According to independent verification done by CySecurity News, there is no official website for Anonymous Group.
According to Bloomberg sources in the Russian and American security and intelligence agencies, Klyushin is a Kremlin insider and even a year and a half ago received a state award from Putin, the Order of Honor.
They added that Klyushin has access to documents that relate to the Russian campaign to hack the servers of the Democratic Party during the US elections in 2016. According to them, these documents confirm that the hacking was carried out by a group of hackers from the GRU, which is known under the names Fancy Bear and APT28. In addition, some sources expressed the opinion that Klyushin has access to secret records of other high-ranking GRU operations abroad. All this can make Klyushin a useful source of information for the US authorities, especially if he asks the court for leniency.
Another argument that Klyushin has this valuable information for the U.S. is that his subordinate at M13 was former ex-GRU operative Ivan Yermakov. In 2018, he was one of the defendants accused of hacking into the computer systems of the Democratic Party.
Recall that on December 19, Switzerland extradited Klyushin to the United States. He is suspected of illegal trading in securities worth tens of millions of dollars. Klyushin is the head of the M13 company, which has developed the Katyusha media monitoring system for the Ministry of Defense and the Presidential Administration.
In 2017, The Insider managed to prove that the Fancy Bear group consists of employees of the military unit 26165 GRU. A year later, this data was confirmed by the US Department of Justice, officially bringing charges against a group of hackers. The most famous operation APT28 was the hacking of the servers of the Democratic Party in 2016, designed to help Donald Trump defeat Hillary Clinton in the presidential election.
The RedLine malware attacks browsers based on the Chromium engine — Chrome, Edge, Yandex.Browser and Opera, as well as on the basis of the Gecko engine - Mozilla Firefox and Netscape. RedLine steals saved passwords, bank card data, information about cryptocurrency wallets, cookies, system information, and other information from browsers.
Further, experiments showed that the program collects any sensitive information stored in browsers, and in addition allows you to control the computers of victims via the SOAP remote access protocol and hypothetically create botnets from them. The problem affects not only companies but also ordinary users.
The RedLine program appeared on the Russian darknet in February 2020. The announcement of its sale was posted by a Russian-speaking user with the nickname REDGlade.
The AhnLab ASEC report calls RedLine a serious cyber threat. ASEC discovered the program in 2021 when they were investigating the hacking of the network of an unnamed company. It turned out that access was carried out through a VPN service from an employee's computer infected with RedLine.
Attackers sell malware on the darknet and telegram for an average of $150-200. RedLine is distributed using phishing mailings with attached files in the format .doc, .xls, .rar, .exe. It is also uploaded to domains that disguise themselves as an online casino or, for example, the website of the Krupskaya Confectionery Factory.
It is worth noting that in December 2021, RedLine became the most popular program used in cyber attacks. Since the beginning of the month, more than 22 thousand attacks have been carried out with the help of RedLine.
Experts urged not to store credentials in browsers, suggesting instead to use a password manager and enable two-factor authentication wherever possible.
For several years, on his website, a native of Yekaterinburg, Andrei Kirsanov, according to police, managed to sell thousands of packages with bots and cheat programs that allowed users to receive unfair advantages over other players. The damage caused to the creators of games is estimated at 670 million rubles ($9 million).
A Moscow court has begun considering a criminal case against Yekaterinburg resident Andrey Kirsanov, accused of creating, using and distributing malicious computer programs.
It should be noted that before that no one was brought to criminal responsibility just for the interference in the gaming computer industry.
The defendant in the case was the Belarusian company Wargaming, a publisher and developer of computer games, including the popular online tank and naval action World of Tanks and World of Warships.
In them, players take control of military equipment - tanks and ships - and participate in online battles. For winning such battles, they receive in-game currency and experience points, which allow them to develop and discover new, more powerful equipment.
According to the company's representatives, since the release of the games, a large number of malicious programs have been created for them that allow users to gain unfair advantages over other players — bots and cheats. According to Wargaming, some users lose interest in the game, including due to the fact that rivals use such malware. Representatives of the company said that only last year more than 10 thousand bots were excluded from the game in World of Tanks.
As the employees of the Ministry of Internal Affairs of Russia have established, since 2015, hackers sold bots and cheat programs for playing World of Tanks and World of Warships through the Cyber Tank and Cyber Ship websites.
The hacker group Clop, allegedly linked to Russia, put up for sale data stolen from the British police. This statement was made on Sunday by the Mail on Sunday newspaper.
According to the publication, information stolen by hackers can be bought on the darknet. The Mail on Sunday says that information from the Police national computer system (PNC), where information about 13 million British residents is stored, could have fallen into the hands of hackers.
"We are aware of the incident and we are working with our law enforcement partners to understand and limit the extent of its potential consequences," the Kingdom's National Cyber Security Center said.
The ransomware attack reportedly targeted the British IT company Dacoll, one of whose divisions provides remote access to PNC for 90% of UK police forces.
The company confirms that the incident happened on October 5, but claims that it was related only to the company's internal network and did not affect its clients or their systems. Meanwhile, the Mail on Sunday claims that information from Dacoll's customers was put up for sale after the company refused to pay a ransom to hackers, the amount of which was not disclosed.
British cybersecurity expert Philip Ingram said that the damage caused by such a data leak is immeasurable, as now there are serious questions about the security of solutions used by numerous public and private organizations.
It is worth noting that the Clop group has been actively using the malware family with the same name since the winter of 2019, demanding a ransom for the return of access to blocked data. Some companies specializing in protection against hackers have suggested that some of the members of the group live in Russia.
Google has filed lawsuits against two Russians - Dmitry Starovikov and Alexander Filippov. According to the company, they are behind the activities of a botnet called Glupteba.
The corporation claims that Glupteba has infected more than a million Windows devices worldwide, the increase in infections can be "thousands" daily. The botnet was used to steal Google user account data. Most often, the infection occurred after users downloaded free applications from unauthorized sources.
In addition to stealing and using other people's data, Glupteba was aimed at covert mining of cryptocurrencies and redirecting other people's traffic through infected computers and routers. Using this method, illegal traffic can also be redirected to other people's devices.
Google notes the sophisticated technical complexity of Glupteba. It uses a blockchain, the decentralized nature of which allows it to effectively protect itself from work disruptions. For the company, this is the first case of fighting a botnet on the blockchain.
The main infrastructure of the botnet is now neutralized. Those who managed the network from infected devices no longer have access to it. However, the company notes that this statement is valid only at the moment.
Google assumes that it was Starovikov and Filippov who managed Glupteba, relying on data in their Gmail accounts and Google Workspace office applications. The company insists on reimbursing them for damage, as well as a lifetime ban on their use of Google services.
According to experts, this could create a positive precedent. If the Russians really manage to be punished significantly, this will significantly weaken the community as an attacker in cyberspace. At a minimum, the hackers' sense of impunity will disappear. You can read about how Google representatives tracked hackers on the company's official website.
Thousands of private CCTV cameras have been hacked in Russia, said Igor Bederov, head of the Information and Analytical Research department at T.Hunter. According to him, many of these devices are located in hotels, massage rooms, salons where intimate haircuts and depilation are done.
This is evidenced by the fact that there are many Telegram channels, VK publics and forums on the Web, where they sell access to hacked cameras or videos from them.
One of these channels published an advertisement for the sale of access to video from more than 300 cameras from other people's bedrooms, washrooms, medical offices, salons, changing rooms. Price — 600 rubles ($8). Thousands of screenshots from such cameras have been published as advertisements on the channel: one shows a naked woman on a massage table, the other shows a man doing intimate depilation.
“Owners of hotels, beauty salons and other types of businesses put cameras in their premises for security purposes. Often such cameras are located directly in the rooms or offices where intimate services are carried out. At the same time, they are not always properly protected,” Igor Bederov explained the reason for such leaks.
According to open sources, vulnerable cameras are located all over the world. Accesses are often sold by subscription. But this is not the only way to monetize hacked devices. For example, recently the media wrote about the sale of an archive of video from surveillance cameras in Russian hotels and saunas for 15 TB.
Experts said that in some cases such frames are used to blackmail the heroes of the video or the owners of the cameras. Various services are often used to identify people from photos. If people are not identified, hackers can always find the organization where these cameras are installed by metadata.
Oleg Bakhtadze-Karnaukhov, an independent researcher on the darknet, claims that most often attackers hack cameras with network port 37777.
It is very easy to protect the device at the same time — just change the factory settings. However, according to expert, this basic rule is often ignored.
The US Treasury has added Ukrainian Yaroslav Vasinsky and Russian Yevgeny Polyanin, accused of cyberattacks as part of the hacker group REvil, to the so-called SDN List. The persons included in it have their assets frozen, and US citizens are prohibited from doing business with foreigners on the list.
The Estonian crypto bank Chatex was also included in the sanctions list. The US Treasury Department said that sanctions are being imposed against the bank for participating in cyber ransomware in the US and for exchanging cryptocurrencies on the Chatex platform.
Yaroslav Vasinsky was arrested in Poland in October on charges of hacking the Kaseya business software provider in Florida (occurred on July 4). Polyanin remains at large, but, like Vasinsky, he, according to the US Department of Justice, participated in the operations of the hacker group REvil.
Hackers spread a malicious ransomware program among 1,500 Kaseya customers, encrypting their data and forcing some to disconnect for several days. The US suggests that the attack was carried out by the hacker group REvil. It accused Vasinsky and Polyanin of cyber hacking and conspiracy to commit fraud and money laundering. The US Treasury reported that the victims of the group paid it more than $200 million in bitcoins and other cryptocurrencies.
The court materials indicate that the Ukrainian hacker and his accomplices began to engage in the introduction of malware in April 2019. In total, by the beginning of November, the police and special services had identified about two dozen suspects in cyberattacks in 71 countries on companies and infrastructure using REvil ransomware. So, two people were arrested in Romania, five in South Korea.
The hacker group REvil (also known as Sodinokibi) has been working on the darknet since 2019. Kaspersky Lab said in its research in May 2021 that REvil distributes its encryption virus through partners (other hackers) who receive 60-75% of the ransom.
The Daily Mail newspaper reported that the security systems of the British jewelry house Graff Diamonds were subjected to a cyberattack, as a result of which hackers gained access to the personal data of world leaders, actors and tycoons.
The article claims that the Conti hacker group allegedly linked to Russia is behind the attack.
According to the Daily Mail, hackers have already posted almost 70 thousand official documents on the darknet, including files concerning former US President Donald Trump, American TV presenter Oprah Winfrey, British football player David Beckham and others.
Hollywood actors Tom Hanks and Alec Baldwin, Crown Prince of Saudi Arabia Mohammed bin Salman, Ruler of Dubai Sheikh Mohammed bin Rashid Al Maktoum, as well as former Deputy Prime Minister of Kazakhstan Yerbolat Dosayev are also named among the clients of the jewelry house.
The hackers reported that the published data, which concerns about 11 thousand wealthy clients of the company, is only 1% of the files obtained as a result of the cyberattack.
According to cybersecurity experts, cybercriminals will demand a ransom in cryptocurrency or in jewelry. In the case of Conti hacker group, we can talk about 10% of the victim's annual income.
The jewelry house confirmed the information about the hacking of its security systems. “Unfortunately, we, like a number of other companies, have been the target of a sophisticated, albeit limited cyberattack by professional and determined criminals,” Graff Diamonds said.
According to a representative of the jewelry house, the incident has already been reported to law enforcement agencies and the ICO, the UK's data protection regulatory authority. In addition, the company also informed those customers whose data were affected.
Earlier, Microsoft reported that hackers allegedly linked to Russia committed more than 22 thousand new attacks on the networks of IT structures in four months. According to the company, we are talking about the Nobelium group, which in the United States is associated with the Russian Foreign Intelligence Service.