Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label FBI. Show all posts
Ransomwares
Advanced Social Engineering Cyber Attacks cybercriminal group data security FBI FBI cybersecurity advisory Law Firms Luna Moth phishing techniques ransomware attacks Ransomwares

FBI Warns of Silent Ransom Group Using Phishing and Vishing to Target U.S. Law Firms

 

The FBI has issued a warning about a sophisticated cybercriminal group known as the Silent Ransom Group (SRG), also referred to by aliases like Luna Moth, Chatty Spider, and UNC3753. This group has been actively targeting U.S.-based law firms and related organizations through advanced phishing techniques and social engineering scams. The group, which has been operational since 2022, is known for using deceptive communication methods to gain unauthorized access to corporate systems and extract sensitive legal data for ransom demands. In the past, SRG’s activities spanned across industries such as healthcare and insurance. 

However, since the spring of 2023, its focus has shifted to legal entities, likely because of the highly confidential nature of the data managed by law firms. The group commonly uses a method called callback phishing, also known as reverse vishing. In this approach, victims receive emails that appear to originate from reputable companies and warn them of small charges for fake subscriptions. The emails prompt users to call a phone number to cancel the subscription. During these calls, victims are instructed to download remote access software under the guise of resolving the issue. Once the software is installed, SRG gains control of the victim’s device, searches for valuable data, and uses it to demand ransom.  

In March 2025, SRG has adapted their strategy to include voice phishing or vishing. In this new approach, the attackers call employees directly, posing as internal IT staff. These fraudulent callers attempt to convince their targets to join remote access sessions, often under the pretext of performing necessary overnight maintenance. Once inside the system, the attackers move swiftly to locate and exfiltrate data using tools like WinSCP or a disguised version of Rclone. Notably, SRG does not prioritize escalating privileges, instead focusing on immediate data theft. The FBI noted that these voice phishing methods have already resulted in multiple successful breaches. 

SRG reportedly continues to apply pressure during ransom negotiations by making follow-up calls to victim organizations. While the group does maintain a public site for releasing stolen data, its use of this platform is inconsistent, and it does not always follow through on threats to leak information. A significant concern surrounding these attacks is the difficulty in detection. SRG uses legitimate system management and remote access tools, which are often overlooked by traditional antivirus software. The FBI advises organizations to remain vigilant, particularly if there are unexplained downloads of programs such as AnyDesk, Zoho Assist, or Splashtop, or if staff receive unexpected calls from alleged IT personnel. 

In response, the FBI urges companies to bolster cybersecurity training, establish clear protocols for authenticating internal IT requests, and enforce two-factor authentication across all employee accounts. Victims of SRG attacks are encouraged to share any information that might assist in ongoing investigations, including ransom communications, caller details, and cryptocurrency wallet data.
Read more »
Operation Endgame
Anti Virus Dark Web FBI Internet malware Operation Endgame

Undercover Operation Shuts Down Website Helping Hackers Internationally


Hackers used AVCheck to see malware efficiency

International police action has shut down AVCheck, an anti-virus scanning website used by threat actors to check whether their malware was detected by mainstream antivirus before using it in the attacks. The official domain “avcheck.net” now shows a seizure banner with the logos of the U.S. Secret Service, the U.S. Department of Justice, the FBI, and the Dutch Police (Politie).  

The site was used globally by threat actors

According to the announcement, AVCheck was a famous counter antivirus (CAV) website globally that enabled hackers to check the efficiency of their malware. Politie’s Matthijs Jaspers said, “Taking the AVCheck service offline marks an important step in tackling organized cybercrime." With the collaborative effort, the agencies have disrupted the “cybercriminals as early as possible in their operations and prevent victims." 

The officials also discovered evidence linking AVCheck’s administrators to encrypting services Cryptor.biz  (seized) and Crypt.guru (currently offline). Crypting services allow threat actors to hide their payloads from antivirus, blending them in the ecosystem. Hackers also use a crypting service to hide their malware, check it on AVCheck or other CAV services to see if is detected, and finally launch it against their targets. 

Details about the operation

Before the shutdown of AVCheck, the police made a fake login page warning users of the legal risks when they log in to such sites. The FBI said that “cybercriminals don't just create malware; they perfect it for maximum destruction.” Special Agent Douglas Williams said threat actors leverage antivirus services to “refine their weapons against the world's toughest security systems to better slip past firewalls, evade forensic analysis, and wreak havoc across victims' systems."

Operation Endgame

The undercover agents exposed the illegal nature of AVCheck and its links to ransomware attacks against the U.S. by purchasing these services as clients. According to the U.S. DoJ, in the “affidavit filed in support of these seizures, authorities made undercover purchases from seized websites and analyzed the services, confirming they were designed for cybercrime.”

The crackdown was part of Operation Endgame, a joint international law enforcement action that captured 300 servers and 650 domains used in assisting ransomware attacks. Earlier, the operation cracked down on the infamous Danabot and Smokeloader malware operations.

Read more »
operation raptor
Cyber Crime Dark Web Drug Trafficking FBI operation raptor

FBI Cracks Down on Dark Web Drug Dealers

 


A major criminal network operating on the dark web has been disrupted in a large international operation led by the FBI. Over 270 individuals have been arrested for their involvement in the online trade of dangerous illegal drugs such as fentanyl, meth, and cocaine. This operation involved law enforcement teams from the United States, Europe, South America, and Asia.


What is the dark web?

The dark web is a hidden part of the internet that isn’t available through standard search engines or browsers. It requires special tools to access and is often used to hide users’ identities. While it can offer privacy to those in danger or under surveillance, it is also known for being a place where criminals carry out illegal activities — from drug dealing to selling stolen data and weapons.


What was Operation RapTor?

The FBI’s mission, called Operation RapTor, focused on stopping the sale of illegal drugs through online black markets. Authorities arrested hundreds of people connected to these sites — not just the sellers, but also the buyers, website managers, and people who handled the money.

One of the most alarming parts of this case was the amount of fentanyl recovered. Authorities seized more than 317 pounds of it. According to FBI estimates, just 2 pounds of fentanyl could potentially kill about 500,000 people. This shows how serious the danger was.


Why this matters

These drug sellers operated from behind screens, often believing they were untouchable because of the privacy the dark web provides. But investigators were able to find out who they were and stop them from doing more harm. According to FBI leaders, these criminals contributed to drug addiction and violence in many communities across the country.

Aaron Pinder, a key official in the FBI’s cybercrime unit, said the agency has improved at identifying people hiding behind dark web marketplaces. Whether someone is managing the site, selling drugs, moving money, or simply buying drugs, the FBI is now better equipped to track them down.


What’s next?

While this operation won’t shut down the dark web completely, it will definitely make a difference. Removing major players from the drug trade can slow down their operations and make it harder for others to take their place — at least for now.

This is a strong reminder that the dark web, no matter how hidden, is not out of reach for law enforcement. And efforts like these could help save many lives by cutting off the supply of deadly drugs.

Read more »
FBI. Cyberespionage
Cyber Security CyberCrime cybercrime awareness Dark Web Dark web marketplace Dark Web Monitoring FBI FBI. Cyberespionage

FBI Busts 270 in Operation RapTor to Disrupt Dark Web Drug Trade

 

Efforts to dismantle the criminal networks operating on the dark web are always welcome, especially when those networks serve as hubs for stolen credentials, ransomware brokers, and cybercrime gangs. However, the dangers extend far beyond digital crime. A substantial portion of the dark web also facilitates the illicit drug trade, involving some of the most lethal substances available, including fentanyl, cocaine, and methamphetamine. In a major international crackdown, the FBI led an operation targeting top-tier drug vendors on the dark web. 

The coordinated effort, known as Operation RapTor, resulted in 270 arrests worldwide, disrupting a network responsible for trafficking deadly narcotics. The operation spanned the U.S., Europe, South America, and Asia, and confiscated over 317 pounds of fentanyl—a quantity with the potential to cause mass fatalities, given that just 2 pounds of fentanyl can be lethal to hundreds of thousands of people. While the dark web does provide a secure communication channel for those living under oppressive regimes or at risk, it also harbors some of the most heinous activities on the internet. 

From illegal arms and drug sales to human trafficking and the distribution of stolen data, this hidden layer of the web has become a haven for high-level criminal enterprises. Despite the anonymity tools used to access it, such as Tor browsers and encryption layers, law enforcement agencies have made significant strides in infiltrating these underground markets. According to FBI Director Kash Patel, many of the individuals arrested believed they were untouchable due to the secrecy of their operations. “These traffickers hid behind technology, fueling both the fentanyl epidemic and associated violence in our communities. But that ends now,” he stated. 

Aaron Pinder, unit chief of the FBI’s Joint Criminal Opioid and Darknet Enforcement team, emphasized the agency’s growing expertise in unmasking those behind darknet marketplaces. Whether an individual’s role was that of a buyer, vendor, administrator, or money launderer, authorities are now better equipped than ever to identify and apprehend them. Although this operation will not completely eliminate the drug trade on the dark web, it marks a significant disruption of its infrastructure. 

Taking down major players and administrators sends a powerful message and temporarily slows down illegal operations—offering at least some relief in the fight against drug-related cybercrime.
Read more »
Technology
AI ChatGPT CISA FBI GenAI NSA Technology

Governments Release New Regulatory AI Policy


Regulatory AI Policy 

The CISA, NSA, and FBI teamed with cybersecurity agencies from the UK, Australia, and New Zealand to make a best-practices policy for safe AI development. The principles laid down in this document offer a strong foundation for protecting AI data and securing the reliability and accuracy of AI-driven outcomes.

The advisory comes at a crucial point, as many businesses rush to integrate AI into their workplace, but this can be a risky situation also. Governments in the West have become cautious as they believe that China, Russia, and other actors will find means to abuse AI vulnerabilities in unexpected ways. 

Addressing New Risks 

The risks are increasing swiftly as critical infrastructure operators develop AI into operational tech that controls important parts of daily life, from scheduling meetings to paying bills to doing your taxes.

From foundational elements of AI to data consulting, the document outlines ways to protect your data at different stages of the AI life cycle such as planning, data collection, model development, installment and operations. 

It requests people to use digital signature that verify modifications, secure infrastructure that prevents suspicious access and ongoing risk assessments that can track emerging threats. 

Key Issues

The document addresses ways to prevent data quality issues, whether intentional or accidental, from compromising the reliability and safety of AI models. 

Cryptographic hashes make sure that taw data is not changed once it is incorporated into a model, according to the document, and frequent curation can cancel out problems with data sets available on the web. The document also advises the use of anomaly detection algorithms that can eliminate “malicious or suspicious data points before training."

The joint guidance also highlights issues such as incorrect information, duplicate records and “data drift”, statistics bias, a natural limitation in the characteristics of the input data.

Read more »
Microsoft
cyberattacks trending news cybercrime news FBI malware Microsoft

U.S. Shuts Down LummaC2 Malware Network in Major Takedown

 

In a major crackdown on cybercrime, the U.S. Department of Justice (DOJ), in coordination with the FBI and Microsoft, has dismantled a global malware operation known as LummaC2 by seizing five internet domains used to deploy the infostealer malware. LummaC2, notorious for stealing personal and financial data such as browser history, login credentials, and cryptocurrency wallet information, had compromised at least 1.7 million systems worldwide. 

The takedown occurred over three days in May 2025, with two domains seized on May 19, followed by the rapid seizure of three additional domains after the malware operators attempted to restore access. These domains acted as user panels for cybercriminals leasing or buying access to the malware, allowing them to deploy it across networks and extract stolen data. 

FBI Assistant Director Bryan Vorndran said, “We took action against the most popular infostealer service available in online criminal markets. Thanks to partnerships with the private sector, we were able to disrupt the LummaC2 infrastructure and seize user panels.” 

DOJ Criminal Division head Matthew R. Galeotti added, “This type of malware is used to steal personal data from millions, facilitating crimes such as fraudulent bank transfers and cryptocurrency theft.” In a parallel move, Microsoft launched a civil legal action to take down 2,300 more domains believed to be linked to LummaC2 actors or their proxies. 

Emphasising the value of collaboration, Sue J. Bai, chief of the DOJ’s National Security Division, said, “Today’s disruption is another instance where our prosecutors, agents, and private sector partners came together to protect us from the persistent cybersecurity threats targeting our country.” 

The operation, led by the FBI’s Dallas Field Office and supported by several DOJ divisions, forms part of a broader U.S. strategy to counter cyber threats, including a State Department programme offering up to $10 million for information on individuals targeting U.S. critical infrastructure.
Read more »
takedown
CloudFlare Cybersecurity DOJ Europol FBI Infostealer Lumma malware Microsoft takedown

Global Operation Dismantles Lumma Malware Network, Seizes 2,300 Domains and Infrastructure

 

In a sweeping international crackdown earlier this month, a collaborative operation involving major tech firms and law enforcement agencies significantly disrupted the Lumma malware-as-a-service (MaaS) operation. This effort resulted in the seizure of thousands of domains and dismantling of key components of Lumma's infrastructure across the globe.

A major milestone in the operation occurred on May 13, 2025, when Microsoft, through legal action, successfully took control of around 2,300 domains associated with the malware. Simultaneously, the U.S. Department of Justice (DOJ) dismantled online marketplaces used by cybercriminals to rent Lumma’s services, while Europol’s European Cybercrime Center (EC3) and Japan’s Cybercrime Control Center (JC3) helped take down Lumma’s infrastructure in their respective regions.

"Between March 16, 2025, and May 16, 2025, Microsoft identified over 394,000 Windows computers globally infected by the Lumma malware. Working with law enforcement and industry partners, we have severed communications between the malicious tool and victims," said Steven Masada, Assistant General Counsel of Microsoft's Digital Crimes Unit.

Cloudflare, one of the key players in the effort, highlighted the impact of the takedown.

“The Lumma Stealer disruption effort denies the Lumma operators access to their control panel, marketplace of stolen data, and the Internet infrastructure used to facilitate the collection and management of that data. These actions impose operational and financial costs on both the Lumma operators and their customers, forcing them to rebuild their services on alternative infrastructure,” Cloudflare stated.

The operation saw contributions from companies like ESET, CleanDNS, Bitsight, Lumen, GMO Registry, and law firm Orrick. According to Cloudflare, the Lumma malware misused their platform to mask server IP addresses that were used to siphon off stolen credentials and sensitive data.

Even after suspending malicious domains, the malware managed to bypass Cloudflare’s interstitial warning page, prompting the company to reinforce its security measures.

"Cloudflare's Trust and Safety team repeatedly flagged domains used by the criminals and suspended their accounts," the company explained.

“In February 2025, Lumma’s malware was observed bypassing Cloudflare’s interstitial warning page, which is one countermeasure that Cloudflare employs to disrupt malicious actors. In response, Cloudflare added the Turnstile service to the interstitial warning page, so the malware could not bypass it." 

Also known as LummaC2, Lumma is a sophisticated information-stealing malware offered as a subscription-based service, ranging from $250 to $1,000. It targets both Windows and macOS systems, enabling cybercriminals to exfiltrate data from browsers and apps.

Once installed, Lumma can extract a broad range of data, including login credentials, credit card numbers, cryptocurrency wallets, cookies, and browsing history from popular browsers like Google Chrome, Microsoft Edge, Mozilla Firefox, and other Chromium-based platforms. The stolen data is packaged and sent to attacker-controlled servers, where it is either sold on dark web marketplaces or used in follow-up cyberattacks.

Initially spotted in December 2022 on cybercrime forums, the malware quickly gained traction. Cybersecurity firm KELA reported its rapid rise in popularity among cybercriminals.

IBM X-Force’s 2025 threat intelligence report revealed a 12% year-on-year increase in the number of stolen credentials being sold online, largely driven by the use of infostealers like Lumma. Phishing campaigns delivering such malware have surged by 84%, making Lumma the most dominant player in this threat landscape.

Lumma has been linked to major malvertising campaigns affecting hundreds of thousands of users and has been used by notorious groups such as the Scattered Spider cybercrime collective.

Recently, stolen data linked to Lumma has played a role in high-profile breaches at companies like PowerSchool, HotTopic, CircleCI, and Snowflake. In some cases, infostealer malware has been used to manipulate internet infrastructure, such as the Orange Spain RIPE account hijacking incident that disrupted BGP and RPKI configurations.

On the day of the crackdown, the FBI and CISA jointly issued a security advisory outlining indicators of compromise (IOCs) and detailing the tactics, techniques, and procedures (TTPs) employed by threat actors using Lumma malware.


Read more »
Routers Threat
Cyber Security FBI FBI cybersecurity advisory FBI warning Malware Threat Malwares Router Hacking Router vulnerability Routers Routers Threat

FBI Warns Consumers to Replace Outdated Routers Hijacked by TheMoon Malware

 

The FBI has issued an urgent warning to American consumers and businesses: replace outdated internet routers immediately or risk becoming an unwitting accomplice in cybercrime. According to the agency, cybercriminals are actively targeting “end-of-life” routers—older models that no longer receive security updates from manufacturers—and infecting them with a sophisticated variant of TheMoon malware. Once compromised, these routers are hijacked and repurposed as proxy servers that enable criminals to mask their identities while conducting illegal activities online. 

These include financial fraud, dark web transactions, and cyberattacks, all executed through unsuspecting users’ networks. Because these routers lack updated firmware and security patches, they are especially vulnerable to remote infiltration and control. TheMoon malware, which first emerged in 2014, has evolved into a more potent threat. It now scans for open ports and installs itself without requiring a password. Once embedded, it silently operates in the background, routing illicit activity and potentially spreading to other devices within the network. The malware’s stealthy behavior often leaves users unaware that their home or business network has become part of a criminal infrastructure. 

The FBI specifically warned that routers manufactured in 2010 or earlier are particularly at risk—especially if features like remote administration are still enabled. Older Linksys models such as E1200, E2500, E1000, E4200, E1500, E300, E3200, WRT320N, E1550, WRT610N, E100, M10, and WRT310N are listed among the most vulnerable devices. Signs of a compromised router may include overheating, unexplained changes to settings, or erratic internet connectivity. In many cases, users may not even realize their equipment is outdated, making them easy targets for attackers seeking anonymous access to the web. 

To defend against these threats, the FBI strongly advises replacing unsupported routers with modern, secure models. Users should also disable remote access functions, install the latest security patches, and use complex, unique passwords to further protect their networks. If anyone suspects their router has been hijacked or detects suspicious activity, they are encouraged to file a report with the FBI’s Internet Crime Complaint Center (IC3). 

As cybercriminals become more innovative, relying on outdated technology increases exposure to serious digital threats. This latest alert is a stark reminder that cybersecurity begins at home—and that even something as common as a router can become a gateway for criminal exploitation if not properly secured.
Read more »
Subscribe to: Posts (Atom)