constella intelligence – Page 2 – PossibleThreat Articles

Who’s Behind the SWAT USA Reshipping Service?

November 6, 2023 0 Comments A Little Sunshine, apathyp, apathyr8@jabber.ccc.de, Breadcrumbs, constella intelligence, gezze@mail.ru, gezze@yandex.ru, intel 471, ivan sherban, mynetwatchman, Ne'er-Do-Well News, swat usa drop service, triploo@mail.ru, universalo, verified, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Mon, 06 Nov 2023 13:51:31 +0000

Last week, KrebsOnSecurity broke the news that one of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. In today’s Part II, we’ll examine clues about the real-life identity left behind by “Fearless,” the nickname chosen by the proprietor of the SWAT USA Drops service.

Independent Krebs Security

A Closer Look at the Snatch Data Ransom Group

September 30, 2023 0 Comments Breadcrumbs, cisa, constella intelligence, databreaches.net, FBI, flashpoint, Ne'er-Do-Well News, perchatka, Ransomware, semen7907, semyon tretyakov, snatch ransomware, snatch team, tretyakov-files@yandex.ru

Credit to Author: BrianKrebs| Date: Sat, 30 Sep 2023 19:47:57 +0000

Earlier this week, KrebsOnSecurity revealed that the darknet website for the Snatch ransomware group was leaking data about its users and the crime gang’s internal operations. Today, we’ll take a closer look at the history of Snatch, its alleged founder, and their claims that everyone has confused them with a different, older ransomware group by the same name.

Independent Krebs Security

Karma Catches Up to Global Phishing Service 16Shop

August 17, 2023 0 Comments 16shop, Akamai, bandungxploiter, Breadcrumbs, constella intelligence, cyberthread.id, devilscream, FBI, interpol, mcafee, Ne'er-Do-Well News, riswanda noor supatra, rizky mauluna sidik, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Thu, 17 Aug 2023 19:58:56 +0000

You’ve probably never heard of “16Shop,” but there’s a good chance someone using it has tried to phish you. Last week, the international police organization INTERPOL said it had shuttered the notorious 16Shop, a popular phishing-as-a-service platform launched in 2017 that made it simple for even complete novices to conduct complex and convincing phishing scams. INTERPOL said authorities in Indonesia arrested the 21-year-old proprietor and one of his alleged facilitators, and that a third suspect was apprehended in Japan.

Independent Krebs Security

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

July 18, 2023 0 Comments A Little Sunshine, abusewithus, agentjags, ashley madison hack, ashleymadison.com, constella intelligence, Data Breaches, domaintools, eric malek, hulu, impact team, jordan evan bloom, leakedsource, Ne'er-Do-Well News, near-reality.com, noel biderman, ownagegaming1@gmail.com, pictrace, royal canadian mounted police, runescape, trevor sykes

Credit to Author: BrianKrebs| Date: Tue, 18 Jul 2023 14:57:04 +0000

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] In 2019, a Canadian company called Defiant Tech Inc. pleaded guilty to running LeakedSource[.]com, a service that sold access to billions of passwords and other data exposed in countless data breaches. KrebsOnSecurity has learned that the owner of Defiant Tech, a 32-year-old Ontario man named Jordan Evan Bloom, was hired in late 2014 as a developer for the marital infidelity site AshleyMadison.com. Bloom resigned from AshleyMadison citing health reasons in June 2015 — less than one month before unidentified hackers stole data on 37 million users — and launched LeakedSource three months later.

Independent Krebs Security

Who’s Behind the DomainNetworks Snail Mail Scam?

July 3, 2023 0 Comments A Little Sunshine, better business bureau, Breadcrumbs, constella intelligence, distributorinvoice@mail.com, domainnetworks, domaintools, eliran benz, houzz, publicwww, sam alon, shenhavgroup@gmail.com, shmuel orit alon, tropicglobal@gmail.com, ubsagency@gmail.com, united business service, united business services, us domain authority llc, weblistingsinc.net, whmcs.com

Credit to Author: BrianKrebs| Date: Mon, 03 Jul 2023 14:56:35 +0000

If you’ve ever owned a domain name, the chances are good that at some point you’ve received a snail mail letter which appears to be a bill for a domain or website-related services. In reality, these misleading missives try to trick people into paying for useless services they never ordered, don’t need, and probably will never receive. Here’s a look at the most recent incarnation of this scam — DomainNetworks — and some clues about who may be behind it.

Independent Krebs Security

Why Malware Crypting Services Deserve More Scrutiny

June 21, 2023 0 Comments +7.9235059268, Breadcrumbs, cdek, constella intelligence, crypt[.]guru, gumboldt@gmail.com, intel 471, kerens, kolumb, masscrypt@exploit.im, Ne'er-Do-Well News, obelisk57@gmail.com, pepyak@gmail.com, sergey y purtov, sergey yurievich purtov, spurtov@gmail.com, vip crypt, Web Fraud 2.0, Сергей Юрьевич Пуртов

Credit to Author: BrianKrebs| Date: Wed, 21 Jun 2023 18:39:36 +0000

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. In fact, the process of “crypting” malware is sufficiently complex and time-consuming that most serious cybercrooks will outsource this critical function to a handful of trusted third parties. This story explores the history and identity behind Cryptor[.]biz, a long-running crypting service that is trusted by some of the biggest names in cybercrime.

Independent Krebs Security

Ask Fitis, the Bear: Real Crooks Sign Their Malware

June 1, 2023 0 Comments 165540027, 774748@gmail.com, akafitis@gmail.com, Breadcrumbs, code-signing certificates, constella intelligence, domaintools.com, featar24, fitis, flashpoint, glavmed, intel 471, konstantin evgenievich fetisov, megatraffer, Ne'er-Do-Well News, o.r.z., spamit, spampage@yandex.ru

Credit to Author: BrianKrebs| Date: Thu, 01 Jun 2023 16:15:34 +0000

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. Both of these qualities make stolen or ill-gotten code-signing certificates attractive to cybercriminal groups, who prize their ability to add stealth and longevity to malicious software. This post is a deep dive on “Megatraffer,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015.

Independent Krebs Security

Interview With a Crypto Scam Investment Spammer

May 22, 2023 0 Comments arkose labs, Breadcrumbs, constella intelligence, domaintools, edgard011012@gmail.com, lolzteam, mastodon, mondi group, moonxtrade, msr-sergey2015@yandex.ru, Ne'er-Do-Well News, quot.pw, renaud chaput, sergey proshutinskiy, tgm, twitter, Web Fraud 2.0, ципа

Credit to Author: BrianKrebs| Date: Tue, 23 May 2023 00:15:30 +0000

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. What follows is an interview with a Russian hacker responsible for a series of aggressive crypto spam campaigns that recently prompted several large Mastodon communities to temporarily halt new registrations. According to the hacker, their spam software has been in private use until the last few weeks, when it was released as open source code.

Independent Krebs Security

$10M Is Yours If You Can Get This Guy to Leave Russia

May 9, 2023 0 Comments 79608229389, A Little Sunshine, Breadcrumbs, constella intelligence, denis gennadievich kulkov, intel 471, Joker's stash, k022yb190, kreenjo, mazafaka, Ne'er-Do-Well News, nordex, nordexin, nordia@yandex.ru, polkas@bk.ru, try2check, u.s. department of justice, u.s. department of state, U.S. Secret Service, unicc, vault market

Credit to Author: BrianKrebs| Date: Fri, 05 May 2023 01:50:08 +0000

The U.S. government this week put a $10 million bounty on the head of a Russian man who for the past 18 years operated Try2Check, one of the cybercrime underground’s most trusted services for checking the validity of stolen credit card data. U.S. authorities say 43-year-old Denis Kulkov’s card-checking service made him at least $18 million, which he used to buy a Ferrari, Land Rover, and other luxury items.

Independent Krebs Security

Giving a Face to the Malware Proxy Service ‘Faceless’

April 18, 2023 0 Comments accessapproved, asus666, constella intelligence, denis viktorovich pankov, faceless, flashpoint, gaihnik, lesstroy@mgn.ru, liberty reserve, mrmurza, Ne'er-Do-Well News, omega^gg4u, riley kilmer, shodan, spur.us, u1018928, vadim panov, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 18 Apr 2023 20:59:39 +0000

For the past seven years, a malware-based proxy service known as “Faceless” has sold anonymity to countless cybercriminals. For less than a dollar per day, Faceless customers can route their malicious traffic through tens of thousands of compromised systems advertised on the service. In this post we’ll examine clues left behind over the past decade by the proprietor of Faceless, including some that may help put a face to the name.