Tag Archive for: Suspected

12 Persons Arrested For Suspected Involvement In Banking-Related Malware Scam Cases

/in


A total of 11 men and one woman, aged between 17 and 40, have been arrested for their suspected involvement in the recent spate of banking-related malware scam cases, following an island-wide anti-scam enforcement operation conducted between 9 and 20 October 2023.

Over the course of two weeks, officers from the Commercial Affairs Department (CAD) and Police Intelligence Department (PID) mounted simultaneous island-wide operations and arrested 12 persons. Preliminary investigations revealed that the 11 men and one woman had allegedly facilitated the scam cases by relinquishing their bank accounts, Internet banking credentials and/or disclosing Singpass credentials for monetary gains.  

Since January 2023, the Police have received increasing number of reports of malware being used to compromise Android mobile devices, resulting in unauthorised transactions made from the victims’ bank accounts, even when they had not divulged their Internet banking credentials, One-Time-Passwords (OTPs) or Singpass credentials to anyone. In these cases, the victims responded to advertisements (e.g., on cleaning services, pet grooming, food items such as seafood and groceries, etc.) on social media platforms such as Facebook. They were then instructed by the scammers to download Android Package Kit (APK) from non-official app stores to facilitate the purchase, which led to malware being installed on their mobile devices. Subsequently, the scammers convinced the victims via phone calls or text messages to turn on accessibility services on their Android phones. This weakened the phones’ security, allowing scammers to take full control of the victims’ phones. As a result, the scammers could log every keystroke, steal banking credentials stored on the phones, remotely access victims’ banking apps, add money mules as payees, raise payment limits and transfer money to money mules. The scammers could further delete SMSes and email notifications of the bank transactions to cover their tracks.

Police investigations are ongoing. The offence of acquiring benefits from criminal conduct under Section 54(5)(a) of the Corruption, Drug Trafficking and Other Serious Crimes…

Source…

Ukrainian Telcos Targeted by Suspected Sandworm Hackers

/in


Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime

Attackers’ MO: Data Exfiltration, Followed by Network and Hardware Disruption

Mathew J. Schwartz (euroinfosec) •
October 17, 2023    

Ukrainian Telcos Targeted by Suspected Sandworm Hackers
Communication gear on the TV tower of Central Television of Ukraine in Kyiv, Ukraine, in a photo from 2014 (Image: Shutterstock)

Russian hackers are targeting Ukrainian government agencies and critical infrastructure with a barrage of “destructive” malware designed to wipe or destroy IT systems, Kyiv cyber defenders said.

See Also: Challenges and Solutions in MSSP-Driven Governance, Risk, and Compliance for Growing Organizations

Between May and September, at least 11 Ukrainian telecommunications firms detected hacks that, in some cases, disrupted service, Ukraine’s Computer Emergency Response Team, CERT-UA, reported Monday.

Ukraine gave the codename UAC-0165 to the threat actor behind the attacks and said it has moderate confidence that the attacks are being perpetrated by the Sandworm hacking team, which has pummeled Ukraine with cyberattacks for more than half a decade. Western intelligence says that Sandworm – aka Seashell Blizzard, TeleBots and Voodoo Bear – is run by Russia’s GRU military intelligence agency.


In January, Ukraine’s top information protection agency warned that Russia continues to use data stealers and wiper malware for destruction and cyberespionage as it continues its war of aggression. The State Service of Special Communications and Information Protection of Ukraine reported that the sectors being most targeted are energy, security and defense, telecommunications, technology and development, finance, and logistics.


The SSSCIP recently said Moscow appeared to be stepping up its destructive attacks, especially against the energy sector,…

Source…

ShadowSyndicate suspected of being RaaS affiliate to several ransomware families

/in


A suspected ransomware-as-as-service affiliate dubbed “ShadowSyndicate” has been observed operating with a single Secure Shell (SSH) fingerprint on 85 servers since July 2022 and has used seven different ransomware families to launch attacks during the past year.

In a blog post Sept. 26, Group-IB researchers said it’s very rare for one SSH fingerprint to have such a complex web of connections with a large number of malicious servers.

Group-IB said it was unable to confirm for certain if ShadowSyndicate operates as a RaaS affiliate or an initial access broker, but based on its research, Group-IB believed that that threat actor was operating as a RaaS affiliate.

Group-IB based its theory on finding in its research that several watermarks from the seven ransomware groups identified could be detected on a single server, and while it complicates attribution, the researchers said it confirmed their theory that Shadow Syndicate operated as a RaaS affiliate that works with various RaaS groups.  

The Group-IB researchers said they can attribute ShadowSyndicate with a high degree of confidence to Quantum ransomware activity in September 2022, the Nokoyawa ransomware group in October 2022 and March 2023, and ALPHV (BlackCat) activity in February 2023.

The researchers can attribute the following ransomware groups to ShadowSyndicate with a low degree confidence: Royal, Cl0p, Cactus, and Play. ShadowSyndicate was also found to use known off-the-shelf toolkits such as Cobalt Strike, IcedID, and Sliver malware. At least 52 of the servers uses a Cobalt Strike C2 framework.

Group-IB conducted the research on the ShadowSyndicate by forming a Cybercrime Fighters Club with Joshua Penny from Bridewell, Group-IB’s longtime MSSP partner in Europe, and threat researcher Michael Koczwara.

When groups start using technology such as Cobalt Strike, IcedID, and Sliver and SSH servers that are “fingerprintable,” it can go both ways when it comes to attribution, said Mayuresh Dani, manager, threat research at Qualys.

“Unique fingerprints lead to precise attribution and shared fingerprints lead to incorrect attribution,” said Dani. “However, their use of off-the-shelf multiple ransomware families, C2…

Source…

11 Persons Arrested For Suspected Involvement In Banking-Related Malware Scam Cases

/in


A total of eight men and two women, aged between 17 and 57, and a 16-year-old teenager have been arrested for their suspected involvement in the recent spate of banking-related malware scam cases. Another five men and a woman, aged between 21 and 41, are assisting in the investigations, following an island-wide anti-scam enforcement operations conducted between 11 and 22 September 2023.

Over the course of two weeks, officers from Commercial Affairs Department (CAD) and Police Intelligence Department (PID) mounted simultaneous island-wide operations and arrested the 11 persons. Preliminary investigations revealed that seven men and two women, and the teenager, had allegedly facilitated the scam cases by relinquishing their bank accounts, Internet banking credentials and/or disclosing Singpass credentials for monetary gains. A 28-year-old man is believed to have withdrawn money from his bank account and handed the money to an unknown person.

Since January 2023, the Police have received increasing number of reports of malware being used to compromise Android mobile devices, resulting in unauthorised transactions made from the victims’ bank accounts, even when they have not divulged their Internet banking credentials, One-Time-Passwords (OTPs) or Singpass credentials to anyone. In these cases, the victims responded to advertisements (e.g., on cleaning services, pet grooming, food items such as seafood and groceries, etc.) on social media platforms like Facebook. They were then instructed by the scammers to download Android Package Kit (APK) from non-official app stores to facilitate the purchase, which led to malware being installed on their mobile devices. Subsequently, the scammers convinced the victims via phone calls or text messages to turn on accessibility services on their Android phones. This weakened the phones’ security, allowing scammers to take full control of the victims’ phones. As a result, the scammers could log every keystroke, steal banking credentials stored on the phones, remotely log access victims’ banking apps, add money mules as payees, raise payment limits and transfer money to money mules. The scammers can further delete…

Source…