TL;DR: Cybercrime Services Dismantled (18th Week)

Security forces successfully dismantled a credit card checking service, seized nine crypto exchange websites exploited by cybercriminals; and nearly 300 people were arrested. Ukraine’s CERT warns against phishing with malicious update instructions; and a mobile operator reported its second data breach this year.

Dismantling the cybercrime service

The U.S. Department of Justice has dismantled the illegal Try2Check service and accused a Russian citizen Denis Gennadievich Kulkov of operating the service. The service was used to check stolen credit cards and helped the cybercriminal make approximately $18 million in Bitcoin. A $10 million reward has been announced for information leading to the capture of Kulkov, and he faces 20 years of imprisonment as soon as he is apprehended.

Data leak of hundreds of thousands of people

Brightline, pediatric mental health provider for children, teenagers, and their families, has become a target of a cyberattack leading to the theft of data of more than  people. The Clop ransomware gang successfully exploited a zero-day vulnerability in GoAnywhere (CVE-2023-0669) to steal data containing names, addresses, dates of birth, member ID numbers, dates of health plan coverage and employer names.

Mass arrests

Europol, in coordination with police forces in several countries, arrested 288 people in an international law enforcement operation against the online hacking marketplace Monopoly Market. In addition to the arrests, 50.8 million euros in cash and cryptocurrencies, 850 kilos of drugs and 117 firearms were seized.

Another leak, albeit smaller one

T-Mobile disclosed that attackers gained access to the data of 836 customers. Compared to the previous data leak of 37 million users in January 2023, this is a small but significant breach, as it contains names, contact information, dates of birth, social security numbers and ID numbers, among other things.


  • The American Bar Association has disclosed that an unknown threat actor gained access to a database of usernames and passwords (hashed + salted) from 2018. The breach impacted approximately 1.466 million members of the association.
  • The City of Dallas, Texas, USA, has suffered a Royal ransomware attack. The city was forced to shut down some of its IT systems, resulting in a failure of the Dallas Police Department’s website and communications systems and cancellation of jury trials.
  • Point32Health (USA) health care company has become a target of an unspecified ransomware attack. The company has proactively taken a part of its IT systems offline and is working to restore affected systems.
  • Ukrainian CERT-UA warns against distribution of emails with fake Windows update instructions. Once the instructions are followed, the update will take place, but sensitive information about the victim’s device will also be sent.
  • The FBI in the US seized nine crypto exchange websites that were used for money laundering and to obscure the money trace.
  • McAfee security researchers warn of HiddenAds adware spreading via Android copies of Minecraft. The games have had a total of tens of millions of installations.
  • BITMARCK, a German IT service provider, has suffered an unspecified cyberattack (most likely a ransomware). As a precaution, the company has taken all its systems offline and is gradually taking systems back online.
  • Google obtained a court order to disrupt the distribution of CryptBot malware. The malware infected over 670,000 computers, stealing Google Chrome users’ login credentials and cryptocurrency wallets.

« Späť na zoznam