Search This Blog

Showing posts with label Cyber Crime Report. Show all posts

REvil hacker group activity stopped in Russia

The Federal Security Service of Russia stopped the activities of the hacker group REvil, which was engaged in the theft of money using malware.

The operation was carried out in cooperation with the Investigative Department of the Ministry of Internal Affairs throughout Russia. According to the FSB, hackers developed malicious software, organized the theft of money from foreign bank accounts, and cashed them, including by purchasing expensive goods on the Internet.

"The appeal of the competent US authorities served as the basis for the search activities that reported the leader of the criminal community and his involvement in encroachments on the information resources of foreign high-tech companies," the FSB said.

The FSB of Russia has established the full composition of the REvil criminal community and the involvement of its members in the illegal turnover of payment funds, documentation of illegal activities has been carried out.

REvil has ceased to exist. According to the FSB, at 25 addresses of the places of residence of 14 members of the organized criminal community, over 426 million rubles ($5.5 million) were seized, including in cryptocurrency, $600 thousand, €500 thousand, as well as computer equipment, crypto wallets used to commit crimes, 20 premium cars purchased with funds obtained by criminal means.

"As a result of the joint actions of the FSB and the Ministry of Internal Affairs of Russia, the organized criminal community has ceased to exist, the information infrastructure used for criminal purposes has been neutralized. Representatives of the competent US authorities have been informed about the results of the operation," the FSB reported.

The REvil group is considered one of the most active hacker groups in the world. It has committed several major attacks, including against Apple and the Texas government.

It is worth noting that in the summer of 2021, according to The New York Times, after a conversation about REvil, which took place between US President Joe Biden and Russian leader Vladimir Putin at a summit in Switzerland, hackers disappeared from the darknet. Then the American president called on the Russian Federation to take measures to suppress the activities of cyber criminals operating on its territory.


A major hacker service has been eliminated in Ukraine

Cyber specialists of the Security Service of Ukraine, together with the cyber police and American and British partners, conducted a large-scale special operation to eliminate a powerful hacker service.

According to the intelligence service, the defendants committed hacker attacks on foreign companies, as well as provided paid services to change IP addresses for other hackers. According to preliminary estimates, the group has earned more than $1 million during its activity.

"Unlike the "usual" VPN services that can be legally bought and used by everyone, the services of the attackers had a much broader functionality. In particular, they allowed computer viruses, spyware, and other malicious programs to be loaded directly through the platform. That is, it was a purely "gangster" service created by intruders for intruders and not controlled by any government or law enforcement agencies," the SBU explained.

During the investigation, it turned out that the service was organized by citizens of Ukraine, including those wanted by foreign law enforcement agencies. They administered the work of the service from home personal computers, and to avoid responsibility they hid under different nicknames on the Darknet network.

It should be noted that the services were popular among members of international hacker groups who regularly hacked into the systems of government and commercial institutions to collect confidential information; distributed ransomware viruses that encrypt information available on a PC and demand a ransom from the user; carried out DDoS attacks to paralyze the operation of systems.

According to the SBU, in order to legalize the funds received from such activities, the attackers carried out complex financial transactions using a number of online services, including those banned in Ukraine.

During the searches conducted at the place of actual residence of the defendants and in their cars, mobile phones, computer equipment, and other material evidence of illegal activity were found and seized. Hackers face up to 15 years in prison.

Russian hacker arrested in US who may have information about Russian interference in American elections

According to Bloomberg sources in the Russian and American security and intelligence agencies, Klyushin is a Kremlin insider and even a year and a half ago received a state award from Putin, the Order of Honor.

They added that Klyushin has access to documents that relate to the Russian campaign to hack the servers of the Democratic Party during the US elections in 2016. According to them, these documents confirm that the hacking was carried out by a group of hackers from the GRU, which is known under the names Fancy Bear and APT28. In addition, some sources expressed the opinion that Klyushin has access to secret records of other high-ranking GRU operations abroad. All this can make Klyushin a useful source of information for the US authorities, especially if he asks the court for leniency.

Another argument that Klyushin has this valuable information for the U.S. is that his subordinate at M13 was former ex-GRU operative Ivan Yermakov. In 2018, he was one of the defendants accused of hacking into the computer systems of the Democratic Party.

Recall that on December 19, Switzerland extradited Klyushin to the United States. He is suspected of illegal trading in securities worth tens of millions of dollars. Klyushin is the head of the M13 company, which has developed the Katyusha media monitoring system for the Ministry of Defense and the Presidential Administration.

In 2017, The Insider managed to prove that the Fancy Bear group consists of employees of the military unit 26165 GRU. A year later, this data was confirmed by the US Department of Justice, officially bringing charges against a group of hackers. The most famous operation APT28 was the hacking of the servers of the Democratic Party in 2016, designed to help Donald Trump defeat Hillary Clinton in the presidential election.

Russian hacker created the RedLine program, which steals passwords and bank card data in browsers

The RedLine malware attacks browsers based on the Chromium engine — Chrome, Edge, Yandex.Browser and Opera, as well as on the basis of the Gecko engine - Mozilla Firefox and Netscape. RedLine steals saved passwords, bank card data, information about cryptocurrency wallets, cookies, system information, and other information from browsers.

Further, experiments showed that the program collects any sensitive information stored in browsers, and in addition allows you to control the computers of victims via the SOAP remote access protocol and hypothetically create botnets from them. The problem affects not only companies but also ordinary users.

The RedLine program appeared on the Russian darknet in February 2020. The announcement of its sale was posted by a Russian-speaking user with the nickname REDGlade.

The AhnLab ASEC report calls RedLine a serious cyber threat. ASEC discovered the program in 2021 when they were investigating the hacking of the network of an unnamed company. It turned out that access was carried out through a VPN service from an employee's computer infected with RedLine.

Attackers sell malware on the darknet and telegram for an average of $150-200. RedLine is distributed using phishing mailings with attached files in the format .doc, .xls, .rar, .exe. It is also uploaded to domains that disguise themselves as an online casino or, for example, the website of the Krupskaya Confectionery Factory.

It is worth noting that in December 2021, RedLine became the most popular program used in cyber attacks. Since the beginning of the month, more than 22 thousand attacks have been carried out with the help of RedLine.

Experts urged not to store credentials in browsers, suggesting instead to use a password manager and enable two-factor authentication wherever possible.

Google sued two Russians hackers

Google has filed lawsuits against two Russians - Dmitry Starovikov and Alexander Filippov. According to the company, they are behind the activities of a botnet called Glupteba.

The corporation claims that Glupteba has infected more than a million Windows devices worldwide, the increase in infections can be "thousands" daily. The botnet was used to steal Google user account data. Most often, the infection occurred after users downloaded free applications from unauthorized sources.

In addition to stealing and using other people's data, Glupteba was aimed at covert mining of cryptocurrencies and redirecting other people's traffic through infected computers and routers. Using this method, illegal traffic can also be redirected to other people's devices.

Google notes the sophisticated technical complexity of Glupteba. It uses a blockchain, the decentralized nature of which allows it to effectively protect itself from work disruptions. For the company, this is the first case of fighting a botnet on the blockchain.

The main infrastructure of the botnet is now neutralized. Those who managed the network from infected devices no longer have access to it. However, the company notes that this statement is valid only at the moment.

Google assumes that it was Starovikov and Filippov who managed Glupteba, relying on data in their Gmail accounts and Google Workspace office applications. The company insists on reimbursing them for damage, as well as a lifetime ban on their use of Google services.

According to experts, this could create a positive precedent. If the Russians really manage to be punished significantly, this will significantly weaken the community as an attacker in cyberspace. At a minimum, the hackers' sense of impunity will disappear. You can read about how Google representatives tracked hackers on the company's official website.

Bloomberg spoke about the “laundering” companies for cybercriminals in the Moscow City Tower

At least four companies suspected of money laundering and allegedly linked to ransomware hackers are based in the 97-storey Tower East of the Federation Complex in the Moscow City Business Center.

According to the agency, we are talking about the companies Suex OTC, EggChange, CashBank and Buy-bitcoin.pro.

Suex OTC is under US sanctions for helping cyber extortionists launder money. According to the research company Chainalysis, since 2018 Suex has processed at least $160 million in bitcoins from illegal and high-risk sources.

The largest shareholder of Suex at the time of the sanctions, Egor Petukhovsky, denied the involvement of his business in money laundering by hackers in October and announced that he would defend his position in an American court.

According to three Bloomberg sources, the US and Europe are also investigating EggChange on charges of money laundering. The world's largest cryptocurrency trading platform Binance said it also noticed “illegal flows” of funds going through EggChange and CashBank.

Chainalysis claims that the company Buy-bitcoin.pro, whose headquarters are also located in the Tower Federation-East, processed hundreds of thousands of dollars of funds from ransomware and other illegal operators, including Russia's largest darknet drug market Hydra.

Bloomberg writes that at least 50 companies converting cryptocurrency into cash are registered in Moscow City Tower. Cybersecurity and cryptocurrency experts consider Moscow City Tower to be one of the most influential points in the world of cryptocurrency cashing. Experts added that such operations are not illegal, but without serious supervision, such a business can help hackers to cash out criminal proceeds.

Stanislav Bibik, a partner at Colliers, explained the large concentration of cryptocurrency firms in the Tower Federation-East by the fact that this address is trustworthy. “Working there gives the tenant a high status and indicates that he has a solid business,” Bibik said.


Microsoft: Russia Behind 58% Detected State-Backed Hacks

 

According to the latest report of Microsoft, Russian-sponsored malicious actors are becoming more successful at breaching targets in the United States and other developed countries. Russia is responsible for most state-sponsored cybercrimes over the past years, Microsoft added. 

Russian hackers were found to be involved in 58% of government-linked cyber crimes including crimes on government agencies and think tanks in the United States, followed by Ukraine, Britain, and European NATO members. 

Furthermore, other countries like China, North Korea, and Iran, have also been highly active in cyber security crimes on the important infrastructure of governments and non-profit organizations, Microsoft said in its second annual Digital Defense Report, which covers July 2020 through June 2021. 

An unusual hack in early 2020, the SolarWinds hack where hackers gained access to the networks, systems, and data of thousands of SolarWinds customers had also been attributed to Russia. The scope of one of the largest, if not the largest, one of its kind ever recorded has been unknown.  

After the SolarWinds hack incident, the Russian backed-hackers shifted their focus again on their usual victims like government agencies involved in foreign policy, including defense and national security, think tanks, health care, where they targeted the organizations that were developing and testing COVID-19 vaccines and providing treatments in the USA, Canada, Australia, Israel, Japan, and India. 

Meanwhile, China, figured in for 1 in 10 of the state-sponsored cyber attacks; getting a 44% success rate in breaking into victimizing networks, Report discloses. 

On the whole, state-backed cybercrimes have a 10%-20% success rate, said Cristin Goodwin, who heads Microsoft’s Digital Security Unit.

“It’s something that’s really important for us to try to stay ahead of — and keep driving that compromised number down — because the lower it gets, the better we’re doing,” Goodwin added. 

“2021 brought powerful reminders that to protect the future we must understand the threats of the present. This requires that we continually share data and insights in new ways…” 

“…Certain types of attacks have escalated as cybercriminals change tactics, leveraging current events to take advantage of vulnerable targets and advance their activity through new channels”, the report said.

The Russian Federation submitted to the United Nations the world's first draft convention against cybercrime

The Prosecutor General's Office of the Russian Federation reported that Russia has submitted to the UN the world's first draft convention on countering cybercrime and the criminal use of cryptocurrency.

Recall that last year an interdepartmental working group on combating information crime was established, one of the main tasks of which was to develop a draft of a universal comprehensive international convention on combating the use of information and communication technologies for criminal purposes.

The project has a number of advantages. It takes into account modern challenges and threats in the field of international information security, including the criminal use of cryptocurrency, introduces new elements of crimes committed using information and communication technologies.

It is stressed that Russia was the first country that developed and submitted to the special committee a draft convention to combating information crimes.

"Today cyber attacks are as much a weapon of mass destruction as a tactical nuclear weapon. Infrastructure, from the fuel supply to the water supply, can be stopped in an entire city. The settlement will be paralyzed with zero casualties. Thus, I would call cyberattacks bloodless killers, they do not set themselves the goal of destroying the population but simply teleport this population, in fact, to the Stone Age,” commented on the news the State Duma deputy Ruslan Balbek.

According to him, the Russian draft convention is timely and relevant.

In March, the President of Russia Vladimir Putin announced an increase in the number of crimes in the IT-sphere. He pointed out that over the past six years, the number of such crimes has increased 10 times.

Earlier, E Hacking News was reported that Russia-US summit was held in Geneva on June 16. Summing up the negotiations, Vladimir Putin said that the sides will start consultations on cybersecurity.

Experts Said How Cybercriminals Make Money on Russian Gamers

One of the most popular fraud schemes involves buying or selling an account in online games. An attacker can offer an account, but after transferring funds for it, the buyer does not get access to it.

Experts advise using specialized platforms for buying and selling an account, which charge a commission of about 10% for their services.

If there is no such platform, but there is a forum dedicated to the game, the expert advises to study the user's account and his rating on the forum as much as possible before selling or buying.

Gamers can also be deceived when buying expensive computer components, for example, video cards. Scammers create copies of popular online stores, in which the cost of components will be declared 2-3 times lower than the market price. The buyer most likely will not be able to return the money.

Another method of fraud is associated with the purchase of expensive goods, such as a game console through a private classifieds service. In this case, the buyer is offered to get an e-wallet on one of the legitimate services. His virtual card is allegedly linked to this account, which is used to make the payment.

The client transfers money to the wallet and informs the seller about it, after which he receives an SMS message with the virtual card data. However, the notification does not come from the service number, but from the phone of the scammers. So, the gamer makes the transfer to scammers and remains without money and the desired product.

Another method of fraud is connected with watching streams of other gamers. Scammers copy the broadcasts of famous players and add banners with ads for easy earnings to the video. By clicking on them, people get to the resources of scammers, where they lose money by providing their bank card details.

According to the expert, the solution to the problem in the game world could be the active development and use of escrow services, as it is used when selling domain names on the Internet.

The Russian who hacked JPMorgan was demanded $20 million in compensation

In January, Andrei Tyurin was sentenced to 12 years in prison for the largest theft of personal data of bank clients in US history.  He acted as part of a hacker group and stole data that brought the hackers hundreds of millions of dollars

The Federal Court for the Southern District of New York ordered to pay compensation in the amount of $19.9 million to Russian Andrei Tyurin, who was sentenced in January to 12 years in prison for cybercrimes.  This is evidenced by the documents received on Monday in the electronic database of the court.

As follows from these materials, the parties came to an agreement on the amount that Tyurin should provide to individuals and legal entities affected by his actions.  According to the agreements approved by the court, Tyurin "will pay compensation in the amount of $19,952,861."  The full list of companies and individuals who will receive these funds is not provided in the documents.  It is also not specified whether Tyurin has the ability to pay the specified amount.

In early January, Tyurin was sentenced to 144 months in prison.  According to Judge Laura Taylor Swain, the Russian was involved in "large-scale criminal activities of a financial nature."  According to the investigation, he was involved in cyber attacks on large American companies in order to obtain customer data.

The US prosecutor's office said that Tyurin hacked the data of nearly 140 million customers and stole information from 12 companies.  Among them are JPMоrgan Chase Bank, Dow Jones & Co, Fidelity Investments, E-Trade Financial.  The authorities called the actions of the Russian the largest theft of data from the bank's clients in the history of the country.

Tyurin was extradited to the United States from Georgia in September 2018.  The American authorities charged him with hacking into the computer systems of financial structures, brokerage houses and the media specializing in the publication of economic information.  Representatives of the Secret Service claimed that the Russian was involved in "the largest theft of customer data from US financial structures in history."  They noted that Tyurin could be sentenced to imprisonment for up to 92 years.

 The Russian initially declared his innocence.  According to the materials of the court, in September 2019 Tyurin made a deal with the prosecutor's office.  He pleaded guilty to several counts.  The US Secret Service claimed that Tyurin and his accomplices "embezzled hundreds of millions of dollars."

Russian hackers suspected of stealing thousands of US State Department emails

In 2020, Russian hackers stole thousands of emails from U.S. State Department employees. As Politico reported, this is the second major hack of the department's email server in the last ten years, carried out "with the support of the Kremlin."

According to Politico sources, this time, hackers accessed the emails of the U.S. State Department's Bureau of European and Eurasian Affairs, as well as the Bureau of East Asian and Pacific Affairs. A Politico source said it was unclear whether classified information was among the stolen emails. It also remains unclear whether the hack was part of a larger SolarWinds attack that gave hackers access to dozens of U.S. federal agencies.

The U.S. State Department declined to comment to the publication on the likely attack. "For security reasons, we cannot discuss the nature or extent of any alleged cybersecurity incidents at this time," said a State Department spokesman. Politico also sent a request to the Russian embassy in the United States. At the time of publication, the Russian side had not responded.

Recall, U.S. media reported on the large-scale hacking attack on the U.S. government on December 14, 2020. The hack was later confirmed by U.S. intelligence agencies. According to their information, dozens of agencies were hacked, it was organized by Russian hackers. U.S. President Joe Biden announced his intention to impose sanctions against Russia for cyber attacks. On March 8, 2021, the media reported on White House plans to conduct covert cyberattacks on Russian networks in response to the SolarWinds hack.

Russian presidential press secretary Dmitry Peskov stressed Moscow's noninvolvement in the cyberattacks. Russian Foreign Ministry spokeswoman Maria Zakharova also said that U.S. accusations that Russia was involved in a massive hacking attack on U.S. federal agencies were unproven.

Russian Kryuchkov pleaded guilty to conspiring to hack Tesla's computer network

 Tesla CEO Elon Musk commented in Russian on the news that Russian Egor Kryuchkov had pleaded guilty on Twitter on Friday

According to the federal prosecutor's office in the state of Nevada, the verdict of Russian Egor Kryuchkov, who pleaded guilty to conspiracy to hack Tesla's computer network, will be sentenced on May 10.

"A Russian national pleaded guilty in federal court today to conspiracy to travel to the US to hire a Nevada-based employee to install software on the company's computer network," the document said.

It specifies that the Russian "pleaded guilty to one count of intentionally damaging a protected computer, and is scheduled to be sentenced on May 10."

According to the US Department of Justice, the Russian was trying to bribe a Tesla employee for $1 million to install the necessary software. The attackers intended to use the data to blackmail the company by threatening to make the information public. "This was a serious attack," Musk said at the time.

An employee with whom the Russian allegedly tried to negotiate in the summer of 2020 notified his management about this plan. It informed the US FBI.

The US Justice Department reported in August that Kryuchkov had been detained in Los Angeles, California, on charges of conspiracy to intentionally harm a protected computer. Initially, the Russian did not admit his guilt. His relatives and acquaintances said Kryuchkov had nothing to do with the IT industry and had never programmed.

However, on March 18, the US Department of Justice announced that the man had pleaded guilty to one count of deliberately damaging a protected computer.

It is worth noting that Tesla CEO Elon Musk commented in Russian on the news that Russian Egor Kryuchkov had pleaded guilty. Musk published a corresponding entry on Twitter on Friday.

The head of Tesla, following the rules of the pre-reform spelling of the Russian language, wrote the title of the novel by Fyodor Dostoevsky (1821-1881) "Crime and Punishment".

Musk had previously tweeted in Russian on several occasions. 

Ukrainian police arrested members of a well-known cyber ransomware group

Members of the Egregor group, which provides the service using the Ransomware-as-a-Service (RaaS) model, have been arrested by the Ukrainian police.

The arrest is the result of a joint operation of the French and Ukrainian law enforcement systems. The names of the arrested citizens were not disclosed, but it is known that they provided logistical and financial support for the service.

It is worth noting that this ransomware has been active since the fall of 2020 and works according to the Ransomware-as-a-Service (RaaS) model. That is, the authors of the malware rent it out to other criminals, who are already hacking companies, stealing data, encrypting files, and then demanding a “double ransom” from victims (for decrypting files, as well as for not disclosing the data stolen in the process of hacking).

If the victims pay a ransom, the group that organized the hack keeps most of the funds, and the developers of Egregor receive only a small share. The attackers laundered funds through the Bitcoin cryptocurrency.

Those arrested are suspected, among other things, of providing such financial schemes.

According to Allan Liska, a cybersecurity researcher at Recorded Future, Recorded Future has discovered that the Egregor infrastructure, including the site and the management and control infrastructure, has been offline since at least Friday (February 12).

The French side joined the investigation after the Egregor software was used in attacks on the computer game developer Ubisoft and the logistics organization Gefco in 2020.

Although the Egregor system based on the RaaS model was launched in September 2020, a number of cybersecurity experts believe that the service operators are the well-known cyber ransomware group Maze.

The number of crimes with bank cards in Russia has increased by 5.5 times

Last year, 510.4 thousand crimes committed using information and telecommunications technologies were registered in Russia. According to the data of the Ministry of Internal Affairs, this figure is 73.4% more than it was in the previous year.

In 2020, cybercriminals used bank cards, the Internet, and a telephone to commit crimes. In particular, during the year, the number of acts involving the use of plastic cards increased by a record 453.1%, reaching 190.2 thousand. In 2019, according to the Ministry, there were only 34.4 thousand. 

The Central Bank confirmed an increase in the number and volume of transactions without the consent of bank customers in 2020.

The director of the company Anti-Phishing Sergey Voldokhin confirmed that massive phone fraud, malicious banking applications for smartphones and fake payment system sites have become a real problem in 2020. According to him, with the beginning of the pandemic and the transition to remote work, cyber fraudsters have received new opportunities for attacks. "Judging by the volume of thefts, banks and financial companies were not ready for a large-scale impact on their customers", added he.

According to Sergey Golovanov, a leading expert at Kaspersky Lab, fraud trends are likely to continue in 2021.

"But a significant increase in their number is unlikely, as financial organizations and telecom operators are actively fighting such schemes, and the news agenda has made citizens wary of suspicious calls", noted he.

According to Pavel Utkin, a leading lawyer at Parthenon, the problem of phone fraud with plastic cards will disappear by itself when banks establish control over the personal data of customers.

The banks noted that in order to minimize attacks, they have already implemented comprehensive anti-fraud systems, as well as information campaigns among customers about new types of fraud and methods of countering them.

Earlier, E Hacking News reported that Sberbank is the most targeted organization in Europe by hackers.

The Russian pleaded guilty to cybercrime charges in the United States

 Kirill Firsov admitted his guilt in trying to obtain secret information about the clients of a certain company for fraudulent purposes

A hearing on the sentencing of Russian citizen Kirill Firsov, who pleaded guilty in the United States to data theft, will be held on April 12.

As noted, before the announcement of the punishment, the court will be presented with additional materials about the case. Firsov agreed to attend the meeting via videoconference.

Recently, the Russian has reached an agreement with representatives of the prosecutor's office. Firsov pleaded guilty to trying to fraudulently obtain confidential information about the clients of a certain company. He could be sentenced to up to 10 years in prison and ordered to pay a fine of up to $250,000.

The prosecution agreed not to seek the most severe punishment for the Russian. He waived the right to insist on a trial and to challenge the charges in question.

Recall, the US authorities detained Firsov on suspicion of stealing the personal data of California residents for their further sale with the aim of using them in false identity cards. The Prosecutor's Office of the Southern District of California names Firsov the administrator of the platform DEER.IO.

The US authorities claimed that this platform is based in Russia. This resource was allegedly used to sell information stolen by hackers, including personal data and information about bank accounts.

As follows from the materials, the site operated from 2013 to 2020, the income from illegal sales amounted to $17 million.

Firsov said that most of his victims were Russians, but about $1.2 million was earned by selling information about Americans. This fact allowed the FBI to pursue Firsov and detain him upon arrival in the country.

The Russian was arrested on March 7 at the John F. Kennedy Airport, in New York. Three days earlier, the FBI made a "test purchase" on his website, acquiring information about 1,100 gamers for $20 in bitcoins.

After the global attack by the hackers, the FBI became interested in the company JetBrains

FBI officers began checking the JetBrains company. So far, there are no specific accusations, but the special services are investigating whether the products of the above company could be used in the hacking of the American SolarWinds, which is considered the starting point of the global hacker attack.

JetBrains, founded in Prague in 2000, sells customers software that makes it much easier to create applications. For millions of developers, its tools are indispensable: the company now has more than 10 million users in more than 213 countries.  In an interview with Forbes, the company's CEO, Maxim Shafirov, said that despite the pandemic, revenue has grown by 10% over the past year, and the company suggests that this year it can reach $400 million. According to a JetBrains representative, the company is worth more than $1 billion.

On Wednesday, The New York Times, Reuters and The Wall Street Journal reported that the investigation does not exclude the possibility of connecting JetBrains with one of the largest acts of cyberespionage in recent times. The publications contained hints that hackers could have hacked JetBrains or one of its products, the TeamCity testing, and code-sharing service, in order to then gain access to the systems of SolarWinds, which used this service. 

As a result of the attack, hackers compromised one of the SolarWinds tools and used it to break into the networks of customers, including government departments and major US IT companies. Among the victims of the cyberattack were the US Department of Justice, which announced that 3% of its messages sent through Office 365 were compromised, as well as the US Department of Energy and Treasury, Microsoft, Cisco and other organizations. The US claims that the attacks are linked to Russia. The Kremlin denies any involvement.

It is noted that the reputation of JetBrains can be seriously damaged if it is proved that its employees are involved in compromising the software and its misuse.

Court in the United States has sentenced Russian Andrey Tyurin to 12 years in prison for cybercrime

The Federal Court of the Southern District of New York sentenced Russian Andrey Tyurin to 12 years in prison for committing a number of cybercrimes. In addition, he was ordered to pay the United States 19 million dollars

The Russian Consulate General in New York is in contact with law enforcement agencies in the United States in the case of the Russian Andrei Tyurin, who was sentenced by the court to 12 years in prison for cybercrime, said the press secretary of the diplomatic mission Alexey Topolsky.

According to him, the conditions of detention of the Russian citizen were difficult in the context of the COVID-19 pandemic. Topolsky recalled that Tyurin contracted the coronavirus in an American prison.

"The Russian Consulate General in New York is monitoring the case of Andrei Tyurin and is in contact with US law enforcement agencies," said Topolsky.

In his last speech, Tyurin said that he sincerely repents for what he did.

According to the judge, Tyurin must reimburse the United States 19 million 214 thousand 956 dollars, this is the profit that he derived from his criminal activities.

By US standards, a 12-year sentence is not the harshest for such a crime, says international lawyer Timur Marchani.

"In the United States, for crimes related to cybersecurity, for crimes that entail hacking the banking system, some of the harshest penalties are provided. Here, the court took into account first of all the hacker's remorse and, most importantly, cooperation with the preliminary investigation authorities and then with the court," said Mr. Marchani.

Recall that the Russian was detained in Georgia at the request of the United States in December 2017. In September 2018, he was extradited to the United States. In September 2019, the Turin pleaded guilty to six counts of the indictment.

According to the investigation, Tyurin participated in a "global hacking campaign" against major financial institutions, brokerage firms, news agencies and other companies, including Fidelity Investments, E-Trade Financial and Dow Jones & Co.

Prosecutor Jeffrey Berman said that Tyurin ultimately collected client data from more than 80 million victims, "which is one of the largest thefts of American client data for one financial institution in history."

The head of Group-IB Mr. Sachkov described the portrait of a typical Russian hacker

Not only a programmer but also just a specialist with a good knowledge of mathematics can become a hacker in Russia, said the head of Group-IB Ilya Sachkov. The entrepreneur believes that for such people money is a priority.

"This is a talented young man, whose task is to earn money and that's all. He is not always well-educated in the humanities, not someone who will cause you sympathy. The priority is money, expensive cars, expensive watches, holidays abroad," said Sachkov.

Ten years ago, the career of a hacker was chosen exclusively by students, mostly children from disadvantaged families. However, the situation has changed: this profession is now chosen by those who "live in very rich families, with normal relations between parents".

A typical Russian hacker "tries to play Don Corleone", communicates with former or current law enforcement officers, and also looks for political assistants who will explain to him that real Russian hackers steal money from foreigners because of the "war with America".

He noted that the creators of viruses are often people with special needs, autistic children who have fallen into an aggressive environment. At the same time, the opinion that Russian-speaking hacker groups are leading in the world is already outdated. Today, all of them are mixed by nationality, although in the 90s, it was people from the post-Soviet space who were among the first to engage in such things, who communicated among themselves in Russian.

Group-IB specializes in products that help protect against cyber attacks and fight online fraudsters. In particular, the company investigates cybercrimes and helps to monitor attacking hackers. The group cooperates with Europol and Interpol.

Experts listed the possible goals of cyber criminals who hack websites

According to Positive Technologies, in 2020, cybercriminals have become increasingly interested in hacking sites: in seven out of ten cases, the purpose of an attack is to gain access to a resource, including for its further sale to another attacker.

The company's experts, to find out the most popular targets of hacking sites, examined more than 80 million messages on the ten most active forums in the shadow segment of the Internet, which provide services for hacking sites, buying and selling databases, and accessing web resources.

According to Positive Technologies analyst Yan Yurakov, since March 2020, interest in the topic of hacking sites has been identified. He also explained that this trend could lead to an increase in the number of companies represented on the Internet, which was provoked by the pandemic.

In seven out of ten requests related to hacking sites, the main goal is to gain access to a web resource. Attackers can not only steal confidential information but also sell access to a web application.

In another 21% of cases, the purpose of hacking a site is to extract and obtain databases of users or clients of the attacked resource. According to Positive Technologies, competitors and spammers who collect lists of addresses for targeted thematic mailing lists aimed at a specific audience are primarily interested in acquiring such information.

For about 4% of hackers, the main goal is not to hack the site itself, but to place malware on it. About 3% of customers are looking for a hacker to remove certain data from the site after hacking, and 2% sell ready-made programs and scripts for hacking.

Recently it became known that the list of pre-installed Russian software for smartphones, tablets, computers and Smart TV will include an application that combines sites with free access. Since April 1, the Ministry of Digital Industry has been conducting an experiment to provide residents of Russia with free access to 371 sites.

Police detained hackers who stole more than 20 million rubles

Police officers of the Chuvash Republic, with the assistance of BI.ZONE experts detained the organizers of a criminal group that stole money from customers of Russian banks using the FakeToken malicious software. The group operated for more than 5 years, the damage from its activities exceeds 20 million rubles ($272 200,00).

During a search at the addresses of one of the fraudsters, network devices, communication devices and computer equipment containing clear traces of the development and distribution of Trojan Banker.AndroidOS.FakeToken were found and seized. Also, employees of the Ministry of Internal Affairs found SIM cards of various telecom operators and electronic correspondence in Telegram, which confirms the involvement of the detainee in illegal activities.

According to BI.ZONE experts, the attackers used Trojan Banker.AndroidOS.FakeToken for stealing money from users of mobile devices based on the Android OS. The program infected devices, intercepted SMS messages from the Bank and transmitted them to the server of criminals, as well as collected Bank card data. The fraudsters used this information to transfer money from the victims' mobile and Bank accounts. "Over the past five months, the hacker group has gained access to more than 5,000 phones and data from at least 2,500 Bank cards," said experts.

"In February 2020, we recorded the activation of the FakeToken malware, which infected more than 2,000 victims every day. The group that manages this software is considered one of the most active in the Russian Federation, and we are glad that we were able to help stop the criminals," said Evgeny Voloshin, director of the BI.ZONE expert services unit.

It's important to note that the FakeToken Banking Trojan has been known since 2016. It is able to attack more than 2 thousand financial applications, its victims of steel of about 16 thousand users in 27 countries, including Russia, the Ukraine and Germany.