Alexis Hess
Bogus IT workers are defrauding US businesses
The US government has seized over $7.74 million in illegal funds, allegedly siphoned off by illegitimate North Korean Information Technology (IT) workers for the benefit of the North Korean government. The US Department of Justice (DOJ) has filed a civil forfeiture complaint alleging that the IT workers secured employment in the US illegally, racking up millions of dollars in cryptocurrency and bypassing US sanctions placed against North Korea. According to the US Federal Bureau of Investigation (FBI), the use of North Korean IT workers to defraud the US is now taking place on a massive scale.
“Crazy Evil” Threatens Cryptocurrency Ecosystem
A new and rising threat to decentralized financing has been identified. Threat intelligence researcher, the Insikt group, has uncovered “Crazy Evil,” a rapidly growing Russian crypto-scam gang that targets cryptocurrency users and influencers. According to Insikt Group, over ten active social media scams are linked directly to Crazy Evil, garnering millions of dollars in illicit funds and infiltrating tens of thousands of devices. Crazy Evil is what is referred to as a “traffer” team, which Insikt describes as “a collective of social engineering specialists tasked with redirecting legitimate traffic to malicious landing pages.” Allegedly operating since 2021 on dark web forums and amassing thousands of followers on their public Telegram channels, Crazy Evil’s primary targets are cryptocurrency users, non-fungible token (NFT) traders and gaming professionals - all of whom often use decentralized platforms with little or no regulatory oversight.
FBI Takes Down Crypto-Laundering Scam
The line between cybercrime and plain old-fashioned fraud has become yet more blurred following the sentencing of international virtual currency vendor Anurag Pramod Murarka to 121 months in prison for his involvement in a classic money laundering operation that he advertised on Darknet marketplaces. According to recently unsealed court documents, Murarka operated an international money laundering business from April 2021 until September 29, 2023. Murarka was able to operate out of India and serviced shady clients in the United States through an intricate Indian “hawala” money transferring system and the use of the US Postal Service as his “unwitting partner in transferring ill-begotten funds.” The original Hawala scam was an Indian political and financial scandal involving illicit payments allegedly sent by politicians through a network of four Hawala brokers that implicated some of the country's leading politicians.
Pastor Charged with Cryptocurrency Scam
Washington-based Pastor Francier Obando Pinillo has been charged for his involvement in “Solano Fi,” a fraudulent cryptocurrency investment business that Pinillo claims “came to him in a dream.” A pastor in a church based in Pasco, Washington, Pinillo allegedly took advantage of his position to sway members of the congregation to invest in Solano Fi, defrauding over a thousand victims of millions of dollars in what he claimed was a “safe and guaranteed investment.” “Fraudulent investment schemes are not new, but cryptocurrency scams are a new way fraudsters take money from hardworking, honest people,” states US Attorney Vanessa Waldref. The landmark case illustrates how cryptocurrency scams have now become mainstream. Fraudulent cryptocurrency schemes have previously been viewed as the province of highly organized hostile nation-state-backed cybercriminals and shadowy ‘market makers”. But the Pinillo case illustrates how even relatively unskilled crooks are now capable of preying on the greed of unsuspecting investors.
US Puts $10M Bounty on Chinese Hacker
A Chinese national, Guan Tianfeng, has been accused of involvement in the hacking of 81,000 firewall devices all over the world in 2020. Some of the compromised devices were protecting systems running US critical infrastructure and, had the attacks gone undetected, they could have had potentially deadly consequences. The US Department of State’s Rewards for Justice (RFJ) program has since announced a reward of up to $10 million for information leading to the arrest of Guan and his alleged co-conspirators. “The defendant and his conspirators compromised tens of thousands of firewalls and then continued to hold at risk these devices, which protect computers in the United States and around the world,” said Assistant Attorney General for National Security Matthew G. Olsen.
Russian Authorities Arrest FBI’s Most Wanted Hacker
The FBI’s most wanted hacker, Mikhail Pavlovich Matveev, dubbed the “Moriarty” of cybercrime, has finally been arrested by Russian authorities. Described by the FBI as a “prolific” cybercriminal, Matveev has had a $10 million bounty on his head for any information leading to his arrest since 2023. The arrest is a turning point on the part of the Russian authorities, as cybercriminals have long seen Russia as a safe haven. According to intelligence sources, this could either represent an attempt to try and legitimize the Russian economy or an indication that the state is taking back control of cyber-attacks on Western economies.
China’s Telecom Hack ‘Most Serious’ in US History
US Senator Mark Warner has called the Salt Typhoon hack, conducted by a group that has been linked to Chinese intelligence, “the most serious telecoms hack in our history.” In a recent interview with the NY Times, Warner also said that hackers were able to listen in on telephone calls and access text messages, emphasizing that “every major provider has been broken into.” This follows hard on the FBI releasing a joint statement with the US Cybersecurity and Infrastructure Security Agency (CISA), in which they announced that “China-affiliated actors have compromised networks at multiple telecommunications companies.”
Cryptocurrency Laundering Top Dog Arrested
Russian-Swedish native Roman Sterlingov has been sentenced to twelve years in prison for his alleged involvement in Bitcoin Fog, the longest-running cryptocurrency laundering service on the dark web. Sterlingov reportedly operated Bitcoin Fog for a decade and processed over 1.2 million Bitcoin, valued at approximately $400 million at the time of the transactions. Bitcoin Fog ran from 2011-2021 and quickly garnered a reputation among the dark web community as the “go-to” cryptocurrency “mixer” for cybercriminals looking to hide their illicit funds from law enforcement. Bitcoin Fog would pool the “dirty” cryptocurrency and redistribute it in order to make the funds untraceable. According to court documents, the cryptocurrency laundered was mainly derived from darknet marketplaces tied to illegal narcotics, identity theft, and child sexual abuse material.
Dutch Police Take Down major global cyber threat
The Dutch Police, Politie, claim to have removed a major threat to organizations all over the world by dismantling two of the most notorious ‘infostealers’, software designed to breach computer systems to steal sensitive information. “Operation Magnus,” conducted in collaboration with Team Cybercrime Limburg, is reported to have taken down the Redline and META info stealers, which have been responsible for infecting millions of computers worldwide with malware, leaving them open to devastating ransomware attacks and other threats.
Hackers infiltrate SEC’s X Account to Boost Bitcoin
A cybercriminal in Alabama, suspected of hacking into the US Securities and Exchange Commission’s (SEC’s) X account, has been arrested. He is accused of using the compromised account to post fake messages, causing the value of Bitcoin to boost by $1,000. Hacker Eric Council Jr, also known as “EasyMunny” and “AGiantSchnauzer,” was allegedly able to secure the credentials for the SEC’s X account through a method called “Sim Swapping.” The council created a fake ID using the stolen personal information of someone who had access to the X account. With the fake ID, he was able to purchase a SIM card linked to the victim’s phone in a cellphone provider store in Alabama, giving Council access to the victim’s personal information and log-in credentials.
Feds Create Their Own Cryptocurrency for Sting Operation
The US Federal Bureau of Investigation (FBI) has created “NexFundAI”, a cryptocurrency created to further their investigation, “Operation Token Mirrors.” The FBI also announced that 18 individuals have been charged for market manipulation and “wash trading” -- the first of its kind in the cryptocurrency industry. The investigation, described as “a new twist to old-school financial crime”, garnered charges against cryptocurrency company leaders and employees from Texas, the UK, and Portugal, and over $25 million in seized cryptocurrency. NexFundAI enabled the FBI to monitor and track illicit activities conducted by cryptocurrency companies and financial service firms, or “market makers.”
Feds try to block N. Korea’s crypto-cash pipeline
The US Federal Bureau of Investigation (FBI) is conducting an ongoing investigation into the notorious North Korean cybercrime group Lazarus, formerly known as “God’s Apostles”. The group is alleged to have stolen over $800 million in virtual currency. Over the past decade, the Lazarus group has targeted entertainment companies, banks, and pharmaceutical companies both in the US and worldwide. One heist, in particular, is referenced in the court documents, where approximately $41 million worth of virtual money was allegedly stolen from the online casino platform Stake.com and laundered through VCM Sinbad. Sinbad has since been sanctioned by the US Treasury Department’s Office of Foreign Assets Control for its involvement in laundering money from the Stake.com heist, among others executed by Lazarus.
Chinese phisher steals top US military secrets
This week, the US Department of Justice (DOJ) announced criminal charges against a Chinese national, Song Wu, accused of wire fraud and aggravated identity theft in an effort to obtain National Aeronautics and Space Administration (NASA) computer software and source code. The DOJ has now revealed that the specialized software allegedly stolen by Song could be used by potentially hostile enemies to attack the US. According to the DOJ, the stolen software could be used for “industrial and military applications, such as development of advanced tactical missiles and aerodynamic design and assessment of weapons.”
India Enlists Army of 5000 “Cyber Commandos”
The Indian Government is upping the ante with its fight against cybercrime. Indian Union Home Minister Shri Amit Shah this week announced the launch of four major platforms under cyber security program Indian Cyber Crime Coordination Center (I4C), including the training of 5,000 “Cyber Commandos,” to counter the increasing threat of cyber-crime. The Cyber Commando Program will create a special wing in every Central Police Organization, aiming to train 5,000 “Cyber Commandos” over the next five years. Trained Commandos will assist Central Agencies in “securing digital spaces”. Other platforms include a national Suspect Registry, a Cyber Fraud Mitigation Center, and an online portal for cyber-crime data analytics and crime mapping.
Secret Service Hot on the Trail of Cybercriminal “Stalin”
The United States Secret Service is doubling down on the search for cybercriminal “Stalin.” On August 26, 2024, the U.S Department of State partnered with the US Secret Service to put out a bounty of up to $2.5 million for information leading to the arrest of Belarusian hacker Volodymyr Kadariya, sometimes going by the alias “Stalin.” Kadariya was allegedly part of a malicious advertising (“malvertising”) ring responsible for transmitting the Angler Exploit Kit, a toolkit utilized by threat actors to exploit vulnerabilities in a system or code.