Tag: hacker | Page 5

Who is Alleged Medibank Hacker Aleksandr Ermakov? – Krebs on Security

January 26, 2024/in Computer Security

Authorities in Australia, the United Kingdom and the United States this week levied financial sanctions against a Russian man accused of stealing data on nearly 10 million customers of the Australian health insurance giant Medibank. 33-year-old Aleksandr Ermakov allegedly stole and leaked the Medibank data while working with one of Russia’s most destructive ransomware groups, but little more is shared about the accused. Here’s a closer look at the activities of Mr. Ermakov’s alleged hacker handles.

Aleksandr Ermakov, 33, of Russia. Image: Australian Department of Foreign Affairs and Trade.

The allegations against Ermakov mark the first time Australia has sanctioned a cybercriminal. The documents released by the Australian government included multiple photos of Mr. Ermakov, and it was clear they wanted to send a message that this was personal.

It’s not hard to see why. The attackers who broke into Medibank in October 2022 stole 9.7 million records on current and former Medibank customers. When the company refused to pay a $10 million ransom demand, the hackers selectively leaked highly sensitive health records, including those tied to abortions, HIV and alcohol abuse.

The U.S. government says Ermakov and the other actors behind the Medibank hack are believed to be linked to the Russia-backed cybercrime gang REvil.

“REvil was among the most notorious cybercrime gangs in the world until July 2021 when they disappeared. REvil is a ransomware-as-a-service (RaaS) operation and generally motivated by financial gain,” a statement from the U.S. Department of the Treasury reads. “REvil ransomware has been deployed on approximately 175,000 computers worldwide, with at least $200 million paid in ransom.”

The sanctions say Ermakov went by multiple aliases on Russian cybercrime forums, including GustaveDore, JimJones, and Blade Runner. A search on the handle GustaveDore at the cyber intelligence platform Intel 471 shows this user created a ransomware affiliate program in November 2021 called Sugar (a.k.a. Encoded01), which focused on targeting single computers and end-users instead of corporations.

An ad for the ransomware-as-a-service program Sugar posted by…

Source…

Ukrainian Police Arrest Cryptojacking Hacker

January 16, 2024/in Computer Security

The Ukrainian National Police said on Friday that they had arrested a hacker in the southern city of Mykolaiv in connection with a sophisticated scheme to hijack cloud computers to mine cryptocurrencies, a ploy known as “cryptojacking.”

Ukraine Hacker Ukrainian police seized electronic devices, SIM and bank card from the suspected hacker. (Photo: Національна поліція України, License)Over the last two years, the 29-year-old suspect allegedly managed to mine nearly US$2 million in cryptocurrencies. The authorities did not release either the suspect’s name or the name of the U.S. company whose server was allegedly misused.

The suspect is accused of infecting that server with malware, known as a “miner virus” — malicious software that steals a computer’s resources to generate cryptocurrency, allowing the hacker to steal money and transfer it to controlled electronic wallets.

According to the police, the suspect hacked 1,500 accounts belonging to the unnamed company’s clients, using a technique known as brute force—self-developed software for automatic password selection.

He then used the compromised accounts to gain access to the cloud computing provider, secretly infecting the company’s server with the malicious software.

The suspect used its computational power to mine cryptocurrencies, allowing him to avoid paying for server time and power.

The stolen computer time typically cost more than the profits mined, so that compromised account holders were left with substantial cloud bills.

During the search of the suspect’s home, the police seized “computer equipment, bank and SIM cards, electronic media, and other evidence of illegal activity.”

The investigation into the case continues, with authorities targeting potential accomplices of the suspect and examining his possible connections with a pro-Russian hacker group, according to Ukrainian police.

Europol, the European Union Agency for Law Enforcement Cooperation, which supported the operation, said that the arrest followed “months of intensive collaboration between Ukrainian authorities, Europol and a cloud provider, who worked tirelessly to identify and locate the individual behind the…

Source…

This hacker used over a million virtual servers to create an incredibly powerful network – but then wasted it on mining crypto

January 15, 2024/in Computer Security

Ukrainian police have arrested a hacker who allegedly used compromised servers belonging to an American company to secretly mine cryptocurrencies.

The Ukrainian cyberpolice revealed the individual was able to create a million virtual servers on which he proceeded to install cryptojackers – cryptocurrency miners that try to operate in the background and without the knowledge or consent of the endpoint’s owners.

The individual, an unnamed 29-year-old man, had been allegedly active since 2021. He first brute-forced his way into 1,500 accounts of a subsidiary of “one of the world’s largest ecommerce companies” – although the name of the affected company was not disclosed.

Causing damage

After brute-forcing his way into the devices, the criminal created a million virtual computers and installed the cryptocurrency miners. Everything he managed to mine, he moved using the TON wallet. The police claim the volume of the transactions amounted to approximately $2 million.

The hacker was arrested on January 9, during which the police confiscated computer equipment, bank and SIM Cards, electronic media, and other evidence. He is now facing criminal charges.

To successfully mine cryptocurrencies, a person would need a high-end computer and an internet connection. Mining the tokens is a compute-heavy operation, which makes the computer practically useless for anything else. Furthermore, the operation uses a lot of electricity, too, racking up the energy bill quickly.

That’s why hackers often try to compromise corporate servers – they’re powerful devices that can mine plenty of coins, while leaving the headache of the electricity bill to someone else.

Furthermore, while the servers are too occupied mining the coins, they are too slow to be used for their original purpose, which increases the expenses for the victim company even further. Those are just some of the reasons why some analysts claim that for every $1 of cryptocurrency mined, the victim suffers roughly $53 in damages.

Hackers usually use cryptojackers to mine Monero (XMR), a privacy-oriented coin which, allegedly, is practically untraceable. XMRig is one of the most popular cryptominers out there.

Via:

Source…

Pro-Iranian Hacker Group Targeting Albania with No-Justice Wiper Malware

January 6, 2024/in Computer Security

Jan 06, 2024NewsroomMalware / Cyber Attack

The recent wave of cyber attacks targeting Albanian organizations involved the use of a wiper called No-Justice.

The findings come from cybersecurity company ClearSky, which said the Windows-based malware “crashes the operating system in a way that it cannot be rebooted.”

The intrusions have been attributed to an Iranian “psychological operation group” known as Homeland Justice, which has been active since July 2022, specifically orchestrating destructive attacks against Albania.

On December 24, 2023, the adversary resurfaced after a hiatus, stating it’s “back to destroy supporters of terrorists,” describing its latest campaign as #DestroyDurresMilitaryCamp. The Albanian city of Durrës currently hosts the dissident group People’s Mojahedin Organization of Iran (MEK).

Targets of the attack included ONE Albania, Eagle Mobile Albania, Air Albania, and the Albanian parliament.

Two of the primary tools deployed during the campaign include an executable wiper and a PowerShell script that’s designed to propagate the former to other machines in the target network after enabling Windows Remote Management (WinRM).

The No-Justice wiper (NACL.exe) is a 220.34 KB binary that requires administrator privileges to erase the data on the computer.

This is accomplished by removing the boot signature from the Master Boot Record (MBR), which refers to the first sector of any hard disk that identifies where the operating system is located in the disk so that it can be loaded into a computer’s RAM.

Also delivered over the course of the attack are legitimate tools like Plink (aka PuTTY Link), RevSocks, and the Windows 2000 resource kit to facilitate reconnaissance, lateral movement, and persistent remote access.

The development comes as pro-Iranian threat actors such as Cyber Av3ngers, Cyber Toufan, Haghjoyan, and YareGomnam Team have increasingly set their sights on Israel and the U.S. amid continuing geopolitical tensions in the Middle East.

“Groups such as Cyber Av3ngers and Cyber Toufan appear to be adopting a narrative of retaliation in their cyber attacks,” Check Point disclosed last month.

“By opportunistically targeting U.S. entities using…

Source…

Tag Archive for: hacker