Tag Archive for: sanctions

Levy sanctions against foreign aggressors targeting Canada with disinformation: MPs

/in


Published June 26, 2023 3:18 p.m. ET

OTTAWA — MPs are urging the Liberal government to levy sanctions against individuals and organizations who target Canadians with disinformation.

In a new report calling for stronger cybersecurity, the House of Commons defence committee warns of increasingly sophisticated disinformation and foreign influence campaigns by China, Russia and other aggressors.

Overall, the committee says more could be done to strengthen Canada’s cybersecurity and cyberwarfare efforts, and to improve resilience to threats from home and abroad.

During committee hearings, witnesses stressed that Canada should encourage the development of international norms and frameworks for addressing these threats.

The committee recommends using existing sanction regimes against people and entities trying to manipulate Canadians with misleading or false information.

The MPs also say Canada should impose effective sanctions on countries that condone or use cybercriminals to steal money or intellectual property, or conduct information warfare.

This report by The Canadian Press was first published June 26, 2023.

Source…

US sanctions Russian accused of being a ‘central figure’ in major ransomware attacks

/in


The U.S. government has indicted a Russian national for his alleged role in ransomware attacks against U.S. law enforcement and critical infrastructure.

U.S. authorities accuse Mikhail Matveev, also known online as “Wazawaka” and “Boriselcin,” of being a “central figure” in developing and deploying the Hive, LockBit and Babuk ransomware variants.

In 2021, Matveev claimed responsibility for a ransomware attack against the Metropolitan Police Department in Washington, D.C, according to the U.S. Justice Department. The cyberattack saw the Babuk ransomware gang, which Matveev was allegedly a member of since early 2020, infiltrate the police department’s systems to steal the personal details of police officers, along with sensitive information about gangs, suspects of crimes and witnesses.

Matveev and his co-conspirators also deployed LockBit ransomware against a law enforcement agency in New Jersey’s Passaic County in June 2020, according to prosecutors, and deployed Hive ransomware against a nonprofit behavioral healthcare organization headquartered in nearby Mercer County in May 2020.

These three ransomware gangs are believed to have targeted thousands of victims in the United States. According to the Justice Department, the LockBit ransomware gang has carried out over 1,400 attacks, issuing more than $100 million in ransom demands and receiving over $75 million in ransom payments. Babuk has executed over 65 attacks and has received $13 million in ransom payments, while Hive has targeted more than 1,500 victims around the world and received as much as $120 million in ransom payments.

Matveev is also believed to have links to the Russia-backed Conti ransomware gang. The Russian national is believed to have claimed responsibility for the ransomware attack on the government of Costa Rica, which saw Conti hackers demand $20 million in a ransom payment — along with the overthrow of the Costa Rican government.

According to the U.S. Treasury, which announced sanctions against the Russian national on Tuesday, Matveev has also been linked to other ransomware intrusions against numerous U.S. businesses, including a U.S. airline. The Treasury added that…

Source…

Russian Ransomware Projects Rebranded to Avoid Western Sanctions: Report

/in


Blockchain intelligence company TRM Labs revealed that some major Russian-linked ransomware syndicates rebranded their activities in 2022 to avoid sanctions from Western countries.

According to a new report published recently, the rebranding and other significant activities showed notable changes in the cybercrime space and darknet markets (DNMs) after Russia invaded Ukraine.

Ransomware Operators Rebranded to Evade Sanctions

In the wake of Russia’s invasion of Ukraine, several Western law enforcement agencies imposed tighter sanctions on Russian ransomware platforms.

Similarly, sanctions imposed by the U.S. Office of Foreign Assets Control (OFAC) on the popular darknet platform Hydra took a toll on ransomware projects as they struggled to gain market dominance while avoiding law enforcement agencies.

To strengthen their anonymity through alterations in on-chain behavior, two major ransomware syndicates, LockBit and Conti, restructured their activities.

Through TRM’s on-chain analysis, open source reporting, and proprietary information, the intelligence firm discovered that Conti ceased its original operation and restructured into three smaller groups named Black Basta, BlackByte, and Karakut. Before the diversification, Karakut was a side project run by Conti operators.

LockBit, on the other hand, rebranded its operations since Ukraine’s invasion last February. Four months later, the syndicate launched LockBit 3.0, which it projected as apolitical and focused on monetary gain.

“LockBit’s claim that it had no intention to purposely attack Western countries may have been motivated by the possibility of Western sanctions against Russian entities. Moreover, LockBit stated that it had prohibited attacks against entities related to critical infrastructure, probably to minimize the risk of law enforcement attention and potential sanctions,” TRM said.

Western Sanctions had Little Impact on DNMs

Furthermore, TRM’s analysis also found significant growth in the usage of Russian-speaking darknet markets. Due to sanctions imposed on DNMs, criminals fled to Russian-related platforms to evade Western law enforcement.

Collectively, Russian-speaking…

Source…

US and UK impose sanctions on operators of infamous TrickBot botnet

/in


The U.S. and the U.K. have sanctioned seven Russian nationals for their alleged involvement in running the infamous TrickBot botnet.

TrickBot dates back to 2016 and has a network of more than 1 million machines. Initially used to target banking credentials with malware of the same name, TrickBot evolved several times over the years.

In 2017 a new version went after niche financial institutions, followed by another new variant in 2018  that targeted cryptocurrency accounts. In 2019 TrickBot targeted email accounts in a phishing campaign and then switched to COVID-19 scams in March 2020. TrickBot was disrupted by Microsoft Corp. in 2020, only to emerge again with a new campaign in July 2021.

TrickBot was taken over by the Conti ransomware gang in February 2022, leading to the sanctions announced today. In March, an unknown member of Conti leaked internal documentation that exposed the group’s inner workings, including those of TrickBot, providing a treasure trove of data for law enforcement officials to dig through.

Notably, although the U.S. Treasury Department release today said the sanctions were imposed on members of TrickBot, the same sanctions are described by the U.K. government as targeting members of Conti. In February 2023, they’re one and the same.

The sanctions include U.S. and U.K. officials seizing all property and interests in any property of the individuals targeted. The U.S. Office of Foreign Assets Control has also imposed a ban on any U.S. citizens or people within the U.S. dealing with the seven sanctioned people.

“Cyber criminals, particularly those based in Russia, seek to attack critical infrastructure, target U.S. businesses, and exploit the international financial system,” Under Secretary Brian E. Nelson said. “The United States is taking action today in partnership with the United Kingdom because international cooperation is key to addressing Russian cybercrime.”

The seven sanctioned alleged hackers were Vitaliy Kovalev, known online as Bentle; Mikhail Isktritskiy, or Tropa; Valentin Karyagin, or Globus; Maksim Michailov, or Baget; Dmitry Pleshevskiy, or Iseldor; Valery Sedletski, or Strix; and Ivan Vakhromeyev, or…

Source…