Tag Archive for: created

FBI says it has sabotaged hacking tool created by elite Russian spies

/in


WASHINGTON :The FBI has sabotaged a suite of malicious software used by elite Russian spies, U.S. authorities said on Tuesday, providing a glimpse of the digital tug-of-war between two cyber superpowers.

Senior law enforcement officials said FBI technical experts had identified and disabled malware wielded by Russia’s FSB security service against an undisclosed number of American computers, a move they hoped would deal a death blow to one of Russia’s leading cyber spying programs.

“We assess this as being their premier espionage tool,” one of the U.S. officials told journalists ahead of the release. He said Washington hoped the operation would “eradicate it from the virtual battlefield.”

The official said the FSB spies behind the malware, known as Snake, are part of a notorious hacking group tracked by the private sector and known as “Turla.”

The group has been active for two decades against a variety of NATO-aligned targets, U.S. government agencies and technology companies, a senior FBI official said.

Russian diplomats did not immediately return a message seeking comment. Moscow routinely denies carrying out cyberespionage operations.

U.S. officials spoke to journalists on Tuesday ahead of the news release on condition that they not be named. Similar announcements, revealing the FSB cyber disruption effort, were made by security agencies in the UK, Canada, Australia and New Zealand.

Turla is widely considered one of the most sophisticated hacking teams studied by the security research community.

“They have persisted in the shadows by focusing on stealth and operational security,” said John Hultquist, vice president of threat analysis at U.S. cybersecurity company Mandiant. “They are one of the hardest targets we have.”

The U.S. government dubbed the disruption of Turla’s Snake malware “Operation Medusa.” The FBI and its partners identified where the hacking tool had been deployed across the internet and built a unique software “payload” to disrupt the hackers’ infrastructure.

The FBI relied on existing search warrant authorities to remotely access the Russian malicious program within victim networks in the U.S. and sever its connections.

The senior FBI official said the Bureau’s…

Source…

He created a ‘RentaHitman’ website for class project as a joke. But then police got involved after the site got a slew of inquiries from people wanting to actually pay for a hitman

/in


Hands type on laptop

A stock image shows hands typing on a laptop.Getty Images

  • A California man, Bob Innes, said he accidentally created a hitman-for-hire website, per People Magazine.

  • Innes and his friends made the site to start a computer security business in 2005.

  • He later learned that people were reaching out inquiring about making a hit.

A California man said that at least 30 people have been arrested after inquiring about hiring a hitman on his parody website, according to PEOPLE. 

Bob Innes, along with his friends, created the website while participating in an IT program at a California business school in 2005, the outlet reported. They made the site with the intention of starting a computer security company — and chose the quippy domain “RentAHitman.com.”

“Rent as in hire us,” Innes told PEOPLE. “Hit as in network traffic, and men, because there were four of us. We thought it was funny.”

Although the website was live, the group did not officially start the company, according to the report. Three years later, Innes decided to log back in and discovered a slew of inquiries.

According to the report, some people were asking for the price, while others were seeking employment.

“There was even a female out of the UK who wanted to learn the business so that she could be a hitwoman,” the 54-year-old told the publication.

That’s when Innes realized that he had unintentionally set up a website for those seeking to hire a hitman, PEOPLE reported. Innes told the magazine that he decided up the humor by adding phony testimonials and awards.

When a potential customer reaches out for their “services,” he waits a day to reach back out to them. After they show interest in hiring a hitman, he connects them with an “operative,” which happens to be one of the thousands of police departments across the country, per the report.

The website has resulted in more than two dozen arrests and a number of convictions, including a woman who reached out in 2010 about murdering her family members, according to the outlet.

Read the original article on Insider

Source…

DOJ Says Cardiologist Created, Distributed Ransomware

/in


Heart doctor and self-taught cybercriminal created and distributed ransomware.

According to the U.S. Department of Justice (DOJ), 55-year-old cardiologist Dr. Moises Luis Zagala Gonzalez MD, of New York, has been charged with creating and distributing ransomware equipped with a “doomsday clock” and sharing in profits from attacks.  Zagala also goes by the names “Nosophoros,” “Aesculapius,” and “Nebuchadnezzar.”  He is a citizen of France and Venezuela and currently lives in Ciudad Bolivar, Venezuela.

U.S. authorities have alleged that in 2019 the cardiologist began marketing a new online tool he created, a “Private Ransomware Builder” named “Thanos.”  He likely named the ransomware after the fictional character Thanos, who is responsible for destroying half of all life in the universe, as well as “Thanatos” from Greek mythology, who is associated with death.  Users of the illicit software can access “Recovery Information,” which allows them to build a customized ransom note, distribute it to victims and set up an account to receive Bitcoin payments.  They can also use the “data stealer” which allows them to steal certain files from victims once a computer is infected, or an “anti-VM” option to defeat security protocols. The software also allows users to create their own versions for personal use or to rent to other cybercriminals.

DOJ Says Cardiologist Created, Distributed Ransomware
Photo by Tima Miroshnichenko from Pexels

Moreover, Zagala created a ransomware tool, called “Jigsaw v. 2,” which included a doomsday counter which kept track of how many times a victim tried to remove the ransomware from a PC.   “If the user kills the ransomware too many times, then it’s clear he won’t pay so better erase the whole hard drive,” Zagala wrote to his customers.  The program comes with a self-delete option to do just this.  The name “Jigsaw” may refer to the mastermind behind the sadistic games in the Saw movies.

Breon Peace, U.S. attorney for the Eastern District of New York, said, “As alleged, the multi-tasking doctor treated patients, created and named his cyber tool after death, profited from a global ransomware ecosystem in which he sold the tools for…

Source…

Ransomware hackers used fake images created by AI, Microsoft flaw in campaign

/in


NEW YORK (BLOOMBERG) – A group of ransomware hackers used a variety of techniques to try breaching hundreds of companies last year, exploiting a vulnerability in Microsoft’s Windows and using artificial intelligence technology to create fake LinkedIn profiles, Alphabet’s Google found.

The group, which Google refers to as Exotic Lily in research published Thursday (March 17), is known as an initial access broker. Such groups specialise at breaking into corporate computer networks, and then providing that access to other cyber criminal syndicates that deploy malware that locks computers and demands a ransom.

The findings help illuminate the ransomware-as-a-service model, a cyber-criminal business strategy in which different hacking groups pool their resources to extort victims, then split the proceeds.

The Exotic Lily group sent over 5,000 malicious e-mails a day, Google observed, to as many as 650 organisations around the world, often leveraging a flaw in MSHTML, a proprietary browser engine for Windows.

Microsoft issued a security fix for the Windows vulnerability in late 2021. Google did not identify victims by name.

“Up until November 2021, the group seemed to be targeting specific industries such as IT, cyber security and health care, but as of late we have seen them attacking a wide variety of organisations and industries, with less specific focus,” Google said in a blog post.

Google also observed that Exotic Lily is associated with notorious Russian-speaking ransomware group Conti. That group, accused of using digital extortion to reap US$200 million (S$271 million) in 2021, is currently in turmoil after a suspected insider leaked a trove of internal chat logs, revealing hackers’ tactics to the public.

What makes Exotic Lily unique, according to Google, is the level of human interaction behind each of its attacks. Creating fake LinkedIn profiles to add legitimacy to the group’s malicious e-mails requires an extra level of effort.

One of the fake LinkedIn profiles cited by Google was a fictitious Amazon.com employee who appeared to be located in the United Kingdom. The hackers sometimes used a publicly available service to generate a fake profile picture using artificial…

Source…