr. Hex” is accused of defacing websites, carrying out phishing attacks and malware campaigns.

An alleged malicious hacker and a cybercriminal who goes by the alias “Dr. Hex” has been arrested in Morocco after a two-year-long investigation.

Dubbed Op Lyrebird; authorities involved in the Operation included Moroccan police, International Criminal Police Organization – INTERPOL, and Russian cybersecurity company Group-IB.

In a statement this Tuesday, Interpol revealed that cyber attacks carried out by “Dr. Hex” involved, global phishing scams and carding activities such as credit card fraud against thousands of unsuspected victims.

According to authorities, the threat actor’s prime targets were French-speaking communications companies, multinational companies, and multiple banks that suffered malware attacks allegedly perpetrated by the accused.

“Dr. Hex” is also accused of targeting private, business, and government websites and defacing their homepage to a modified one displaying political and self-praising messages. 

Interpol arrests Moroccon hacker over global phishing, malware scam

Deface page left by the hacker (Image: Hackread.com)

Although authorities believe “Dr. Hex” defaced 134 domains and sub-domains between 2009 and 2018, Hackread.com managed to save a screenshot showing the hacker’s last defacement was in 2019.

The following screenshot shows a list of websites that were defaced by the hacker. These sites belonged to different countries and sectors around the world.

Interpol arrests Moroccon hacker over global phishing, malware scam

Image: Hackread.com

As for his phishing scams; the hacker used modified pages modified with data-stealing scripts. Once the victim clicked on the link it opened an authentic-looking login page for banks and other targeted companies. Once login credentials were entered, the hacker used them for financial fraud and stealing confidential information.

On the other hand, Group-IB shared their report with Hackread.com that further explained how the company managed to identify five email addresses associated with the accused.

The cybersecurity firm was also successful in tracking six nicknames, and his accounts on different social media platforms including Facebook, Instagram, Skype, and Youtube.

According to Stephen…

Source…

Malaysia arrests 11 suspects for hacking government sites

/in


anonymous-malaysia.png

Malaysian officials announced on Thursday the arrest of 11 suspects believed to be part of a hacktivist group that defaced government websites during late January.

The group, calling itself Anonymous Malaysia, defaced 17 websites for local governments and universities, according to posts they made on a Facebook page earlier this month.

The defacements were part of a campaign the group called #OpsWakeUp21, during which they wanted to highlight the poor security of government websites by posting warning messages on their front pages (see screenshot above).

Malaysian authorities started an investigation after the attacks took place in late January, and 11 suspects were arrested on Wednesday.

According to local reports, the suspects were aged between 22 and 40, and from Pahang, Johor, Perak, and the Klang Valley regions.

Similar hacktivism activity reported in Myanmar

The arrests come after earlier this week, another hacktivist group, named the Myanmar Hackers, defaced sites for the Myanmar military, state-run broadcaster MRTV, the Central Bank, the Port Authority, the Food and Drug Administration, and local law enforcement.

The cyber intrusions and website defacements were part of nationwide protests against the current government, which illegitimately seized power earlier this month following a military coup.

On February 1, the Myanmar military leadership ordered the arrest of members of the National League for Democracy party, along with its leader Aung San Suu Kyi, which convincingly won the November 2020 elections after soundly defeating the military’s representatives.

Mass public protests have been taking place since the coup, in a country that just years before escaped from the rule of another failed junta regime.

Since the coup, the government has attempted several times to shut down internet access for the entire country, has blocked access to social networks to prevent citizens from organizing new protests, and is currently trying to pass a new draconian security law that would allow it to easier and unfettered access to any user’s personal data and browsing history.

myanmar-hackers.png

An initial version of this article reported the…

Source…