Threat actors are allegedly offering unauthorized VPN and SOCKS access to various companies across multiple countries and industries. The access claims range from domain user to domain admin privileges, with significant potential impacts on each affected organization. Below are the details of the alleged sales: Domain User Access: Spain Revenue: 17.2…
Category: Cyber Attack
A 21-year-old Bulgarian named Teodor Iliev, who allegedly used the alias “Emil Külev” online, has been arrested by Sofia police. The Bulgarian Prosecutor’s Office announced Iliev’s arrest on charges related to numerous computer crimes. Iliev is accused of hacking into the information systems of various state institutions, banks, insurance companies, and other organizations. The theft of information took place between March 2020 and January 2024.
According to the prosecution, the hacker infiltrated the computer systems of institutions and companies, copied data and used it to extort money from the victims. In July 2023, a user on BreachForums named “MAGADANS,” who is believed to be Iliev, leaked a database belonging to Bulgaria’s largest insurance firm. Iliev has been denied bond and remains in custody.
In separate news, two Romanian nationals, Ion Halmac and Marian Vasilache, were sentenced in the United States to 18 months in federal prison for conspiracy to steal bank card numbers, possession of skimming equipment, and possession of bank card numbers.
They were stopped by the Florida Highway Patrol for speeding on April 17, 2023, and found to be in the US illegally after initially providing false identification. A search of their vehicle uncovered skimming equipment, blank cards, and a laptop with over 3,000 bank card numbers. Further investigation led to the discovery of additional skimming equipment in a New Orleans storage facility. Both men will serve a 1-year supervised release after their prison term, though this is expected to be waived due to deportation.
An international operation led by the UK’s National Crime Agency (NCA) and involving law enforcement agencies from Australia, Canada, Germany, the Netherlands, Poland, and the United States has targeted the illicit use of the Cobalt Strike security tool.
The initiative, codenamed “Operation MORPHEUS”, has resulted in the shutdown of numerous criminal infrastructures exploiting unauthorized copies of Cobalt Strike, a legitimate tool developed by cybersecurity firm Fortra. Despite the measures Fortra put in place to prevent the abuse, criminals have been using cracked older versions of the software to gain unauthorized access to systems and deploy malware. Over the years, unlicensed copies of Cobalt Strike have been connected to several high-profile malware and ransomware campaigns, including RYUK, Trickbot, and Conti.
As part of the operation, law enforcement agencies flagged 690 IP addresses and a range of domain names linked to criminal activities. These details were shared with online service providers in 27 countries, who deactivated the compromised servers. The operation leveraged a combination of server takedowns and abuse notifications to service providers, alerting them to the presence of malicious software on their networks. According to officials, 593 IP addresses had been successfully taken down.
An ex-employee of Microsoft’s Nuance Communications division has been indicted in connection with a 2023 data breach affecting over 1 million patients of the Pennsylvania-based healthcare system Geisinger. The US Department of Justice has charged the former Nuance worker, Max Vance, also known as Andre Burk, with an alleged federal computer crime.
A threat actor has announced that they are selling data allegedly stolen from China’s largest natural gas company. According to the claims, the data includes comprehensive information about gas users and their insurance details, with the most recent data from May 2024. The threat actor claims the database contains a total…
Database from a digital marketing company from India is allegedly leaked on a darkweb forum. The alleged breach involves data from approximately 1.235 million customers and 5,500 system users. The leaked data includes comprehensive company information from 6,000 entities, along with 134 corporate SMTP details. In addition, full API keys were…
According to a post from a threat actor on a dark web forum, more than 5 million client data from Omni Hotels & Resorts are for sale. The threat actor indicates that the breach occurred in 2024. The hotel chain operates in the United State of America and in Canada. A…
A threat actor claims to have leaked an updated version of the infamous RockYou password list, dubbed RockYou2024. This new list reportedly contains over 9.9 billion passwords, making it one of the largest compilations of compromised credentials to date. According to the threat actor, RockYou2024 is an updated iteration of the…
Threat Actor: Team ARXU Hackers | Team ARXU Hackers Victim: Schools and Bank Servers | Schools and Bank Servers Price: N/A Exfiltrated Data Type: Personal information, financial data Key Points : Hackers frequently target schools and bank servers to obtain personal information and financial data. Sc…
The threat actor Sp1d3rHunters leaked valid Taylor Swift ’s ERAS Tour barcodes threatening to leak more data and blackmailing Ticketmaster. A threat actor that goes online with the moniker Sp1d3rHunters leaked 170,000 valid barcodes for Taylor Swift’s ERAS Tour for free. The bar codes are valid for the upcoming concerts of…
A threat actor allegedly leaked the database of Assurified, a commercial real estate risk management company from the USA utilizing advanced technologies. According to the post on the dark web forum, 102k users’ data is exposed. The forum post indicates that the compromised data includes record ID, name, management company, title,…
Sp1d3rHunters, a cybercriminal group formed from ShinyHunters and Sp1d3r, has leaked 170,000 valid barcodes for Taylor Swift’s ERAS Tour concerts in Miami, New Orleans, and Indianapolis. The group demands $2 million from Ticketmaster to halt further data breaches.
In a cyber incident, a hacker has issued a ransom demand to Ticketmaster, threatening to leak sensitive data unless a $2 million USD payment is made. The hacker claims to possess 170,000 barcodes for Taylor Swift’s ERAS Tour events, as well as a vast amount of additional data, including user information…
The Philippine Bureau of Agricultural Research (BAR) has allegedly been breached by XMacoyX. The attacker defaced their site, issued a 24-hour ultimatum to secure systems, and threatened to leak sensitive data, including email addresses and personal info. Deep Web Konek has notified BAR.
A significant data breach has been announced, allegedly impacting SkyPostal, one of the largest shipping providers based in Miami, Florida. The hacker claims to have fully compromised SkyPostal along with its associated sites, SkyPostalBR, SkyPostalExpress, Postrac, and the aircraft machinery distribution company, SkyPartsUSA. The breach is claimed to be extensive, totaling…
Une cyberattaque a touché Texas Retina Associates, exposant les données de 312 000 patients, notamment des informations de santé et des numéros de sécurité sociale. Une autre attaque a visé Human Technology Inc., une entreprise de prothèses et d’orthèses, exposant les données de patients, notamment des numéros de sécurité sociale et des informations de carte de crédit. Enfin, le groupe de ransomware Monti a revendiqué une attaque contre Wayne Memorial Hospital, menaçant de divulguer les données volées si le ransom n’est pas payé.