15 ransomware gangs ‘go dark’ to enjoy ‘golden parachutes’ • The Register

Infosec In Transient 15 ransomware gangs, including Scattered Spider and Lapsus$, have introduced that they’re going darkish, and say no extra assaults might be carried out of their identify.

In a post on Breachforums, the ransomware-slingers say they’ve met their aims – exposing insecure methods, not extortion – and “silence will now be our power.”

“In the event you fear about us, do not … [we] will take pleasure in our golden parachutes with the thousands and thousands the group collected. Others will carry on learning and enhancing methods you utilize in your each day lives. In silence.”

The teams carried out the current assaults towards Jaguar and Marks & Spencer amongst many others.

A number of members of the hacking crew have already been arrested and the group stated it’s going to attempt to free them with “the usage of our expertise to humiliate those that have humiliated, predate those that have predated.”

The group says there could also be additional assaults attributed to them, however these have been carried out earlier than the retirement announcement.

Cybercrime gangs usually attempt to evade legislation enforcement by abandoning their handles, then altering ways and working below new names. The Register suspects whoever runs these gangs will resume assaults quickly.

China’s nice firewall springs a 600GB leak

Somebody has leaked an unlimited trove of firewall logs, supply code, and inside messages from entities considered know-how suppliers for China’s Nice Firewall.

The 600GB trove seems to return from the servers of Geedge Networks and the Huge and Efficient Stream Evaluation workforce at China’s Academy of Science, organizations that critics accuse of offering related know-how to lock down Myanmar’s web entry.

Risk analyst group InterSecLab has gone through [PDF] over 100,000 of the leaked paperwork and located they element efforts to conduct deep packet inspection, real-time cellular web monitoring, directions on how one can perform granular management over information site visitors, and censorship guidelines tailor-made to completely different areas. InterSecLab additionally feels the information signifies Chinese language authorities can find netizens.

The outfit’s researchers additionally assert that Geedge’s contributions to the Nice Firewall could also be copies of safety home equipment made by distributors Greynoise and Fortinet.

“Additionally they incorporate open-source code in ways in which might violate licensing phrases,” the report states, earlier than suggesting “Geedge appears to be utilizing these ways for aggressive benefit — to extra quickly provide a set of merchandise that match the capabilities of main rivals whereas additionally constructing resilience to sanctions.”

US posts $10M bounty for alleged crimeware admin

US authorities have posted a $10 million bounty for Volodymyr Tymoshchuk, the accused admin of the notorious LockerGoga, MegaCortex, and Nefilim ransomware assaults that operated between December 2018 and October 2021. The US Legal professional’s Workplace had already indicted Tymoshchuk.

“Volodymyr Tymoshchuk is charged for his position in ransomware schemes that extorted greater than 250 corporations throughout the USA and a whole bunch extra world wide,” stated the Division of Justice’s appearing assistant Legal professional Normal Matthew Galeotti.

“In some situations, these assaults resulted within the full disruption of enterprise operations till encrypted information might be recovered or restored. This prosecution and immediately’s rewards announcement displays our willpower to guard companies from digital sabotage and extortion and to relentlessly pursue the criminals accountable, regardless of the place they’re positioned.”

The announcement follows a similar $10 million bounty for the arrest of three males accused of hacking US important infrastructure methods and described as members of Russian intelligence companies.

Bounties of this kind are nearly at all times PR workouts, because the accused are primarily based in Russia and arresting them is due to this fact unimaginable except they do one thing very silly like coming into a rustic that has an extradition treaty with the USA.

Some folks do get caught, nevertheless. Liridon Masurica, 33, a Kosovan nationwide, has pleaded guilty to being the lead administrator of BlackDB.cc discussion board, that purchased and bought on-line credentials and monetary data. He was arrested within the Balkans and handed over to US prosecutors.

Finnish extortionist appeals remedy hacking costs

Aleksanteri Kivimäki is out of jail and plans to attraction his conviction for hacking a psychotherapy clinic in 2018 and sending extortion calls for to over 20,000 sufferers, threatening to disclose their medical information except they paid up.

Finland’s courts final yr convicted Kivimäki of breaking into methods on the Psychotherapy Middle Vastaamo Oy medical heart and demanding sufferers pay him €200 ($235) apiece or he would reveal their most intimate information.

After his conviction Kivimäki announced he would combat the costs as, whereas he did evade taxes on earnings, that money got here from cryptocurrency transactions, not extortion.

If the attraction fails, Kivimäki faces six years and three months in jail. The hack induced a massive spike in crime studies within the usually law-abiding Finnish state and led to the CEO of Vastaamo getting a three-month suspended sentence for failing to guard purchasers’ information.

Kivimäki started his legal profession very younger – he was simply 15 when he was convicted of hacking 50,000 servers, carried out swatting assaults (the place police are referred to as to attend a fictional violent crime) towards targets within the US, and claims to have been a key participant within the Lizard Squad hacking workforce.

FBI points flash alert about Salesforce coming below assault

To spherical off the week on Friday the FBI issued [PDF] considered one of its Flash alerts [PDF] to ship the dangerous information that two hacking teams are going after Salesforce clients utilizing a number of completely different assault methods.

The Feds recognized the 2 teams as UNC6040 and UNC6395. The previous is associated with the ShinyHunters legal gang and the latter is claimed to be behind the Salesloft Drift intrusion that has hit “a whole bunch” of Google, Palo Alto Networks, and Cloudflare clients.

“Each teams have not too long ago been noticed focusing on organizations’ Salesforce platforms through completely different preliminary entry mechanisms,” the company stated. “The FBI is releasing this data to maximise consciousness and supply IOCs that could be utilized by recipients for analysis and community protection.”

UNC6040 has performed phishing assaults towards Salesforce clients since October 2024, the FBI stated, by focusing on name facilities to get entry credentials by social engineering. After creating trial accounts on the CRM platform they’d name help to get new credentials and multi-factor authentication entry codes.

UNC6395, then again, used purloined OAuth tokens to get entry to the Salesloft Drift app, an AI bot from Salesforce, which locked down entry to the bot on August 20 to stymie additional assaults.

Flash warnings from the FBI are comparatively unusual, so you’ll do nicely to take this critically. ®