Cybersecurity Highlights: Europol’s Takedown of Malware Network and Telegram’s New Fact-Checking Feature

We have compiled the most significant cybersecurity news of the week.

Europol Dismantles Large-Scale Malware Distribution Network

Law enforcement agencies from several European countries seized over a hundred servers and 2000 domains used for distributing malware, including IcedID, Pikabot, Trickbot, Bumblebee, Smokeloader, and SystemBC. Three individuals were arrested in Ukraine, and one in Armenia.

?Largest ever operation against botnets hits dropper malware ecosystem.

Operation Endgame, coordinated from Europol headquarters, has led to four arrests and the takedown of over 100 servers worldwide.

More information in our press release⤵️https://t.co/SNZW5SpLnF

— Europol (@Europol) May 30, 2024

According to the investigation, the key suspect earned over $74.5 million in cryptocurrencies by renting out infrastructure to ransomware operators.

The search continues for seven individuals involved in botnet activities.

BreachForums Resurfaces with Major Data Leaks

The site of the closed hacker forum BreachForums has resumed operations. A user named ShinyHunters has put up for sale databases from the American ticket operator Ticketmaster and the Spanish bank Santander, as reported by Bleeping Computer.

In the first case, the perpetrator claimed to have data on 560 million Ticketmaster customers, totaling 1.3 TB. Allegedly, these include names, home addresses, emails, phone numbers, and credit card information, including hashed numbers and expiration dates. The hacker is asking for $500,000 for this data.

Ticketmaster has not commented on the situation, while US law enforcement confirmed the cyber incident to the media, without specifying its scale.

Data on 30 million customers and employees of Santander in Chile, Spain, and Uruguay were reportedly stolen two weeks earlier, according to reports. This dump of bank account data is valued at $2 million.

ShinyHunters claims that both leaks resulted from hacking a Snowflake employee’s account. Representatives of the latter confirmed the incident, attributing it to poor user account security and denying vulnerabilities in their products.

Founders of Cloud Mining Service HashFlare Extradited to the US

The US secured the extradition from Estonia of the founders of the cloud mining service HashFlare and the digital bank Polybius Bank, Sergei Potapenko and Ivan Turõgin. They are accused of cryptocurrency fraud and money laundering amounting to $575 million across 18 counts.

According to court documents, the entrepreneurs created financial pyramids through their companies, fraudulently attracting investors. The accomplices were detained in November 2022 at the request of the FBI.

They face up to 20 years in prison if convicted on all charges.

Coinbase, Circle, and Kraken Join Cyber Threat Counteraction Group

The industry group Crypto ISAC, established to protect against cyber threats and exploits, has revealed its participants. This was reported by CoinDesk.

Among the first to join were cryptocurrency exchanges Coinbase and Kraken, as well as the co-issuer of the USDC stablecoin, Circle.

The founding members include: the non-profit Solana Foundation, responsible for Solana’s development; wallet developer ConsenSys; and crypto custodial service provider Fireblocks.

Also on the list:

• privacy-focused blockchain platform Aleo;
• L2 solution Arbitrum;
• blockchain Hedera;
• cybersecurity startup Red Balloon Security;
• venture capital firm Ribbit Capital;
• auditing company Trail of Bits.

The creation of the group was led by cryptocurrency insurer Evertas.

ISAC members exchange information on vulnerabilities and cybersecurity incidents between businesses and governments, enhancing legitimacy and trust in the industry for the latter.

Telegram Introduces Fact-Checking Feature in Beta Version

The source code of the beta version of the Telegram messenger for Android has revealed a Fact Check feature. This was noted by a developer under the nickname MarshalX.

The feature will allow adding clarifying information to posts. Fact-checking will be carried out by agencies appointed by the governments of the countries where Telegram operates. Their names will be reflected in the post.

Ordinary users will not be able to influence the content.

Head Mare Hackers Claim Responsibility for CDEK Logistics Company Breach

On May 26, the Russian parcel and cargo delivery operator CDEK experienced a major technical failure, causing the company’s app and website to be down for several days. Additionally, the acceptance and delivery of shipments were suspended to avoid errors.

The hacker group Head Mare claimed responsibility for the incident, stating they used ransomware for the breach. This was confirmed by two sources in a comment to Vedomosti.

1/7 Head Mare gave no time for #CDEK to protect itself. The sysadmins were too weak. Security policies failed. #CDEK continues to bear the banner of the worst delivery in Russia, even surpassing the Russian Post pic.twitter.com/8FuWmTCd3I

— Head Mare (@head_mare) May 27, 2024

On May 31, CDEK restored most of its functionality and the ability to accept shipments. An internal investigation is ongoing.

Also on ForkLog:

• Cryptocurrency exchange DMM Bitcoin was hacked for $305 million.
• The US arrested the creator of a botnet that amassed over $130 million in cryptocurrencies.
• Wallet tightened data collection on users.
• A former Deutsche Bank employee was sentenced for cryptocurrency fraud.
• Hackers attacked celebrity X accounts to promote scams.

What to Read This Weekend?

Together with the company “SHARD,” we discuss current fraud schemes in the Telegram messenger.