Tag Archive for: GROUP

Russia Takes Down Hacking Group at US Request, Intelligence Service Says


Russia has conducted a special operation against ransomware crime group REvil at the request of the United States and has detained and charged the group’s members, the FSB domestic intelligence service said Friday.

The arrests were a rare apparent demonstration of collaboration between Russia and the United States, at a time of high tensions between the two over Ukraine. The announcement came even as Ukraine was responding to a massive cyberattack that shut down government websites, though there was no indication the incidents were related.

A joint police and FSB operation searched 25 addresses, detaining 14 people, the FSB said, listing assets it had seized, including 426 million rubles, $600,000, 500,000 euros, computer equipment and 20 luxury cars.

Russia informed the United States directly of the moves it had taken against the group, the FSB said on its website. The U.S. Embassy in Moscow said it could not immediately comment.

“The investigative measures were based on a request from the … United States,” the FSB said. ” … The organized criminal association has ceased to exist and the information infrastructure used for criminal purposes was neutralized.”

The REN TV channel aired footage of agents raiding homes and arresting people, pinning them to the floor, and seizing large piles of dollars and Russian rubles.

The group members have been charged and could face up to seven years in prison.

A source familiar with the case told Interfax the group’s members with Russian citizenship would not be handed over to the United States.

The United States said in November that it was offering a reward of up to $10 million for information leading to the identification or location of anyone holding a key position in the REvil group.

The United States has been hit by a string of high-profile hacks by ransom-seeking cybercriminals. A source with direct knowledge of the matter told Reuters in June that REvil was suspected of being the group behind a ransomware attack on the world’s biggest meatpacking company, JBS SA.

Washington repeatedly has accused the Russian state in the past of malicious activity on the internet, which Moscow denies.

Russia’s announcement…

Source…

Ransomware Group REvil Dismantled in Raids, Russia Says


U.S. officials have said that the Kremlin could shut down hacker groups like REvil, but tolerates or even encourages them, as long as their targets are outside of Russia.

In July, following President Biden’s ultimatum, REvil went offline, fueling speculations about whether the Kremlin had ordered the group to go quiet, or the United States or its allies had managed to disrupt its operations, or the group itself had decided to go underground, fearing that the heat had become too intense.

However, it resurfaced two months later, reactivating a portal victims use to make payments. In October, it was again forced offline, temporarily, by a counter-hacking effort mounted by the governments of several countries, including the United States.

REvil, short for “ransomware evil” has been one of the most notorious ransomware hacking groups sought by United States law enforcement. Ransomware groups hack into a victim’s computer system and encrypt its data, effectively locking out the owners, and extort them for money — sometimes millions of dollars, paid in cryptocurrency — in return for reversing the encryption.

U.S. intelligence agencies identified REvil as responsible for the attack on one of America’s largest beef producers, JBS, last June, forcing the shutdown of nine beef plants. In the end, JBS said it had paid an $11 million ransom in Bitcoin. The operator of the Colonial Pipeline paid almost $5 million in Bitcoin.

REvil also took credit for what was described as the biggest ransomware hack ever in July, affecting up to 1,500 businesses around the world.

The organization…

Source…

Russia takes down REvil hacking group at U.S. request – FSB


MOSCOW, Jan 14 (Reuters) – Russia has dismantled ransomware crime group REvil at the request of the United States in an operation in which it detained and charged the group’s members, the FSB domestic intelligence service said on Friday.

The arrests were a rare apparent demonstration of U.S.-Russian collaboration at a time of high tensions between the two over Ukraine. The announcement came as Ukraine was responding to a massive cyber attack that shut down government websites, though there was no indication the incidents were related. read more

The United States welcomed the arrests, according to a senior admininstration official, adding “we understand that one of the individuals who was arrested today was responsible for attack against Colonial Pipeline last spring.”

Register now for FREE unlimited access to Reuters.com

A May cyberattack on the Colonial Pipeline that led to widespread gas shortages on the U.S. East Coast used encryption software called DarkSide, which was developed by REvil associates.

A police and FSB operation searched 25 addresses, detaining 14 people, the FSB said, listing assets it had seized including 426 million roubles, $600,000, 500,000 euros, computer equipment and 20 luxury cars.

A Moscow court identified two of the men as Roman Muromsky and Andrei Bessonov and remanded them in custody for two months. Muromsky could not be reached for comment and his phone was off. Reuters could not immediately reach Bessonov.

Two Muscovites told Reuters Muromsky was a web developer who had helped them with websites for their businesses.

Russia told Washington directly of the moves it had taken against the group, the FSB said. The U.S. Embassy in Moscow said it could not immediately comment.

“The investigative measures were based on a request from the … United States,” the FSB said. “… The organised criminal association has ceased to exist and the information infrastructure used for criminal purposes was neutralised.”

The REN TV channel aired footage of agents raiding homes and arresting people, pinning them to the floor, and seizing large piles of dollars and Russian roubles.

The group members have been charged and could face up to seven years in prison, the FSB…

Source…

Pentagon links Iran intelligence to ‘MuddyWater’ hacking group


The Pentagon’s cybersecurity arm on Wednesday said it has tied a hacking group known as MuddyWater to Iranian intelligence.

In doing so, US Cyber Command also identified several open-source software tools being used by the hacking group and disclosed them in an effort to thwart further attacks. MuddyWater allegedly used the tools to gain access to global computer networks.

A US Cyber Command spokeswoman said disclosure of the hacking group provides a “holistic picture of how Iranian hackers might be collecting information through the use of malware. The cyber agency described MuddyWater as operating under the Iranian Ministry of Intelligence and Security.

For the latest headlines, follow our Google News channel online or via the app.

The Iranian intelligence agency identifies political opponents through domestic surveillance and “surveils anti-regime activists abroad through its network of agents placed in Iran’s embassies, according to US Cyber Command, citing research from the Congressional Research Service.

Iran’s foreign ministry didn’t immediately respond Wednesday to a request seeking comment.

“Iran fields multiple teams that conduct cyber espionage, cyberattack and information operations, said Sarah Jones, the principal analyst for threat intelligence at the cybersecurity firm Mandiant Inc.

She said Iran’s security services that support these attackers, including its intelligence ministry and the Islamic Revolutionary Guard Corps, “are using them to get a leg up on Iran’s adversaries and competitors all over the world.

Read more:

Israel says it broke up Iranian spy ring, arrested five Israelis

Apparent Iran-linked hackers breach Israeli internet firm

Source…