Tag Archive for: sanctions

Hackers are threatening to publish a huge stolen sanctions and financial crimes watchlist

/in


A financially motivated criminal hacking group says it has stolen a confidential database containing millions of records that companies use for screening potential customers for links to sanctions and financial crime.

The hackers, which call themselves GhostR, said they stole 5.3 million records from the World-Check screening database in March and are threatening to publish the data online.

World-Check is a screening database used for “know your customer” checks (or KYC), allowing companies to determine if prospective customers are high risk or potential criminals, such as people with links to money laundering or who are under government sanctions. The hackers told TechCrunch that they stole the data from a Singapore-based firm with access to the World-Check database, but did not name the firm.

A portion of the stolen data, which the hackers shared with TechCrunch, includes individuals who were sanctioned as recently as this year.

Simon Henrick, a spokesperson for the London Stock Exchange Group, which maintains the database, told TechCrunch: “This was not a security breach of LSEG/our systems. The incident involves a third party’s data set, which includes a copy of the World-Check data file. This was illegally obtained from the third party’s system. We are liaising with the affected third party, to ensure our data is protected and ensuring that any appropriate authorities are notified.”

LSEG did not name the third-party company, but did not dispute the amount of data stolen.

The portion of stolen data seen by TechCrunch contains records on thousands of people, including current and former government officials, diplomats, and private companies whose leaders are considered “politically exposed people,” who are at a higher risk of involvement in corruption or bribery. The list also contains individuals accused of involvement in organized crime, suspected terrorists, intelligence operatives and a European spyware vendor.

The data varies by record. The database contains names, passport numbers, Social Security numbers, online crypto account identifiers and bank account numbers, and more.

World-Check is currently owned by the London Stock Exchange Group following…

Source…

U.S. and UK Impose Sanctions on APT 31 Chinese Hackers

/in


In a significant move to counter cyber threats, the United States and the United Kingdom have imposed sanctions on a group of China-linked hackers accused of targeting critical infrastructure in the U.S.

The coordinated action includes indictments, sanctions, and a rewards program aimed at curtailing the activities of these cyber operatives.

The U.S. Department of Justice has unsealed indictments against Zhao Guangzong, Ni Gaobin, and five other individuals for their involvement in a series of cyber attacks.

These individuals are believed to be connected to the Wuhan Xiaoruizhi Science and Technology Company, Limited (Wuhan XRZ), which is allegedly a front for the Chinese Ministry of State Security (MSS).

The Office of Foreign Assets Control (OFAC) of the Department of the Treasury has sanctioned Wuhan XRZ and the two Chinese nationals, Zhao Guangzong and Ni Gaobin, for their roles in the cyber operations.

Document

Integrate ANY.RUN in Your Company for Effective Malware Analysis

Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:

  • Real-time Detection
  • Interactive Malware Analysis
  • Easy to Learn by New Security Team members
  • Get detailed reports with maximum data
  • Set Up Virtual Machine in Linux & all Windows OS Versions
  • Interact with Malware Safely

If you want to test all these features now with completely free access to the sandbox:

These operations have targeted entities within the U.S. critical infrastructure sectors, posing a direct threat to national security.

APT 31: A Chinese Malicious Cyber Group

The hackers are affiliated with the state-sponsored Advanced Persistent Threat group 31 (APT 31), which is known for its sophisticated cyber espionage campaigns.

OFAC’s sanctions are pursuant to Executive Order (E.O.) 13694, as amended by E.O. 13757, which targets individuals and entities responsible for or complicit in cyber-enabled activities that threaten the U.S.

This action represents a collaborative effort involving the U.S. Department of Justice, the Federal Bureau of Investigation (FBI), the Department of State, and the UK Foreign,…

Source…

US imposes sanctions on spyware group members

/in


US imposes sanctions on spyware group members

by AFP Staff Writers

Washington (AFP) March 5, 2024






US authorities announced sanctions Tuesday on parties associated with Intellexa Consortium, citing their role in making and distributing commercial spyware used to target US officials, journalists and others.

Commercial surveillance tools “increasingly present a security risk to the United States and our citizens,” said Treasury Under Secretary for terrorism and financial intelligence Brian Nelson.

In particular, the Intellexa Consortium was founded in 2019 and served as a “marketing label” for companies offering commercial spyware and surveillance tools.

The tools, the Treasury Department said, are packaged as a suite under the brand-name “Predator” spyware, able to infiltrate devices without user interaction.

“The Predator spyware has been deployed by foreign actors in an effort to covertly surveil US government officials, journalists, and policy experts,” the Treasury said.

Among those targeted on Tuesday were Intellexa Consortium founder Tal Jonathan Dilian and Sara Aleksandra Fayssal Hamou, who has provided managerial services to the group.

Five companies were also hit with sanctions, over activities such as exporting Intellexa’s surveillance tools to authoritarian regimes and working as a developer of the Predator spyware.

In July last year, Washington blacklisted Greece- and Ireland-incorporated units of Intellexa.

They were placed on the Commerce Department’s Entities List, which tightly restricts Americans from doing business with them.

Related Links

Cyberwar – Internet Security News – Systems and Policy Issues

Source…

US, partners target North Korea with sanctions following satellite launch

/in


WASHINGTON/SEOUL (Reuters) -The United States on Thursday targeted North Korea with fresh sanctions after its launch of a spy satellite last week, designating foreign-based agents it accused of facilitating sanctions evasion to gather revenue and technology for its weapons of mass destruction program.

The U.S. Treasury Department in a statement said it also applied sanctions to cyber espionage group Kimsuky, accusing it of gathering intelligence to support North Korea’s strategic and nuclear ambitions.

Thursday’s action, taken in coordination with Australia, Japan and Korea, comes after North Korea last week successfully launched its first reconnaissance satellite, which it has said was designed to monitor U.S. and South Korean military movements.

“Today’s actions by the United States, Australia, Japan, and the Republic of Korea reflect our collective commitment to contesting Pyongyang’s illicit and destabilizing activities,” Treasury’s Under Secretary for Terrorism and Financial Intelligence, Brian Nelson, said in the statement.

“We will remain focused on targeting these key nodes in the DPRK’s illicit revenue generation and weapons proliferation,” Nelson added, calling North Korea by the initials of its official name, the Democratic People’s Republic of Korea.

South Korea’s foreign ministry said on Friday that it had blacklisted 11 North Koreans for involvement in the country’s satellite and ballistic missile development, banning them from any financial transactions.

The list includes senior officials from the National Aerospace Technology Administration, which oversaw the satellite launch, and the munitions industry department.

North Korea’s mission to the United Nations in New York did not immediately respond to a request for comment on Thursday’s sanctions.

Since the launch of the satellite, North Korea said that its leader, Kim Jong Un, has reviewed spy satellite photos of the White House, Pentagon and U.S. aircraft carriers at the naval base of Norfolk. Its state media has also reported that the satellite photographed cities and military bases in South Korea, Guam, and Italy, in addition to Washington.

On Monday, the United Nations ambassadors of the United States and North Korea…

Source…