Tag Archive for: operation

U.S. Disrupts Hacking Operation Led by Russian Intelligence

/in


The F.B.I., working with other countries, disrupted a Russian hacking operation that infiltrated more than 1,000 home and small-business internet routers in the United States and around the world, the Justice Department announced on Thursday.

Russian intelligence, collaborating with cybercriminals, created a botnet, or a network of private computers infected with malicious software, to spy on military and security organizations and private corporations in countries like the United States.

Using a court order, the F.B.I. secretly copied and deleted stolen data and malware from hacked routers. Doing this stopped Russia’s ability to use the routers without affecting how they function, officials said.

The F.B.I. director, Christopher A. Wray, shared details of the operation at an annual security conference in Munich.

The disruption is part of a broader effort to stymie Russia’s cybercampaigns against the United States and its allies, including Ukraine. The details of the operation come a day after the Biden administration said it told Congress and its European allies that Russia is seeking to create a space-based nuclear weapon to target the U.S. network of satellites.

For weeks, the White House and proponents in Congress have been trying to persuade House Republicans to continue funding Ukraine’s military operations in its fight against Russia because doing so is critical to American national security.

Speaking in Munich, Mr. Wray said Russia continued to target critical infrastructure, such as underwater cables and industrial control systems, around the world.

“For instance, since its unprovoked invasion of Ukraine, we’ve seen Russia conducting reconnaissance on the U.S. energy sector,” Mr. Wray said. “And that’s a particularly worrisome trend because we know that once access is established, a hacker can switch from information gathering to attack quickly and without notice.”

Mr. Wray warned that China’s abilities in cyberwarfare have also continued to improve.

“The cyberthreat posed by the Chinese government is massive,” Mr. Wray said. “China’s hacking program is larger than that of every other major nation combined.”

Last month, the F.B.I. announced it

Source…

US Takes Down Notorious Warzone RAT Malware Operation, Arrests 2

/in


One suspect from Malta managed the Warzone Rat distribution network, while another from Nigeria developed and maintained the malware.

In a major blow to cybercrime, the US Department of Justice, along with international partners and private companies, has dismantled the infrastructure behind the infamous Warzone RAT malware. Two individuals believed to be key players in the operation have also been arrested, while the website used in the operation has been seized as well.

What Was Warzone RAT?

Warzone RAT, short for Remote Access Trojan, was a powerful and versatile tool used by cybercriminals to gain complete control over infected devices since 2018.

This malware granted attackers access to steal sensitive data like passwords and financial information, spy on victims through webcams and microphones, lock them out of their devices for ransom, and even launch further attacks. Its widespread use and sophisticated capabilities made it a major threat to individuals and organizations alike.

US Takes Down Notorious Warzone RAT Malware Operation, Arrests 2
The website that sold Warzone RAT (Screenshot: Hackread.com)

Operation Shut Down:

On February 9, 2024, the US Department of Justice announced a coordinated effort involving the FBI, international law enforcement agencies, and private cybersecurity firms that successfully dismantled the Warzone RAT infrastructure. This action effectively crippled the malware’s distribution and operation, significantly disrupting cybercriminal activities relying on it.



Arrests Made:

As part of the operation, two individuals were arrested and charged with their involvement in the Warzone RAT scheme. One suspect, residing in Malta, was accused of managing the malware distribution network. The other, based in Nigeria, was allegedly responsible for developing and maintaining the malware itself. Both face serious charges related to computer fraud and abuse.

Impact and Significance:

The takedown of Warzone RAT represents a significant victory for law enforcement and cybersecurity experts. It demonstrates the effectiveness of collaboration between international partners and the private sector in combating large-scale cybercrime. While this specific threat has been…

Source…

U.S. officials warn of dire Chinese cyber threats in wake of FBI operation to disrupt botnet

/in


The FBI and U.S. Department of Justice used court-endorsed legal authorities to disrupt a botnet operated as part of Chinese-directed hacking operations that leveraged insecure home and office routers to target U.S. critical infrastructure, the DOJ said Wednesday.

A Chinese government hacking campaign, tracked publicly as “Volt Typhoon,” used privately owned Cisco and NetGear routers infected with “KV Botnet” malware in an attempt to conceal the activity, the agency said in a statement. The DOJ and FBI operation, the agency added, “deleted the KV Botnet malware from the routers and took additional steps to sever their connection to the botnet, such as blocking communications with other devices used to control the botnet.”

An unidentified FBI agent described the operation in court records released Monday, writing that the bureau issued a command to infected routers that would delete the KV Botnet malware from the devices without affecting any legitimate files or information on the routers.

A December 2023 analysis by Lumen, a telecommunications company, showed that the KV Botnet had been active since “at least February 2022,” and targeted edge devices, including routers, “a segment that has emerged as a soft spot in the defensive array of many enterprises, compounded by the shift to remote work in recent years.”

Lumen observed an “uptick in exploitation of new bots” in August 2023, and then a “remodel” of the botnet infrastructure in mid-November 2023.

The disruption operation, first disclosed by Reuters on Monday, is the latest U.S. government action focused on Volt Typhoon, which first came to light in a May 2023 Microsoft advisory. That advisory was followed quickly by a joint advisory issued by the FBI, NSA, and the Cybersecurity and Infrastructure Security Agency that warned of Chinese hacking operations targeting U.S. critical infrastructure and other sensitive targets.

In the wake of the May 2023 disclosure, U.S. national security officials warned repeatedly that the Chinese operation was not an intelligence collection mission. Instead, officials said, it was a preparatory activity that the Chinese government could…

Source…

In What Could Be a Trend, Ransomware Operation Files SEC Complaint Against Victim for Failing to Timely Disclose Cyberattack

/in


Ransomware operation AlphV/BlackCat has filed a U.S. Securities and Exchange complaint against one of its alleged victims, MeridianLink, for allegedly failing to comply with the four-day rule to disclose a cyberattack.

AlphV/BlackCat listed the software company on its data leak with a threat that it would leak allegedly stolen data unless a ransom is paid within 24 hours. MeridianLink provides digital solutions for financial organizations such as banks, credit unions and mortgage lenders.

Source…