Google has filed lawsuits against two Russians - Dmitry Starovikov and Alexander Filippov. According to the company, they are behind the activities of a botnet called Glupteba.
The corporation claims that Glupteba has infected more than a million Windows devices worldwide, the increase in infections can be "thousands" daily. The botnet was used to steal Google user account data. Most often, the infection occurred after users downloaded free applications from unauthorized sources.
In addition to stealing and using other people's data, Glupteba was aimed at covert mining of cryptocurrencies and redirecting other people's traffic through infected computers and routers. Using this method, illegal traffic can also be redirected to other people's devices.
Google notes the sophisticated technical complexity of Glupteba. It uses a blockchain, the decentralized nature of which allows it to effectively protect itself from work disruptions. For the company, this is the first case of fighting a botnet on the blockchain.
The main infrastructure of the botnet is now neutralized. Those who managed the network from infected devices no longer have access to it. However, the company notes that this statement is valid only at the moment.
Google assumes that it was Starovikov and Filippov who managed Glupteba, relying on data in their Gmail accounts and Google Workspace office applications. The company insists on reimbursing them for damage, as well as a lifetime ban on their use of Google services.
According to experts, this could create a positive precedent. If the Russians really manage to be punished significantly, this will significantly weaken the community as an attacker in cyberspace. At a minimum, the hackers' sense of impunity will disappear. You can read about how Google representatives tracked hackers on the company's official website.
There is no denying the fact that
cybercriminals have been exploiting the trust of people in media agencies. However,
the ongoing situations have seen an incredible surge in cybercriminals needing
to utilize each possible way to target media agencies.
Aside from direct attacks, they
have even misused brand names to create counterfeit identities, which are then
used to target 'potential victims'.
A couple of incidents throw light
upon how and why these threat actors have set their sights on the media industry.
Some of them have been directly
targeted generally through ransomware attacks.
Ritzau, the biggest independent
news agency in Denmark, was targeted by a ransomware attack, prompting the
compromise and encryption of more than one-fourth of its 100 network servers.
The computer servers at the Press
Trust of India were also attacked by LockBit ransomware, which kept the agency
from delivering news to its subscribers.
A few attackers very cleverly
utilize the 'pretense' of media agencies to plan out their attacks.
Some time back, TA416 Able was
found carrying out spear-phishing attacks by imitating journalists from the
Union of Catholic Asia News, endeavoring to target the scope of victims,
including diplomats for Africa and people in the Vatican.
Another incident happened when
the U.S. seized 27 domain names that were utilized by Iran's Islamic
Revolutionary Guard Corps (IRGC) for carrying out secretive influence
campaigns, in which a few domains were suspected to be veritable media outlets.
OceanLotus had set up and
operated a few websites, professing to be news, activist, or anti-corruption
sites consistently. Furthermore, they traded off a few Vietnamese-language news
websites and utilized them to load an OceanLotus web profiling framework.
Subsequently keeping these events
in mind, experts recommend having sufficient safety measures, like frequent
data backups, anti-malware solutions, and implementing Domain-based Message
Authentication, Reporting & Conformance (DMARC).
Furthermore, recommendations were made on carrying
out tests to distinguish and eliminate the risks of domain spoofing.
According to the Ministry of Justice, 27-year-old Yegor Kryuchkov tried to pay $1 million to an employee of a company from Nevada in order to introduce malware into its computer network. When the FBI joined the investigation, the Russian tried to run from the United States
A Federal Court in Los Angeles has arrested a Russian citizen, Yegor Kryuchkov, on charges of conspiring to commit cybercrime. This was reported by the press service of the US Department of Justice.
According to the Department, 27-year-old Kryuchkov in the period from July 15 to August 22 this year tried to bribe an employee of an unnamed American company located in the state of Nevada. The statement claims that the Russian offered him $1 million for participation in the implementation of the fraudulent scheme.
The Ministry of Justice reported that Kryuchkov allegedly planned to load malicious software into the computer system of this company. This would allow him and his associates to gain unhindered access to company data.
Last week, Kryuchkov was contacted by the Federal Bureau of Investigation (FBI), after which he left Reno (Nevada) and went to Los Angeles in order to leave the United States. The Russian, according to the Department, asked his friend to buy him a plane ticket.
Kryuchkov was detained in Los Angeles on August 22. According to the Ministry of Justice, the Russian entered the United States on a tourist visa.
The Russian Embassy in the United States said that diplomats are aware of Kryuchkov's arrest. "We will contact the Russian in the near future to find out the problem. We will provide him with the necessary consular and legal assistance,” said the diplomatic mission.
Residents of Russia began to receive SMS about a way to get $10 million from the US State Department. In the messages, Russians are offered this money for information about the interference of Russian hackers in the American elections.
Such SMS messages are published by residents of different cities in Russia in social networks. Among them the Deputy of the Duma of Yekaterinburg Timofey Zhukov. In the Telegram channel, he published a screenshot of such a message. "The US State Department is offering up to $10 million for information about interference in the US election. If you have information, please contact us,” said the SMS.
The link in the message leads to a verified Twitter account of the US State Department's Rewards for Justice program. According to the hashtag of the same name, Election_Reward, dozens of messages of the Department's program were published on Twitter in different languages of the world, including Russian.
Experts noted that the message was sent to Russians through the program CentrSoobsh — a service that is usually used to send spam or fake SMS in order to hack accounts by fraudsters.
Earlier, US Secretary of State Mike Pompeo announced the start of this program. He promised that Washington will pay the amount for information about persons interfering in the elections. Pompeo mentioned that the program applies to both Russia and other malicious states.
The representative of the Russian Foreign Ministry, Maria Zakharova, considered that if the US really begins to pay everyone up to 10 million dollars for such information, the state Department's website "will break down from denunciations to neighbors."
Senator of the Federation Council Frants Klintsevich called such actions an illusion and provocation, which carry a danger. He added that the messages are sent not by the US, but by emissaries with money.
According to him, it is necessary to find those who send messages, to bring everything to its logical end. Moreover, if necessary, the Russian Federation need s to change the legislation, as such actions are trying to destabilize the situation in the country.