Prison Bitcoin scheme, arrest of an F.A.C.C.T. executive, and other cybersecurity developments

We have gathered the most important cybersecurity news of the week.

The head of F.A.C.C.T.’s department detained in Kazakhstan at the request of the United States and arrested in absentia in Russia

On June 22, Kazakh authorities detained F.A.C.C.T.’s department head Nikita Kislytsin at the request of the United States; his colleagues said. stated by his colleagues.

Kislytsin will be held in custody during the period of examining grounds for extradition to the United States.

The charges against him became known in 2020. At that time the U.S. Department of Justice unsealed a 2014 indictment outlining the alleged involvement of the Russian national in conspiring to sell login credentials stolen from the Formspring forum in 2012 (before he joined Group-IB).

Separately on June 28, the Tverskoy Court of Moscow authorized Kislytsin’s arrest in absentia in a case of illegal access to protected computer information. He was declared on the federal wanted list and intends to to seek extradition to his homeland.

Representatives of F.A.C.C.T. said that the charges against Kislytsin have no relation to the company itself and relate to his period as a journalist and cybersecurity researcher. They are sure there were no lawful grounds for detaining their colleague.

LockBit ransomware operators demanded $70 million from semiconductor maker TSMC

The operators of the LockBit ransomware claimed a successful breach of the world’s largest semiconductor maker, TSMC, and demanded a $70 million ransom. The company, however, denied the leak, according to Bleeping Computer.

According to the initially published screenshots, the attackers gained access to a substantial amount of email addresses and credentials allegedly belonging to TSMC for various internal systems. Later this information was removed, and instead a ransom note appeared.

As explained by a TSMC spokesperson, hackers breached one of their IT equipment suppliers, Kinmax Technology. As a result, information relating to system installation and server configuration was leaked. The company later also confirmed the incident.

The attack did not affect TSMC’s business operations or the security of customer data.

The investigation is ongoing with law enforcement involvement. During the proceedings, the semiconductor maker halted operations with the affected supplier.

In Australia, an inmate carried out a Bitcoin scheme worth $2 million

Ishan Sinar Sappidin, an inmate in Australia serving a 12-year sentence for organizing a financial pyramid scheme, persuaded at least six inmates to transfer over $2 million to accounts under his control, under the pretext of investments in Bitcoin, according to the Daily Mail.

The events occurred between 2020 and 2022. Sappidin claimed to have extensive experience in the cryptocurrency market, allegedly working with Australian billionaire Mike Cannon-Brookes.

Among the scammer’s victims was the well-known Australian rugby player Jarryd Hayne.

Because inmates lacked internet access, they turned to third parties outside the prison to transfer funds to the scammer. Despite assurances of substantial profits, the victims never received any payouts.

Authorities began an investigation into the case, and Sappidin was moved to a higher-security prison.

The FBI seized several BreachForums-linked domains

U.S. law enforcement gained control of BreachForums’ backup domain on the clearnet three months after the arrest of its founder and administrator Conor Brian Fitzpatrick, known as Pompompurin. This is reported by Bleeping Computer.

Now the Breached.vc address displays a banner listing the agencies involved in the operation, along with a clenched-arms avatar of Pompompurin.

Additionally, the pompur[.]in domain, which belonged to Fitzpatrick personally, was confiscated, and the BreachForums site on the dark web now shows a 404 Not Found error.

DNS servers of all seized domains have been changed to ns1.seizedservers.com and ns2.seizedservers.com, commonly used by authorities in such cases.

The operation also affected one of the DataBreaches.net news site, which was used to post data leaks — Breaches.net. Media representatives have already contacted the FBI to challenge the domain seizure.

“Tinkoff” fined 70,000 rubles for data leak

The Savyolovsky District Court of Moscow fined Tinkoff Bank 70,000 rubles for a data leak. RIA News reports.

The bank itself rejected claims of violations. Representatives said the court decision is connected to a technical error in servicing one of the bank’s clients.

Experts uncover a new Trojan from the Andariel hackers

The Andariel subgroup of the Lazarus cybercrime group has begun using a new remote access Trojan, EarlyRat. This was reported by Kaspersky Lab.

Beyond DTrack #malware & Maui #ransomware: #Andariel expands its TTPs?
Log4j appeared to be the source of EarlyRat based on our initial investigations. However, while hunting for more samples, we found #phishing docs that dropped #EarlyRat.
More details⬇️https://t.co/qVLbLway8f

— Kaspersky (@kaspersky) June 29, 2023

Initial infection occurs via the Log4j exploit, or through links in phishing documents.

After activation, EarlyRat collects system information and transmits it to its command-and-control server. The data include unique identifiers of infected machines and requests encrypted using them.

The Trojan is simple and largely limited to executing commands.

YouTube, as part of an experiment, began blocking playback for AdBlock users

Reddit users reported a pop-up on YouTube alerting about restrictions in viewing videos when AdBlock is enabled.

Platform representatives said to the press that these warnings are part of a “small experiment” to persuade viewers to allow ads or try a paid subscription.

They added that in extreme cases, when users keep the blocker active, playback may be temporarily disabled.

Also on ForkLog:

• In Russia, stole 15,000 ASIC miners under the guise of an offer from “RusHydro”.
• A U.S. court fined a crypto scammer $50 million.
• Report: In 2022 Bitcoin’s share in illicit crypto operations was only 19%.
• Israel confiscated millions of dollars in cryptocurrency linked to terrorists.
• The Supreme Court ruled Bitcoin-to-ruble conversions as money laundering.
• The Chibi Finance team on the Arbitrum network carried out a $1 million rug pull.
• Sam Bankman-Fried spent $243 million on Bahamas villas; the court denied the motion to dismiss most charges against the head of FTX.
• Media: Swiss authorities froze Do Kwon’s crypto assets for $26 million.

What to read this weekend?

In a special feature we examine the thesis that some technologies are more conducive to tyranny than others.