Tag Archive for: DOJ

A Russian-controlled botnet of hundreds of routers has now been shut down by the US DOJ

/in


Hundreds of routers used in homes and small offices were unknowingly used to spread malware via a Russian-made botnet. This week, the US Department of Justice announced that this botnet has now been shut down in an operation that took place in January 2024 but has now been revealed publicly.

In its press release, the Justice Department stated the botnet itself was created by a known cybercriminal group that infected routers that still used “publicly known default administrator passwords” with the Moobot malware. After that, the Russian GRU agency installed its own scripts by using the Moobot malware.

The press release described how the GRU used the botnet to committee various cybercrimes:



These crimes included vast spearphishing and similar credential harvesting campaigns against targets of intelligence interest to the Russian government, such as U.S. and foreign governments and military, security, and corporate organizations.

However, after the botnet was discovered, the Justice Department turned around and used the Moobot malware to copy the stolen files, and then delete them from those routers. It also changed the firewalls of those routers to make sure they could block any attempts at remote entry.

The Justice Department will inform the owners of those routers about what happened to them and request that those devices get a full reset. They will also be asked to install the latest version of their router”s firmware, and of course, they will highly recommend that the routers get new passwords.

This is actually the second time in 2024 that the Justice Department has disrupted a criminal botnet. In a statement, US Attorney General Merrick B. Garland said:

In this case, Russian intelligence services turned to criminal groups to help them target home and office routers, but the Justice Department disabled their scheme. We will continue to disrupt and dismantle the Russian government’s malicious cyber tools that endanger the security of the United States and our allies.

There”s no specific information on the information that was gathered by the…

Source…

U.S. DoJ Dismantles Warzone RAT Infrastructure, Arrests Key Operators

/in


Feb 11, 2024NewsroomMalware / Cybercrime

Warzone RAT Infrastructure

The U.S. Justice Department (DoJ) on Friday announced the seizure of online infrastructure that was used to sell a remote access trojan (RAT) called Warzone RAT.

The domains – www.warzone[.]ws and three others – were “used to sell computer malware used by cybercriminals to secretly access and steal data from victims’ computers,” the DoJ said.

Alongside the takedown, the international law enforcement effort has arrested and indicted two individuals in Malta and Nigeria for their involvement in selling and supporting the malware and helping other cybercriminals use the RAT for malicious purposes.

The defendants, Daniel Meli (27) and Prince Onyeoziri Odinakachi (31) have been charged with unauthorized damage to protected computers, with the former also accused of “illegally selling and advertising an electronic interception device and participating in a conspiracy to commit several computer intrusion offenses.”

Cybersecurity

Meli is alleged to have offered malware services at least since 2012 through online hacking forums, sharing e-books, and helping other criminals use RATs to carry out cyber attacks. Prior to Warzone RAT, he had sold another RAT known as Pegasus RAT.

Like Meli, Odinakachi also provided online customer support to purchasers of Warzone RAT malware between June 2019 and no earlier than March 2023. Both individuals were arrested on February 7, 2024.

Warzone RAT, also known as Ave Maria, was first documented by Yoroi in January 2019 as part of a cyber attack targeting an Italian organization in the oil and gas sector towards the end of 2018 using phishing emails bearing bogus Microsoft Excel files exploiting a known security flaw in the Equation Editor (CVE-2017-11882).

Sold under the malware-as-a-service (Maas) model for $38 a month (or $196 for a year), it functions as an information stealer and facilitates remote control, thereby allowing threat actors to commandeer the infected hosts for follow-on exploitation.

Some of the notable features of the malware include the ability to browse victim file systems, take screenshots, record keystrokes, steal victim usernames and passwords, and activate the computer’s webcams without the…

Source…

Russian hackers targeted US intel officers in ‘sophisticated spear phishing campaign,’ DOJ says

/in


Hackers acting on behalf of the Russian government targeted U.S. intelligence officers in a “sophisticated spear phishing campaign” designed to influence elections in the United Kingdom, the Justice Department (DOJ) alleged Thursday.

The operation successfully hacked into computer networks in the U.S., the U.K., Ukraine and other NATO member countries and “stole information used in foreign malign influence operations designed to influence the U.K.’s 2019 elections,” the DOJ said.

The DOJ unsealed a federal indictment Thursday against two individuals connected to the plot, after a federal grand jury in San Francisco returned an indictment Tuesday.

The two individuals charged are Ruslan Aleksandrovich Peretyatko, an officer in Russia’s Federal Security Service (FSB), the DOJ claimed, and Andrey Stanislavovich Korinets. They are each charged with one count of conspiracy to commit an offense against the United States and one count of conspiracy to commit wire fraud.

Along with other unindicted co-conspirators, the defendants were part of the so-called “Callisto Group,” the DOJ said.

The indictment alleges that the hacking campaign took place between at least October 2016 and October 2022 and targeted current and former employees of the U.S. Intelligence Community, Department of Defense, Department of State, defense contractors, and Department of Energy facilities.

The spear phishing campaign often was carried out by sending “sophisticated looking emails” that tricked the targets into providing their log-in credentials, thereby allowing the hackers to access the victims’ email accounts whenever they wanted to, the DOJ said.

Some of the emails were sent from “spoofed” accounts designed to look like other personal and work-related emails the victims would receive, the DOJ said. Sometimes, the emails claimed the users had violated terms of service on an account and had to log in via a provided link. When the users thought they were signing into their accounts, they were actually providing the account credentials to hackers, the DOJ said.

U.S. officials pointed to the indictments as evidence that Russia still is trying to target democratic elections, and they pledged to…

Source…

DOJ sets new goals for responding to ransomware attacks

/in


The Justice Department said it wants to increase the percentage of reported ransomware incidents it handles to 65% by September 2023.

In a strategic planning document published Friday, the Department of Justice said that by September 30, 2023, it pledges to increase “the percentage of reported ransomware incidents from which cases are opened, added to existing cases, or resolved or investigative actions are conducted within 72 hours to 65%.”

The department also wants to increase “the number of ransomware matters in which seizures or forfeitures are occurring by 10%.”

The pledges were also included in the President’s Management Agenda website and were under the purview of Eun Young Choi, the recently appointed director of the National Cryptocurrency Enforcement Team at the Justice Department. 

The department set similar goals in its 2022-2026 Strategic Plan document, pledging to “address supply chain vulnerabilities, support other government agencies and the private sector, and identify new sources of evidence and intelligence.”

“In addition, the Department will continue to develop ways to attribute cyberattacks, to respond to and engage victims and targeted entities, and to provide intelligence to help victims recover and strengthen their defenses,” the DOJ said. 

“Finally, we will continue to develop our own cyber expertise by investing in recruitment, training, and capacity building.”

The Justice Department said it also wanted to “bolster its interagency and international collaborations to aid attribution, defend networks, sanction bad behavior, and otherwise deter or disrupt cyber adversaries overseas.”

Other goals laid out by the document include closer public/private partnerships as a way to encourage incident reporting and tougher internal measures to improve cybersecurity at the department, including multifactor authentication, encryption and more. 

“The Department will help the private sector identify and address their vulnerabilities through threat intelligence sharing and targeted outreach. We will also continue to support policy efforts to protect the digital supply chain, federal information systems, and critical infrastructure against…

Source…