TL;DR: Thieves Scream “We Robbed a Thief” (3rd Week)

Security researchers have released decryption keys for ransomware; criminals have stolen Darkweb business from other criminals; and hacktivists are freely distributing data from two forensic companies. Europol and the security forces carried out several successful international interventions against fraudsters in call centres.

The success of security forces

Europol, in cooperation with the law enforcement and judicial authorities from Bulgaria, Cyprus, Germany and Serbia, has successfully arrested 15 people and is questioning another 261 individuals in connection with call centres responsible for financial damage worth at least 2 million euros. Searches in 22 locations led to the seizure of 3 hardware wallets with about 1 million US dollars in cryptocurrencies, 50,000 euros in cash, 3 vehicles and a number of electronic equipment and documents.

Freely available data from forensic firms

The Enlace Hacktivista group has released data from two smartphone forensics firms. The stolen data of Cellebrite (1.7 TB) and MSAB (103 GB) are freely available for download and were allegedly provided to hacktivists by a whistleblower.

Attack on cloud password manager

During December 2022, the NortonLifeLock online password management service experienced a high number of failed attempts to log into users’ password management. Attackers attempted to use user names and passwords leaked from other databases to log into the service. Identified stolen accounts have had their passwords rebooted and were notified to change the passwords stored in their wallets and to enable two-factor authentication.

Data theft after ransomware attack

Vice Society ransomware gang has claimed responsibility for the ransomware attack against the University of Duisburg-Essen in November 2022. After the attack, the university shut down the entire IT infrastructure and disconnected it from the network, but the gang successfully managed to obtain a limited amount of data which was published after failed negotiations. The type and extent of the stolen data is under investigation.

Stolen darknet marketplace

Solaris, a large darknet marketplace for illegal trade with drugs and other illegal substances, has been hacked and taken over by a competitor Kraken. Kraken announced on its marketplace that both the infrastructure and the GitLab repository of Solaris had been taken over due to several security bugs.


  • AVAST security researchers have released a decryptor for some versions of the BianLian ransomware.
  • A cybercriminal involved in international telemarketing scheme was sentenced to 11 years in prison for defrauding more than 400 victims.
  • The founder and majority owner of cryptocurrency exchange Bitzlato Ltd. was arrested and charged with failing to comply with anti-money laundering safeguards. More than 700 million dollars in cryptocurrencies were laundered through the platform.
  • ShipManager servers operated by DNV Norwegian company have become a target of a ransomware attack. The attack reportedly affected 70 customers operating approximately 1,000 vessels, but DNV disclosed that the vessels’ ability to operate will not be affected.
  • Cybercriminals successfully compromised the admin account of one of the employees of the email distribution service Mailchimp by conducting a social engineering attack, obtaining information on 133 user accounts.

« Späť na zoznam