Law Enforcement Brings Down Emotet, Disrupts Netwalker, and Busts Social Media Troll for Spreading Misinformation
Other top news for 1/28/21: Ukraine, Europol and U.S. authorities uncover bank-theft hackers that caused $2.5B in damages, Group changes logos and text on phishing pages in real-time, much more
Follow us on Twitter to stay on top of the news between our daily newsletters.
In a successful international effort involving Europol, the FBI, the UK’s National Crime Agency, and other nations, one of the world’s most prolific and dangerous malware botnets, Emotet, was taken down after authorities took control over its infrastructure during a week of operations that disrupted Emotet from the inside.
Emotet establishes a backdoor into Windows systems via automated phishing emails, providing a platform for delivering a host of additional malware infections such as Ryuk ransomware and Trickbot banking trojans by cybercriminals who lease Emotet’s army of infected machines. (Danny Palmer / ZDNet)
Related: Reddit - cybersecurity, HackRead, Wired, Europol, Homeland Security Today, SecurityWeek, The Register, CyberNews, The Record by Recorded Future, Blog | Avast EN, Krebs on Security, Engadget, National Crime Agency, Bleeping Computer, DataBreaches.net, ZDNet, Security on TechRepublic, Verdict, RCMP, ARN, CSO Online, IBTimes India, SC Magazine, Blog | Avast EN, teiss, Security Affairs, SC Magazine, Dark Reading, TechTarget, Infosecurity Magazine, GovernmentCyber.com, Computer Weekly, Gizmodo, HackRead, Digital Journal, BBC News, AskWoody, Malwarebytes, HackRead, Axios, Cyberscoop, Threatpost, CBC, Asia One Digital, Channel News Asia, RAPPLER, The Independent, Tech Xplore, ZDNet, Security on TechRepublic, Verdict, RCMP, ARN, CSO Online, IBTimes India, SC Magazine, Blog | Avast EN, teiss, Security Affairs, SC Magazine, Dark Reading, TechTarget, Infosecurity Magazine, GovernmentCyber.com, Computer Weekly, Gizmodo, HackRead, Digital Journal, BBC News, AskWoody, Malwarebytes, HackRead, CERT-EU , Cyberscoop, Threatpost, Tech Xplore, Belfast Telegraph, NewsChain, Deutsche Welle, PerthNow, Canberra Times, South China Morning Post, Associated Press Technology


Law enforcement agencies from the U.S. and Bulgaria disrupted the infrastructure of NetWalker, one of 2020’s most active ransomware gangs, with Bulgarian officials seizing a server used to host dark web portals for the NetWalker gang while U.S. authorities indicted a Canadian national who allegedly made at least $27.6 million from infecting companies with the NetWalker ransomware.
The Canadian man indicted is Sebastien Vachon-Desjardins, who is believed to be someone who rented the ransomware code from the NetWalker creator.
Related: ZDNet, iTnews - Security, Threatpost, Bleeping Computer, Hack Read, SecurityWeek, DataBreaches.net, Security Affairs, States News Today, Department of Justice, Cyberscoop, IT World Canada, Krebs on Security, The Record by Recorded Future

Justice Department @TheJusticeDept
Department of Justice Launches Global Action Against NetWalker Ransomware https://t.co/T18MDI8v1x https://t.co/1L1gcIrsCKU.S. law enforcement arrested a white nationalist troll, Douglas Mackey, who also goes by the name Ricky Vaughn, for election interference because he allegedly conspired with others online to use memes and social media platforms to spread misinformation aimed at depriving people of their right to vote during the 2016 presidential election.
The prosecutor in the case, Seth D. DuCharme, acting US attorney for the Eastern District of New York, said that tMackey'spursuit is intended to convey that criminals cannot hide by anonymity to evade responsibility for their crimes. (Tasneem Nashrulla, Ryan Mac / Buzzfeed News)
Related: Justice.gov, Cyberscoop, Bloomberg, UPI.com
In cooperation with U.S. police and Europol, Ukrainian authorities say they uncovered a group of hackers based in Kharkiv, Ukraine’s second-largest city, who stole data from banks in the United States and several European countries, causing an estimated $2.5 billion in damage.
The hackers purportedly stole passwords and payment data from private and state banks in the U.S., the Netherlands, Austria, Germany, the United Kingdom, Switzerland, and Lithuania.
Related: Tech Xplore, News 112.international
WhatsApp is adding a new biometric feature to the service to bring in a new authentication layer for those using its web and desktop versions.
The feature follows what WhatsApp is describing as a “visual refresh” of the WhatsApp web page on the Android and iOS apps for linking and managing devices connected to your account. (Ingrid Lunden / TechCrunch)
Related: PhoneArena, iPhone Hacks, Pocketnow, xda-developers, MediaNama, The Next Web, Telecomlive.com, IBTimes India, 9to5Mac, TechDator


In a development that could have a huge impact on the mobile advertising ecosystem, Apple is advocating what it calls App Tracking Transparency, which will require developers to ask for permission when they use personal data from other companies’ apps and websites for advertising purposes, even if they already have user consent.
Google is on board with this program, saying that it helps out its community in adapting to the new program. (Dean Takahashi / Venture Beat)
Related: CNET News, iPhone Hacks, HotHardware.com, MacRumors, iTnews - Security, MacDailyNews, CNET News, Neowin, Slashdot, Apple, Google
Researchers at RiskIQ say that a cybercrime group uses a novel phishing toolkit called LogoKit that is being deployed in the wild to change logos and text on a phishing page in real-time.
The researchers found LogoKit installs on more than 300 domains over the past week and more than 700 sites over the past month. (Catalin Cimpanu / ZDNet)
Related: Dark Reading: Threat Intelligence, Reddit-hacking, RiskIQ Security
Researchers at security firm Armis say that a new variant of the NAT Slipstreaming Attack, a Java-based attack that allows attackers to access TCP/UDP services remotely, can be leveraged to compromise and expose any device in an internal network.
The latest Slipstreaming attacks put "embedded, unmanaged, devices at greater risk, by allowing attackers to expose devices located on internal networks, directly to the Internet,” according to the researchers. (Ravie Lakshmanan / The Hacker News)
Related: Threatpost, Reddit - cybersecurity, Armis
Researchers at AT&T Alien Labs d say that the TeamTNT cybercrime group, best known for compromising Internet-exposed Docker instances, upgraded its Linux crypto-mining with open-source detection evasion capabilities.
The evasion tool used by the group is known as libprocesshider and is an open-source tool available on Github that can be used to hide any Linux process with the help of the ld preloader. (Sergiu Gatlan /Bleeping Computer)
Related: Cybersecurity AT&T, Reddit - cybersecurity, Threatpost
Microsoft announced that its security business surged to $10 billion over the past twelve months, reflecting an uptick in cyber threats due to remote working and indicative of how cloud providers are shifting to cloud-based services.
The software giant said that what’s driving it now is a true zero-trust mindset that the company believes is the future of security. (David Uberti / Wall Street Journal Pro Cybersecurity)
Related: Cyberscoop, TechTarget, Microsoft Malware Protection Center, Tech Insider
Charlottesville, VA-based ICS security company Mission Secure raised $22.5 million in a Series B round that included Ireon Ventures Ltd. Energy Innovation Capital, Blue Bear Capital Partners, Chevron Technology Ventures, and the University of Virginia LVG Seed Fund.
Mission Secure says its platform integrates OT visibility, segmentation, protection, threat hunting, and incident response, delivering military strength, industrial grade OT protection. (FinSMES)
Related: VC News Daily
Sophos researcher Michael Heller said that a Nefilim ransomware attack locked up more than 100 systems following the compromise of an unmonitored account belonging to an employee who had died three months previously.
These types of “ghost” accounts present above-average risk to enterprises because of the lack of oversight regarding how and when these accounts are used. (Tara Seals / Threatpost)
By Vysotsky - Own work, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=92870285