We have collected the most important news from the world of cybersecurity for the week.
The phishing service for draining cryptocurrencies Pink Drainer has announced the completion of its work.Gang members have been detained in the United States for laundering $73 million through USDT.The FBI arrested the administrators of BreachForums, and also seized the website and Telegram channel of the forum.The number of illegal P2P transactions on Ozon wallets has increased in the Russian Federation.The phishing service for draining cryptocurrencies Pink Drainer has announced the completion of its work
The developers of the popular Pink Drainer cryptocurrency wallet drain service have decided to scale back their infrastructure. Onchain researcher ZachXBT drew attention to this.
"We have achieved our goal, and now, according to the plan, it is time for us to resign. After the publication of this message, we will begin to scale down our infrastructure. All stored information will be erased and securely destroyed," the group said in a statement.
Pink Drainer worked under the PhaaS scheme and provided cybercriminals with tools to steal cryptocurrencies through social engineering and the distribution of phishing links. As payment, the developers charged commissions and a percentage of the stolen funds.
According to ScamSniffer, Pink Drainer is involved in the theft of $85 million worth of digital assets from more than 21,000 victims.
Gang members detained in the United States for laundering $73 million through USDT
US law enforcement agencies have arrested two Chinese citizens, Daren Li and Yicheng Zhang, who allegedly organized a scheme to launder funds received as a result of fraud with cryptocurrency investments.
According to the indictment, the defendants in the "international syndicate" withdrew more than $73 million through US financial institutions to domestic and international bank accounts, and then converted them into USDT.
The cryptocurrency wallet used in the scheme received a total of over $341 million in various assets.
Li and Zhang were charged with conspiracy and six counts of international money laundering. The defendants face 20 years in prison for each of the points.
The FBI arrested the administrators of BreachForums, and also seized the website and Telegram channel of the forum
On May 15, the FBI confiscated the servers and domains of the hacker forum BreachForums, which published various leaks. This is reported by Bleeping Computer.
Data: Bleeping Computer.The banner of the stub shows the avatars of two site administrators under the nicknames Baphomet and ShinyHunters with prison bars imposed on them.
In addition, the authorities seized the Telegram channel and the BreachForums chat. They made the corresponding post under the Baphomet account, which may indicate the seizure of his devices.
Data: BleepingComputerThe FBI continues to investigate cybercrime activity on BreachForums and its predecessor RaidForums and is asking all victims and witnesses to provide information on the case.
U.S. law enforcement agencies shut down BreachForums in March 2023. Its creator and administrator, Conor Brian Fitzpatrick (Pompompurin), was sentenced to 20 years of probation under supervision.
At the end of June, the FBI gained control of the forum's backup domain on the net. Nevertheless, BreachForums continued to function all this time, changing sites.
The number of illegal P2P transactions on Ozon wallets has increased in Russia
Attackers began to actively use Ozon e-wallets for illegal transactions. The number of messages about the purchase and sale of verified marketplace accounts for P2P transfers tripled from February to April. This is reported by Forbes with reference to Angara Security.
Ozon e-wallets are freely sold on Telegram and on the darknet at an average price of 2,599 rubles.
In addition, attackers sell databases with legitimate users' data, or use the built-in service to link a digital card to an anonymous account, which requires a SIM card from any operator to register.
The cost of access to the personal account of Ozon Bank varies in the range of 500-10,000 rubles, depending on the status of the wallet, the verification method, the probability of account blocking, as well as the amount of data received by the buyer.
An American woman and a Ukrainian man were accused of helping North Korean IT specialists
US law enforcement officers arrested American Kristina Marie Chapman and Ukrainian Alexander Didenko for separate facts of assistance to North Korean IT specialists in finding employment and conducting payment transactions.
According to the Chapman case file, from October 2020 to October 2023, she ran a "laptop farm" used by North Korean citizens to obtain remote work in more than 300 firms in the United States. At the same time, they presented false documents to employers. During the period of the scheme, foreigners earned at least $6.8 million.
In turn, Didenko controlled approximately 871 proxy servers and provided accounts to three freelance IT recruitment platforms and three money service providers. Since July 2018, he has processed cash transactions in the amount of $920,000.
Each of the defendants is charged with conspiracy to defraud the United States, aggravated identity theft, as well as money laundering and various types of fraud.
Chapman faces up to 97.5 years in prison, Didenko — up to 67.5 years.
Experts have discovered new backdoors for hackers from the Russian Federation to attack the European government
ESET researchers have identified two new backdoors LunarWeb and LunarMail, which Russian hackers, presumably the Turla group, used to hack the Ministry of Foreign Affairs of an unnamed European country with diplomatic missions in the Middle East.
#ESETresearch has discovered the Lunar toolset, two previously unknown backdoors (which we named #LunarWeb and #LunarMail) possibly linked to Turla, compromising a European MFA and its diplomatic missions abroad. https://t.co/VnCsGTidwr 1/6
— ESET Research (@ESETresearch) May 15, 2024Penetration into the target system occurs through phishing of Word files with malicious macrocode. Backdoors can go unnoticed for a long time, observing user actions and stealing data.
According to experts, LunarWeb and LunarMail have been operating since at least 2020 and are aimed at government and diplomatic institutions.
Also on ForkLog:
Pump.fun lost $1.9 million as a result of an insider attack.Binance has introduced an "antidote" to spoofing scams.Two brothers in the United States have been arrested for attacking Ethereum and stealing $25 million.Hackers from North Korea laundered $147 million stolen from HTX through Tornado Cash.In Ukraine, the list of dubious projects has been replenished by miners and crypto traders.Journalists learned about the hacker attack on the hedge fund BlockTower Capital.A participant in the hacked DEX Cypher confessed to stealing part of the funds.Alex Labs' DeFi protocol lost $4.3 million in a hacker attack.An underground bank with a turnover of $1.9 billion in USDT was destroyed in China.Sonne Finance's DeFi project was hacked for $20 million.A hacker attacked users of the decentralized Equalizer exchange.Kimsuky has used new software to attack cryptocurrency companies.ZachXBT has suggested hacking the Rain bitcoin exchange for $14.8 million.In China, a scheme for the illegal withdrawal of $295 million through cryptocurrencies has been revealed.What should I read on the weekend?
In the News+ format, we explain what risks EIP-3074 carries for Ethereum wallets and what is the alternative to this standard proposed by Vitalik Buterin:
https://forklog.com/news/eksperty-otsenili-vliyanie-eip-3074-na-ethereum-koshelki