Tag Archive for: blow

Operation Cyclone deals blow to Clop ransomware operation


Man in handcuffs

A thirty-month international law enforcement operation codenamed ‘Operation Cyclone’ targeted the Clop ransomware gang, leading to the previously reported arrests of six members in Ukraine.

In June, BleepingComputer reported that Ukrainian law enforcement arrested members of the Clop ransomware gang involved in laundering ransom payments.

This Friday, new information came to light regarding how the operation was conducted and the law enforcement agencies involved.

Interpol’s Operation Cyclone

The transcontinental operation named ‘Operation Cyclone’ was coordinated from INTERPOL’s Cyber Fusion Centre in Singapore, with assistance from Ukrainian and US law enforcement authorities.

This operation targeted Clop for its numerous attacks against Korean companies and US academic institutions, where the threat actors encrypted devices and extorted organizations to pay a ransom or have their stolen data leaked.

In December 2020, Clop conducted a massive ransomware attack against E-Land Retail, a South Korean conglomerate, and retail giant, causing 23 out of 50 NC Department Store and NewCore Outlet retail stores to temporarily close. They later claimed to have stolen 2,000,000 credit cards from the company using point-of-sale malware.

More recently, Clop used a vulnerability in the Accellion secure file transfer gateway to steal confidential and private files of corporations and universities. When $10 million+ ransom demands were not paid, the threat actors publicly released students’ personal information from numerous universities and colleges.

Clop ransom note used in Accellion extortion demands
Clop ransom note used in Accellion extortion demands

The US education institutions targeted in the Accellion attacks included the University of Colorado, University of Miami, Stanford Medicine, University of Maryland Baltimore (UMB), and the University of California.

Through intelligence sharing between law enforcement agencies and private partners, Operation Cyclone led to the arrest of six suspects in Ukraine, the search of more than 20 houses, businesses, and vehicles, and the seizure of computers and $185,000 in cash assets.

The operation was also assisted by private partners, including Trend Micro, CDI, Kaspersky Lab, Palo Alto…

Source…

Microsoft, Google, Citizen Lab blow lid off zero-day bug-exploiting spyware sold to governments • The Register


Analysis Software patches from Microsoft this week closed two vulnerabilities exploited by spyware said to have been sold to governments by Israeli developer Candiru.

On Thursday, Citizen Lab released a report fingering Candiru as the maker of the espionage toolkit, an outfit Microsoft code-named Sourgum. It is understood the spyware, code-named DevilsTongue by Microsoft, exploited at least a pair of zero-day holes in Windows to infect particular targets’ machines.

Redmond said at least 100 people – from politicians, human rights activists, and journalists, to academics, embassy workers and political dissidents – have had their systems infiltrated by Sourgum’s code; about half are in Palestine, and the rest dotted around Israel, Iran, Lebanon, Yemen, Spain, the United Kingdom, Turkey, Armenia, and Singapore.

Once it has comprehensively compromised a Windows PC, DevilsTongue can exfiltrate the victim’s files, obtain their login credentials for online and network accounts, snoop on chat messages, and more. Candiru also touts spyware that can infect and monitor iPhones, Android devices, and Macs, as well as Windows PCs, it is claimed. The products are said to be on sale to government agencies and other organizations, which then use the espionage software against their chosen targets.

“Candiru’s apparent widespread presence, and the use of its surveillance technology against global civil society, is a potent reminder that the mercenary spyware industry contains many players and is prone to widespread abuse,” Citizen Lab, part of the University of Toronto, said in its report.

“This case demonstrates, yet again, that in the absence of any international safeguards or strong government export controls, spyware vendors will sell to government clients who will routinely abuse their services.”

We’re told that at least 764 domain names…

Source…

11 Top Best Mobile Hacking Apps for Android -That Blow Your MIND! – Techniblogic (blog)


Techniblogic (blog)

11 Top Best Mobile Hacking Apps for Android -That Blow Your MIND!
Techniblogic (blog)
It provides you with a high-level encryption security along with a torrent friendly VPN. IP hiding, bypassing a firewall and streaming Netflix, Hulu etc. in blocked places are some of the features provided by this application. You can Download this App

android security – read more