Bloccato il mercato darknet illegale di Kingdom Market

Colpo di Scena nella Rete Oscura, una operazione internazionale chiude Kingdom Market! Le forze dell’ordine tedesche hanno condotto con successo un’operazione per sequestrare i server del mercato della darknet Kingdom Market, noto per la vendita di droga, malware, documenti falsi e altri strumenti per i criminali informatici. L’infrastruttura del server di Kingdom Market è attualmente in fase di analisi per identificare le persone dietro il sito. Uno dei presunti individui associati a Kingdom Market è stato identificato un cittadino slovacco conosciuto anche con lo pseudonimo di “Vendor“. All’operazione hanno partecipato anche le forze dell’ordine di Stati Uniti, Svizzera e Moldavia.

Kingdom Market è un marketplace in lingua inglese operativo da marzo 2021. Offriva più di 42.000 prodotti, inclusi circa 3.600 prodotti dalla Germania. La polizia tedesca afferma che il mercato comprendeva “decine di migliaia di conti clienti e diverse centinaia di conti venditore“. Gli operatori del sito hanno accettato come pagamento le criptovalute Bitcoin, Litecoin, Monero e Zcash, ricevendo anche una commissione del 3% per l’elaborazione delle vendite di beni illegali attraverso la piattaforma. Si tratta della seconda chiusura importante di un sito underground questa settimana dopo che il Dipartimento di Giustizia degli Stati Uniti ha annunciato che l’FBI si era infiltrato con successo nell’infrastruttura del gruppo ransomware ALPHV (BlackCat). L’operazione ha consentito agli agenti di monitorare le attività degli hacker criminali e ottenere le chiavi per decrittografare i dati. L’incidente è venuto alla luce dopo che i siti di negoziazione e fuga di dati del gruppo sulla rete Tor hanno smesso improvvisamente di funzionare il 7 dicembre. Gli amministratori di ALPHV hanno attribuito il problema a problemi di hosting, ma presto è diventato chiaro che la causa era un’operazione delle forze dell’ordine. L’operazione è stata condotta dalla polizia e dalle agenzie investigative di Stati Uniti, Europol, Danimarca, Germania, Gran Bretagna, Paesi Bassi, Australia, Spagna e Austria. Read the full article

Notorious ransomware group tussles with law enforcement, regenerates after takedown

AlphV re-emerged within hours of a law enforcement takedown of its infrastructure on Tuesday, claiming it had “unseized” its data leak site, according to threat researchers’ dark web observations. The prolific ransomware group named a new victim organization and updated a post on a previously claimed victim since the FBI and international law enforcement agencies announced the takedown, according…

View On WordPress

https://tcrn.ch/3uBmorz - 🌐 Fidelity National Financial (FNF), a major real estate services company, faced a significant cyberattack last Tuesday. This ransomware attack has left homeowners and buyers in distress, unsure of their financial transactions' status. FNF, known for title insurance and escrow services, is grappling with system-wide disruptions. #CyberAttack #Ransomware 💻 Affected clients are experiencing communication challenges with FNF. One homeowner shared her difficulty in contacting IPX 1031, an FNF subsidiary, regarding her home sale proceeds. FNF's system outage has hindered email and system access, leading to widespread confusion among clients. #ClientConcerns #CommunicationBreakdown 🔒 FNF's response to the incident has been minimal. The company acknowledged the breach in a regulatory filing, noting significant disruptions to their business operations. However, detailed public information about the incident and its impact on customers remains sparse. #FNFResponse #DataBreach 🏠 LoanCare, another FNF-owned company, is also impacted. Customers, like Christine Youmans, are unable to process mortgage payments or reach customer service, adding to the distress. LoanCare's automated message addresses a 'recent catastrophe,' without specific details. #MortgageServices #LoanCare ⚠️ ALPHV, also known as BlackCat, claimed responsibility for the attack. This ransomware gang announced their involvement on their official dark web site, marking another high-profile target in their cybercriminal activities.

[ Hackers New Attack On Casinos ]

A very random Alphve doodle cuz I miss them </3

I'm like literally the only shipper of these two LMAO- (unless there's someone in the crowd, come out 🔫 this is a threat >:3c )

Edit: Frick I just realized Vera has sunglasses as well-- ah welp

Outfits used are from these two (Alpha is from valentine this year and the Vera one is from a collab that I know nothing about)

Crooks call cops because victim did not report crooking quickly enough. Crooks cite law that has not yet taken effect. It starts 12/15/23. Victim says, I dunno, don't seem to be missing anything.

United Healthcare, specifically through its subsidiary ‘Change Healthcare’, experienced significant ransomware attacks in 2024. Here's a summary based on the available information:

Cyberattack Details: Change Healthcare, a unit of UnitedHealth Group's Optum division, was hit by a ransomware attack on February 21, 2024. The attack was attributed to a Russian-speaking ransomware gang known as ALPHV or Blackcat. This group claimed to have stolen over six terabytes of sensitive data, including medical records.

The Impact: The attack led to widespread disruptions in the U.S. healthcare system, affecting pharmacies, hospitals, and other medical providers by preventing them from processing claims and receiving payments. This caused significant operational and financial chaos.

Financial Impact: The immediate aftermath of the attack was reported to cost UnitedHealth around $872 million in the first quarter, not including potential ransom payments. However, the total financial impact was projected to be between $1.3 billion and $1.6 billion for the year.

Ransom Payment: There were reports and confirmations that UnitedHealth paid a ransom of $22 million in Bitcoin to the attackers, with the aim of protecting patient data from being disclosed.

Data Breach: The breach potentially compromised the personal and health information of over 100 million individuals, making it one of the largest breaches in healthcare history.

Investigations and Response: The U.S. Department of Health and Human Services launched an investigation due to the magnitude of the incident. UnitedHealth has been working with law enforcement and cybersecurity experts to investigate the breach and restore systems. They've also provided temporary funding assistance to affected healthcare providers. 🤔

Every year has its own mix of digital security debacles, from the absurd to the sinister, but 2024 was particularly marked by hacking sprees in which cybercriminals and state-backed espionage groups repeatedly exploited the same weakness or type of target to fuel their frenzy. For attackers, the approach is ruthlessly efficient, but for compromised institutions—and the individuals they serve—the malicious rampages had very real consequences for people's privacy, safety, and security.

As political turmoil and social unrest intensify around the world, 2025 will be a complicated—and potentially explosive—year in cyberspace. But first, here's WIRED's look back on this year's worst breaches, leaks, state-sponsored hacking campaigns, ransomware attacks, and digital extortion cases. Stay alert, and stay safe out there.

China's Salt Typhoon Telecom Breaches

Espionage operations are a fact of life, and relentless Chinese campaigns have been a constant in cyberspace for years now. But the China-linked espionage group Salt Typhoon carried out a particularly noteworthy operation this year, infiltrating a slew of US telecoms including Verizon and AT&T (plus others around the world) for months. And US officials told reporters earlier this month that many victim companies are still actively attempting to remove the hackers from their networks.

The attackers surveilled a small group of people—less than 150 by current count—but they include individuals who were already subject to US wiretap orders as well as state department officials and members of both the Trump and Harris presidential campaigns. Additionally, texts and calls from other people who interacted with the Salt Typhoon targets were inherently also caught up in the espionage scheme.

Snowflake Customer Breaches

Throughout the summer, attackers were on a tear, breaching prominent companies and organizations that were all customers of the cloud data storage company Snowflake. The spree barely qualifies as hacking, since cybercriminals were simply using stolen passwords to log in to Snowflake accounts that didn't have two-factor authentication turned on. The end result, though, was an extraordinary amount of data stolen from victims including Ticketmaster, Santander Bank, and Neiman Marcus. Another prominent victim, the telecom giant AT&T, said in July that “nearly all” records relating to its customers' calls and texts from a seven-month stretch in 2022 were stolen in a Snowflake-related intrusion. The security firm Mandiant, which is owned by Google, said in June that the rampage impacted roughly 165 victims.

In July, Snowflake added a feature so account administrators could make two-factor authentication mandatory for all of their users. In November, suspect Alexander “Connor” Moucka was arrested by Canadian law enforcement for allegedly leading the hacking spree. He was indicted by the US Department of Justice for the Snowflake tear and faces extradition to the US. John Erin Binns, who was arrested in Turkey for an indictment related to a 2021 breach of the telecom T-Mobile, was also indicted on charges related to the Snowflake customer breaches.

Change Healthcare Ransomware Attack

At the end of February, the medical billing and insurance processing company Change Healthcare was hit with a ransomware attack that caused disruptions at hospitals, doctor's offices, pharmacies, and other health care facilities around the US. The attack is one of the all-time largest breaches of medical data, impacting more than 100 million people. The company, which is owned by UnitedHealth, is a dominant medical billing processor in the US. It said days after the attack started that it believed ALPHV/BlackCat, a notorious Russian-speaking ransomware gang, was behind the assault.

Personal data stolen in the attack included patient phone numbers, addresses, banking and other financial information, and health records including diagnoses, prescriptions, and treatment details. The company paid a $22 million ransom to ALPHV/BlackCat at the beginning of March in an attempt to contain the situation. The payment seemingly emboldened attackers to hit health care targets at an even greater rate than usual. With ongoing, rolling notifications to more than 100 million victims—with more still being discovered—lawsuits and other blowback has been mounting. This month, for example, the state of Nebraska sued Change Healthcare, alleging that “failures to implement basic security protections” made the attack much worse than it should have been.

Russia's Midnight Blizzard Hit Microsoft

Microsoft said in January that it had been breached by Russia's “Midnight Blizzard” hackers in an incident that compromised company executives' email accounts. The group is tied to the Kremlin's SVR foreign intelligence agency and is specifically linked to SVR's APT 29, also known as Cozy Bear. After an initial intrusion in November 2023, the attackers targeted and compromised historic Microsoft system test accounts that then allowed them to access what the company said were “a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions.” From there, the group exfiltrated “some emails and attached documents.” Microsoft said that the attackers seemed to be looking for information about what the company knew about them—in other words, Midnight Blizzard doing reconnaissance on Microsoft's research into the group. Hewlett-Packard Enterprise (HPE) also said in January that it had suffered a corporate email breach attributed to Midnight Blizzard.

National Public Data

The background check company National Public Data suffered a breach in December 2023, and data from the incident started showing up for sale on cybercriminal forums in April 2024. Different configurations of the data cropped up again and again over the summer, culminating in public confirmation of the breach by the company in August. The stolen data included names, Social Security numbers, phone numbers, addresses, and dates of birth. Since National Public Data didn't confirm the breach until August, speculation about the situation grew for months and included theories that the data included tens or even hundreds of millions of Social Security numbers. Though the breach was significant, the true number of impacted individuals seems to be, mercifully, much lower. The company reported in a filing to officials in Maine that the breach affected 1.3 million people. In October, National Public Data's parent company, Jerico Pictures, filed for Chapter 11 bankruptcy reorganization in the Southern District of Florida, citing state and federal investigations into the breach as well as a number of lawsuits that the company is facing over the incident.

Honorable Mention: North Korean Cryptocurrency Theft

A lot of people steal a lot of cryptocurrency every year, including North Korean cybercriminals who have a mandate to help fund the hermit kingdom. A report from the cryptocurrency tracing firm Chainalysis released this month, though, underscores just how aggressive Pyongyang-backed hackers have become. The researchers found that in 2023, hackers affiliated with North Korea stole more than $660 million across 20 attacks. This year, they stole roughly $1.34 billion across 47 incidents. The 2024 figures represent 20 percent of total incidents Chainalysis tracked for the year and a whopping 61 percent of the total funds stolen by all actors.

The sheer domination is impressive, but the researchers emphasize the seriousness of the crimes. “US and international officials have assessed that Pyongyang uses the crypto it steals to finance its weapons of mass destruction and ballistic missiles programs, endangering international security,” Chainalysis wrote.

WASHINGTON (Reuters) -A website used by hackers responsible for a breach at UnitedHealth Group has been replaced by a notice saying it has been seized by international law enforcement.

But at least one of the agencies allegedly responsible said it had nothing to do with the seizure, raising the possibility that the hackers - who also go by the moniker ALPHV - faked their own takedown.

A message posted to the website of the Blackcat hacking gang on Tuesday said it had been impounded "as part of a coordinated law enforcement action" by U.S. authorities and other law enforcement agencies. Among the logos of non-American agencies involved were those of Europol and Britain's National Crime Agency.

U.S. officials and Europol did not immediately return messages seeking comment, but a National Crime Agency spokesperson said: "I can confirm any recent disruption to ALPHV infrastructure is not a result of NCA activity."

Several security experts said the takedown notice seemed suspicious.

"This appears to be a classic exit scam," said researcher Will Thomas. In an exit scam, some hackers pretend to be knocked out of commission, only to quietly pocket their partners' money and start over under a new name.

Thomas said Blackcat was already believed to be a rebrand of a previous hacker group dubbed DarkSide.

"It would not be a surprise if they return once more in the not-too-distant future," he said.

Even before the seizure notice, there were signs of something unusual following the intrusion at the tech unit of UnitedHealth, which has caused serious disruption across the United States.

Last week Blackcat posted a message saying it had stolen millions of sensitive records from UnitedHealth, only to delete the claim without explanation.

On Sunday, someone posting to a hacker forum alleged that the gang had cheated them out of their share of the $22 million ransom that UnitedHealth had allegedly paid to restore its systems.

UnitedHealth had not commented on whether it paid a ransom, and did not immediately return a message on Tuesday seeking comment.

「Alphv」あるいは「BlackCat」という名前で知られるランサムウェアグループが、金融機関・消費者向けのデータ企業であるMeridianLinkの顧客データと運用情報を盗み出し、身代金を要求しました。さらに、MeridianLinkがランサムウェアにデータを乗っ取られた事実を公表しなかったとして、アメリカ証券取引委員会(SEC)に苦情を申し立てました。 Ransomware Group Files SEC Complaint Over Victim's Failure to Disclose Data Breach - SecurityWeek https://www.securityweek.com/ransomware-group-files-sec-complaint-over-victims-failure-to-disclose-data-breach/

企業のデータを盗んだサイバー犯罪集団が被害企業を「データの盗難を公表しなかった」と証券取引委員会に告発 - GIGAZINE

FBI Warns U.S. Healthcare Sector of Targeted BlackCat Ransomware Attacks

Source: https://thehackernews.com/2024/02/fbi-warns-us-healthcare-sector-of.html

More info:

https://www.cisa.gov/news-events/alerts/2024/02/27/cisa-fbi-and-hhs-release-update-stopransomware-advisory-alphv-blackcat

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-353a

ALPHV Second Most Prominent Ransomware Strain Before Reported Downtime

ALPHV was the second-most leveraged ransomware strain in North America and Europe between January 2022 and October 2023, just before the reported takedown of the group’s website, according to ZeroFox research. The analysis found that ALPHV, aka BlackCat, accounted for around 11% of all ransomware and digital extortion (R&DE) attacks in North America over the 21-month period. This was second only…

View On WordPress

Hackers are threatening to release confidential data stolen from Reddit unless the company pays a ransom demand – and reverses its controversial API price hikes. In a post on its dark web leak site, the BlackCat ransomware gang, also known as ALPHV, claims to have stolen 80 gigabytes of compressed data from Reddit during a February breach of the company’s systems.

Carly Page, Hackers threaten to leak 80GB of confidential data stolen from Reddit. Techcrunch June 19, 2023

This is an old drawing but ah welp-- happy (late) activation day, Vera!!

I didn't end up finishing the fic but it'll still be published, just very late cuz I've overwhelmed myself with too many ideas o(-(

I should remake this ngl...

"The ALPHV/BlackCat ransomware operation has taken extortion to a new level by filing a U.S. Securities and Exchange Commission complaint against one of their alleged victims for not complying with the four-day rule to disclose a cyberattack."

Well, that's a new one.