Tag Archive for: Justice

‘Department of Justice already knew of SolarWinds hack in May 2020’


The U.S. Department of Justice was aware of the SolarWinds hack earlier than it had previously admitted. Suspicious traffic in its own IT environment was noticed as early as May 2020, while the government agency claimed it did not know about the hack until December 24 of that year.

This is the conclusion Wired has reached based on sources. Suspicious traffic had been discovered by the Department of Justice (DOJ) before it had signed an official contract with SolarWinds. A rather embarrassing fact that the Department seems to have tried to keep under the rug. At the time, the DOJ appeared to have been unaware of the significance behind the unexplained traffic.

At the DOJ, security teams were using a trial version of Orion software, a product of Texas-based SolarWinds, in the middle of 2020. Strange traffic pointed to communication with an unknown system on the internet. This led the DOJ to inquire with SolarWinds, but the company could find no vulnerabilities in its own software. SolarWinds became one of the DOJ’s official security suppliers in August 2020. However, secretly injected code within Orion gave hacker group Nobelium the opportunity to spy on hundreds of organizations.

Backdoor

Only in late 2020 did SolarWinds announce that it had been attacked by “highly sophisticated hackers.” The breach quickly proved to have been a massive supply chain incident. Hackers believed to be supported by the Russian state had injected a “backdoor” into the Orion software. This meant the group could gain access to as many as 18,000 customers using an infected Orion version. In practice, the group limited itself to hundreds of specific targets, including government agencies.

The hacker group had access to the logging and system performance data of many U.S. organizations, including Microsoft, Mandiant, Cisco and Intel. The backdoor was present at these companies for between four and nine months. This injected code not only allowed hackers to gain access to the data collected by Orion, but also used it as a means to insert even more malware into protected networks.

Also read: ‘SolarWinds hack group Nobelium still has huge attack potential’


Source…

Justice ‘Hacked the Hackers’ of Hive Ransomware, Stopping $130M in Demands


After a months-long effort, the Department of Justice has disrupted the Hive ransomware group—which the FBI labeled a top 5 ransomware threat—according to an announcement on Thursday.

The efforts of the DOJ and international partners “hacked the hackers,” hindering $130 million in ransom demands, according to Deputy Attorney General Lisa O. Monaco.

Hive ransomware group went after more than 1,500 victims in 80-plus countries, the announcement noted. Victims included hospitals, school districts, financial firms and critical infrastructure. 

These attacks have greatly disrupted victims’ operations, such as impacting a hospital’s response to COVID-19, the DOJ stated. Specifically, one hospital had to use analog methods to treat existing patients and could not accept new patients after the attack. 

“Last night, the Justice Department dismantled an international ransomware network responsible for extorting and attempting to extort hundreds of millions of dollars from victims in the United States and around the world,” Attorney General Merrick B. Garland said in a press release. “Cybercrime is a constantly evolving threat. But as I have said before, the Justice Department will spare no resource to identify and bring to justice anyone, anywhere, who targets the United States with a ransomware attack. We will continue to work both to prevent these attacks and to provide support to victims who have been targeted. And together with our international partners, we will continue to disrupt the criminal networks that deploy these attacks.”

The FBI infiltrated Hive’s networks in July 2022 and remained to capture the group’s decryption keys. The FBI provided more than 300 decryption keys to victims under attack and more than 1,000 decryption keys to previous victims, preventing victims from having to pay $130 million in ransom demands. Beginning in June 2021, the ransomware group was able to extort more than $100 million in ransom payments, before the FBI operation.

As noted in the announcement, Hive utilized a ransomware-as-a-service, or RaaS, model that included administrators—occasionally called developers—and affiliates. According to the announcement, RaaS is a…

Source…

Justice Department seizes website of major ransomware gang – KATU



Justice Department seizes website of major ransomware gang  KATU

Source…

As UK Charged Daniel Kaye For Cyber-Attack On LoneStar Network, Justice Minister Vows To Get Involve


As the United States Department of Justice arraigned Daniel Kaye, this week, the same person who was approached and hired by Avy Zaidenberg of LISCR, an American citizen to implement the DDOS attack on Liberia, specifically Lonestar MTN, this move comes for his alleged connections to The Real Deal, a dark web market that sold hacking tools and stolen login credentials for U.S. government’s computers.

According to multiple information featured on international news wires noted that  victim management  of Daniel Kaye have begun contemplating plans to launch legal proceedings against Cellcom and Orange Liberia Inc., in relation to the cyber-attack carried out against the company in 2016.

However, our sources further disclosed that one of the culprits, Avy Shah is reportedly on the run amid the trial expected to commence the first week in December, 2022 in London, the United Kingdom

Kaye admitted being hired by a Cellcom operative to launch a cyber-attack on Lonestar in 2016, according to the BBC, Kaye along with Mr. Avishai Marziano, a former Cellcom Telecommunications Limited Chief Executive and Mr. Ran Polani were scheduled to face trial in an English Commercial court in 2019.

In a statement issued at the time, a copy of which was sent to this paper via email, Lonestar Cell MTN confirmed the proceedings against Kaye, saying that it has provided a business impact statement in criminal proceedings against the Briton.

The attack caused considerable damage to Lonestar’s business and disruption to our customers in Liberia. In those circumstances, Lonestar Cell MTN and MTN Group considered it was appropriate and indeed important to provide a business impact statement to explain the impact of the cyber-attack on Lonestar,” a source at the company in an exclusive interview said.

Kaye remains at the heart of a major international investigation into hundreds of acts of cyber sabotage around the world. The National Crime Agency says Kaye is perhaps the most significant cyber-criminal yet caught in the UK.

Kaye was jailed for 32 months at Blackfriars Crown Court in London.  Judge Alexander Milne QC said at the time that Kaye had committed a “cynical” financial crime. He added:…

Source…