Hacking Groups |
2018 |
Hacker Steals Crypto from Copay Wallet Apps |
28 Nov 2018 |
https://www.infosecurity-magazine.com/news/hacker-steals-crypto-from-copay/ |
New Yorker accused of stealing $1m from Silicon Valley executive via SIM swap |
23 Nov 2018 |
https://www.welivesecurity.com/2018/11/23/new-yorker-accused-stealing-1m-sim-swap/ |
The fake Tesco competition email scam that tempts customers into handing over banking details with promises of prizes |
Angelique Ruzicka, 22 November 2018 |
https://www.thisismoney.co.uk/money/beatthescammers/article-6413875/Fake-Tesco-competition-lures-customers-prizes-personal-information-steal-money.html |
Are bank scammers finally about to be stopped in their tracks? |
16 November 2018 |
https://www.thisismoney.co.uk/money/podcast/article-6397373/Follow-money-bank-scammers-stopped-tracks-Money-podcast.html |
One of the world's most dangerous hackers is 'emptying' ATMs: 10 things to know |
Gadgets Now Bureau, Nov 9, 2018 |
https://www.gadgetsnow.com/slideshows/one-of-the-worlds-most-dangerous-hackers-are-emptying-atms-10-things-to-know/One-of-the-worlds-most-dangerous-hackers-is-emptying-ATMs-10-things-to-know/photolist/66556247.cms |
Lazarus hackers engage in ‘FASTCash’ scheme to steal tens of millions of dollars from ATMs |
9 Nov, 2018 |
https://www.itpro.co.uk/cyber-crime/32331/lazarus-hackers-engage-in-fastcash-scheme-to-steal-tens-of-millions-of-dollars |
‘Jackpotting’ hackers stole $267,000 from Western Washington banks |
October 1, 2018 |
https://q13fox.com/2018/10/01/jackpotting-hackers-stole-267000-from-western-washington-banks/ |
Cobalt cybergang starts up new campaign |
31 August 2018 |
https://www.finextra.com/newsarticle/32593/cobalt-cybergang-starts-up-new-campaign/security |
2017 |
Hacking group targets banks with stealthy trojan malware campaign |
2017-11-01 Stolen credentials are used to launch attacks which include the ability to stream live video of the screens of infected users. A previously unknown but highly organised hacking group is carrying out a series of cyber attacks against banks and financial institutions around the world, deploying trojan malware to gain entry into networks. The attackers are capable of monitoring everything a victim does in order to provide them with all the information they need to sneak around bank networks and make off with stolen funds. Uncovered by Kaspersky Lab, the 'Silence' hacking group is suspected to be a Russian-speaking operation which has hit at least 10 financial organisations including those in Armenia and Malaysia, but mostly within Russia. The initial attack techniques of Silence campaigns are similar threat actors including the infamous Carbanak group - initial victims are tricked by phishing emails which give the attackers a foothold into the network. They'll remain there for a long time, only striking when they have enough information to steal large amounts. Those behind Silence are appear to be actively targeting banks which have previously been attacked. They use emails from the addresses of real employees who have had accounts compromised - potentially bought from the dark web - to send a phishing email about what looks to be a routine request about opening a customer account. The message comes with a malicious attachment in the form of a 'Windows help . CHM' file which runs once the document has been opened. An embedded JavaScript within this automatically downloads and executes a Visual Basic script which then in turn downloads the a malware dropper from a command and control server. See also: Cyberwar: A guide to the frightening future of online conflict It's the Russian language in the code which has led researchers to the conclusion that the attack group is Russian-speaking. Once downloaded and installed on the system, the malware allows the attackers to take multiple screenshots of the victim's active screen, providing a real-time stream. A similar technique was used by Carbanak to gain an understanding of the victim's day-to-day activity and points to the ultimate end goal of Silence - obtaining all the information required to eventually steal money. The malware also includes a Winexecsvc tool which allows the execution of remote commands - useful when it comes to the attackers making their way around the infected network. Researchers note that this particular campaign has been successful in attacking financial institutions, no matter where in the world they're based or what the network infrastructure looks like. "We have seen this trend growing recently, as more and more slick and professional APT-style cyber-robberies emerge and succeed. The most worrying thing here is that due to their in-the-shadow approach, these attacks may succeed regardless of the peculiarities of each bank's security architecture," said Sergey Lozhkin, security expert at Kaspersky Lab. While Silence uses very similar techniques to the Carbanak group - which has stolen more than $1 billion from banks worldwide - it's still uncertain if the two groups are at all related. Researchers have warned the the attacks are still ongoing. |
|
|
|
|
|
|