Phishing from a Van, Wazawaka Arrested, and Other Cybersecurity Events

We have compiled the most important cybersecurity news of the week.

Hacker Linked to LockBit Arrested in Kaliningrad

Russian national Mikhail Matveev was arrested in Kaliningrad on charges of developing the Babuk virus and distributing several ransomware programs, including LockBit and Hive, as reported by the local prosecutor’s office. 

Matveev, known by aliases Wazawaka, Uhodiransomwar, m1x, and Boriselcin, encrypted files on victims’ computers during cyberattacks and demanded cryptocurrency.

The criminal case has been sent to the Central District Court of Kaliningrad.

The Russian is under US sanctions, where he previously faced similar charges. Authorities estimated the total damage from the ransomware programs he managed at $200 million.

Van with SMS Blaster for Phishing Found in Bangkok

Thai police discovered a van equipped with an SMS blaster used for phishing Bangkok residents. The device had a range of about three kilometers and could send up to 100,000 messages per hour, according to local media reports.

In three days, nearly a million text messages were sent to mobile phones within the device’s range. All messages claimed to offer gift points from a major Thai telecom operator, Advanced Info Service, and contained a link to a phishing site.  

Upon visiting the site, users were asked for credit card details, which the perpetrators used to withdraw funds in other countries. The group coordinated their activities through private Telegram channels. 

The 35-year-old van driver was arrested. Police are searching for at least two accomplices.

Major Disruption in Russia Due to Yandex Cloud Issues

On November 29, after 4:00 PM MSK, residents of Russia experienced disruptions in banking services, delivery services, and telecom operators, according to DownDetector.

The cause was network connectivity issues in Yandex Cloud, as the company’s press service informed Kommersant. The technical team is working to resolve the problem.

Meanwhile, Aeroflot warned of difficulties in booking and refunding tickets due to a global failure in the Leonardo reservation system.

Media Reports on Cyber-Espionage Investigation Involving Exxon Mobil Consultant

The FBI is investigating a long-time consultant of Exxon Mobil for his alleged involvement in hacking and data leaks affecting hundreds of the oil company’s critics, according to Reuters, citing informed sources.

According to them, since late 2015, the PR firm DCI Group, then working for Exxon, hired an Israeli private investigator to conduct cyberattacks against environmental community representatives and activists. 

Hired hackers participated in the operation, with victims including Greenpeace, the Union of Concerned Scientists, the Rockefeller Family Fund, and former Democratic presidential candidate and environmental billionaire Tom Steyer.

Several eco-activists told the publication that the hacks disrupted the preparation of city and state attorneys general for lawsuits against Exxon and other energy companies. 

Representatives of the oil giant stated that the firm “was not involved and was unaware of any hacking activities,” calling the allegations “conspiracy theories.” It is unknown whether Exxon itself is under investigation — the case is classified.

Australia Bans Social Media for Children Under 16

The Australian Senate has passed a law banning children under 16 from using social media. It has already been approved by the House of Representatives, reports Reuters. 

The document forces Instagram, X, TikTok, Snapchat, and others to restrict minors’ access to their systems. The fine for violations is up to 49.5 million AUD ($32 million). 

The country’s authorities plan to test an age verification system with biometric identification. The law will come into effect in November 2025.

Tech giants opposed the strict regulation. Alphabet and Meta suggested delaying the ban, Bytedance pointed out the need to refine the law, and X saw the initiative as infringing on children’s rights.

Cybercriminal Crackdown in Africa

Law enforcement agencies in 19 African countries arrested 1,006 suspects involved in cybercriminal activities with a total damage of about $193 million, as reported by Europol.

The detainees managed ransomware programs, hacked corporate emails, offered fake cryptocurrency investment services, engaged in extortion, and online fraud. 

Police dismantled 134,089 malicious infrastructures and identified 35,224 victims of the perpetrators. About $44 million of the total damage was recovered. 

Russia Maintains Lead as Most Hacked Country

Since 2022, Russia remains the most targeted country by hackers worldwide, according to Izvestia, citing experts from Kaspersky Lab.

Private businesses and government structures are under attack. Most often, industrial enterprises, telecom, construction companies, and the IT sector are targeted by perpetrators.

According to Positive Technologies, 220 successful attacks were conducted on Russian organizations in 2022. In 2023, the number decreased to 167. In incomplete 2024, 217 cyber incidents were recorded.

The Solar 4RAYS center team found that this year, 54% of attacks aimed at espionage, 20% involved direct extortion (including data encryption) and cryptocurrency mining. Another 11% of cases were related to the destruction of the attacked company’s data.

Also on ForkLog:

• Damage from the DEXX hack increased to $30 million.
• Analysts named leading countries in crypto project failures and scams.
• XT exchange was hacked — $1.7 million stolen.
• Gifto rejected ZachXBT’s accusations of issuing 1.2 billion coins.
• A YouTuber was caught in a $3.5 million meme coin scam.
• Media learned of possible escape of OneCoin creator Ruja Ignatova to Russia.
• Pump Science reported a wallet hack and fake tokens.
• Sanctions against Tornado Cash deemed illegitimate, while the mixer developer’s detention was extended.
• An investment manager illegally invested $18.5 million of client funds in crypto lending.
• UTONIC and TonBit formed a security alliance for TON and Telegram.

What to Read Over the Weekend?

We discuss with a lawyer why the desire for anonymity is not illegal.