intel 471 – PossibleThreat Articles

Brazil Arrests ‘USDoD,’ Hacker in FBI Infragard Breach

October 18, 2024 0 Comments A Little Sunshine, CrowdStrike, Data Breaches, equation corp, FBI, hackread, infragard, intel 471, national public data, Ne'er-Do-Well News, netsec, RaidForums, tecmundo, tv globo, usdod

Credit to Author: BrianKrebs| Date: Fri, 18 Oct 2024 12:33:51 +0000

Brazilian authorities reportedly have arrested a 33-year-old man on suspicion of being “USDoD,” a prolific cybercriminal who rose to infamy in 2022 after infiltrating the FBI’s InfraGard program and leaking contact information for 80,000 members. More recently, USDoD was behind a breach at the consumer data broker National Public Data that led to the leak of Social Security numbers and other personal information for a significant portion of the U.S. population.

Independent Krebs Security

The Not-So-Secret Network Access Broker x999xx

July 3, 2024 0 Comments Breadcrumbs, cobalt strike, cobaltforce, constella intelligence, dashin2008@yahoo.com, flashpoint, intel 471, kirtsov@telecom.ozersk.ru, lockbit, maksim georgievich kirtsov, maksya@icloud.com, maxnmalias-1@yahoo.com, mikhail matveev, Ne'er-Do-Well News, operation endgame, osint.industries, ozersk technological institute national research nuclear university, recorded future, u.s. department of justice, wazawaka, x999xx, Кирцов Максим Георгиевич

Credit to Author: BrianKrebs| Date: Wed, 03 Jul 2024 16:41:34 +0000

Most accomplished cybercriminals go out of their way to separate their real names from their hacker handles. But among certain old-school Russian hackers it is not uncommon to find major players who have done little to prevent people from figuring out who they are in real life. A case study in this phenomenon is “x999xx,” the nickname chosen by a venerated Russian hacker who specializes in providing the initial network access to various ransomware groups.

Independent Krebs Security

Stark Industries Solutions: An Iron Hammer in the Cloud

May 23, 2024 0 Comments A Little Sunshine, andrey nesterenko, arbor, as44477, blue charlie, Breadcrumbs, callisto group, coldriver, comcast cable communications, computer technologies institute ltd, constella intelligence, correctiv.org, DDoS-for-hire, ddosia, dfyz, dfyz_bk@bk.ru, don chicho, egihosting, eset, federal state autonomous educational establishment of additional professional education center of realization of state educational policy and informational technologies, green floid llc, information technology laboratories group, innovation it solutions corp, integrated technologies laboratory, intel 471, internet research agency, itl llc, jeffrey carr, lockbit, max tulyev, mercenaries team, mirhosting, netassist, netscout, noname057(16), perfect quality hosting, pq hosting plus s.r.l., prolocation, proxyline, raymond dijkxhoorn, recorded future, richard hummel, russia's war on ukraine, seaborgium, serverius-as, spamhaus, stark industries solutions, surbl, team cymru, ukrinform

Credit to Author: BrianKrebs| Date: Thu, 23 May 2024 23:32:43 +0000

Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government and commercial targets in Ukraine and Europe. An investigation into Stark Industries reveals it is being used as a global proxy network that conceals the true source of cyberattacks and disinformation campaigns against enemies of Russia.

Independent Krebs Security

How Did Authorities Identify the Alleged Lockbit Boss?

May 13, 2024 0 Comments 3k@xakep.ru, 7.9521020220, A Little Sunshine, antichat, Breadcrumbs, cerber, constella intelligence, d.horoshev@gmail.com, dmitrij ju horoshev, dmitry yuriyevich khoroshev, Exploit, icq number 669316, intel 471, khoroshev1@icloud.com, lockbit, lockbitsupp, Ne'er-Do-Well News, nerowolfe, pin@darktower.su, putinkrab, Ransomware, Ransomware as a Service, sitedev5@yandex.ru, stairwell.ru, tkaner.com, u.s. department of the treasury, verified

Credit to Author: BrianKrebs| Date: Mon, 13 May 2024 11:26:27 +0000

Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. LockBit’s leader “LockBitSupp” claims the feds named the wrong guy, saying the charges don’t explain how they connected him to Khoroshev. This post examines the activities of Khoroshev’s many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years.

Independent Krebs Security

Who’s Behind the SWAT USA Reshipping Service?

November 6, 2023 0 Comments A Little Sunshine, apathyp, apathyr8@jabber.ccc.de, Breadcrumbs, constella intelligence, gezze@mail.ru, gezze@yandex.ru, intel 471, ivan sherban, mynetwatchman, Ne'er-Do-Well News, swat usa drop service, triploo@mail.ru, universalo, verified, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Mon, 06 Nov 2023 13:51:31 +0000

Last week, KrebsOnSecurity broke the news that one of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. In today’s Part II, we’ll examine clues about the real-life identity left behind by “Fearless,” the nickname chosen by the proprietor of the SWAT USA Drops service.

Independent Krebs Security

Why Malware Crypting Services Deserve More Scrutiny

June 21, 2023 0 Comments +7.9235059268, Breadcrumbs, cdek, constella intelligence, crypt[.]guru, gumboldt@gmail.com, intel 471, kerens, kolumb, masscrypt@exploit.im, Ne'er-Do-Well News, obelisk57@gmail.com, pepyak@gmail.com, sergey y purtov, sergey yurievich purtov, spurtov@gmail.com, vip crypt, Web Fraud 2.0, Сергей Юрьевич Пуртов

Credit to Author: BrianKrebs| Date: Wed, 21 Jun 2023 18:39:36 +0000

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. In fact, the process of “crypting” malware is sufficiently complex and time-consuming that most serious cybercrooks will outsource this critical function to a handful of trusted third parties. This story explores the history and identity behind Cryptor[.]biz, a long-running crypting service that is trusted by some of the biggest names in cybercrime.

Independent Krebs Security

Ask Fitis, the Bear: Real Crooks Sign Their Malware

June 1, 2023 0 Comments 165540027, 774748@gmail.com, akafitis@gmail.com, Breadcrumbs, code-signing certificates, constella intelligence, domaintools.com, featar24, fitis, flashpoint, glavmed, intel 471, konstantin evgenievich fetisov, megatraffer, Ne'er-Do-Well News, o.r.z., spamit, spampage@yandex.ru

Credit to Author: BrianKrebs| Date: Thu, 01 Jun 2023 16:15:34 +0000

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. Both of these qualities make stolen or ill-gotten code-signing certificates attractive to cybercriminal groups, who prize their ability to add stealth and longevity to malicious software. This post is a deep dive on “Megatraffer,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015.

Independent Krebs Security

$10M Is Yours If You Can Get This Guy to Leave Russia

May 9, 2023 0 Comments 79608229389, A Little Sunshine, Breadcrumbs, constella intelligence, denis gennadievich kulkov, intel 471, Joker's stash, k022yb190, kreenjo, mazafaka, Ne'er-Do-Well News, nordex, nordexin, nordia@yandex.ru, polkas@bk.ru, try2check, u.s. department of justice, u.s. department of state, U.S. Secret Service, unicc, vault market

Credit to Author: BrianKrebs| Date: Fri, 05 May 2023 01:50:08 +0000

The U.S. government this week put a $10 million bounty on the head of a Russian man who for the past 18 years operated Try2Check, one of the cybercrime underground’s most trusted services for checking the validity of stolen credit card data. U.S. authorities say 43-year-old Denis Kulkov’s card-checking service made him at least $18 million, which he used to buy a Ferrari, Land Rover, and other luxury items.

Independent Krebs Security

FBI Seizes Bot Shop ‘Genesis Market’ Amid Arrests Targeting Operators, Suppliers

April 4, 2023 0 Comments A Little Sunshine, FBI, flashpoint, genesis market, genesis security, intel 471, u.s. district court for the eastern district of wisconsin

Credit to Author: BrianKrebs| Date: Tue, 04 Apr 2023 21:04:11 +0000

Several domain names tied to Genesis Market, a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. Sources tell KrebsOnsecurity the domain seizures coincided with “dozens” of arrests in the United States and abroad targeting those who allegedly operated the service, as well as suppliers who continuously fed Genesis Market with freshly-stolen data.

Independent Krebs Security

Who’s Behind the Botnet-Based Service BHProxies?

February 24, 2023 0 Comments A Little Sunshine, abdala tawfik, abdalla khafagy, bhproxies, bitsight, constella intelligence, hassan_isabad_subar, intel 471, lewklabs, minerva labs, mylobot, Ne'er-Do-Well News, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Fri, 24 Feb 2023 19:51:23 +0000

A security firm has discovered that a five-year-old crafty botnet known as Mylobot appears to be powering a residential proxy service called BHProxies, which offers paying customers the ability to route their web traffic anonymously through compromised computers. Here’s a closer look at Mylobot, and a deep dive into who may be responsible for operating the BHProxies service.

← Previous