19 xDedic affiliates fall prey to DoJ in international sting

Jan 09 2024

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter thatโ€™s checking out #CES2024 on X to remind ourselves that technology is, on occasion, used for good and not evil ๐Ÿ™ˆ๐Ÿ’€๐Ÿ˜‚

ย Todayโ€™s hottest cybersecurity news stories:

  • ๐Ÿ‘จโ€๐Ÿ’ป 19 xDedic affiliates fall prey to DoJ in international sting ๐ŸŒŽ

  • ๐Ÿ•‹ โ€˜Anonymous Arabicโ€™ distributes โ€˜Silver RATโ€™ to hackers ๐Ÿ•Œ

  • ๐Ÿœ DPRK hackers crypto-jacked $600 Million in 2023 alone ๐Ÿ“ˆ

xDedic becomes ExDedic ๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰ DoJ Donโ€™t Play ๐Ÿ’€

๐Ÿšจ Breaking News: Global Cybercrime Ring Busted by U.S. Department of Justice! ๐Ÿšจ

The DoJ has successfully charged 19 individuals worldwide in connection with the notorious xDedic Marketplace, which facilitated over $68 million in fraud before its takedown in January 2019. ๐ŸŒ๐Ÿ›‘

In a joint effort with international law enforcement, including authorities from Belgium, Germany, the Netherlands, Ukraine, and Europol, the investigation unveiled a transnational operation.

Three defendants have received 6.5 years in prison, eight face jail terms from one to five years, and one is on five years' probation.

Notably, Ukrainian Glib Ivanov-Tolpintsev and high-volume seller Dariy Pankov received sentences for selling compromised credentials and hacking thousands of servers.

Nigerian Allen Levinson, a "prolific buyer," targeted U.S.-based Certified Public Accounting firms for bogus tax returns. Five others await sentencing for wire fraud conspiracy. Two buyers, Olufemi Odedeyi and Oluwaseyi Shodipe, charged with wire fraud and identity theft, await extradition from the U.K., facing a maximum 20-year prison term if convicted.

xDedic's takedown revealed its role in illegal activities like tax fraud and ransomware attacks on government infrastructure, hospitals, call centres, and more. Administrators Alexandru Habasescu and Pavlo Kharmanskyi played key roles. ๐Ÿ•ต๏ธโ€โ™‚๏ธ๐Ÿ”’

Stay vigilant, and report any suspicious activity! ๐Ÿ”๐ŸŒ๐Ÿš”

Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

Or Arabics Anonymous? Hi my name is Ahmed and Iโ€™m a hacker ๐Ÿ’€๐Ÿ’€๐Ÿ’€

๐Ÿšจ Cyber Threat Alert: Silver RAT Unleashed by Anonymous Arabic! ๐Ÿšจ

๐Ÿ”’ Anonymous Arabic, a threat actor group, has released the Silver RATโ€”a cunning remote access trojan designed to outsmart security systems and launch hidden applications discreetly. According to cybersecurity firm Cyfirma, these actors, likely of Syrian origin, operate actively on hacker forums and social media, showcasing sophistication in their approach.

๐Ÿ’ผ The group is linked to the S500 RAT's development and runs a Telegram channel offering services like distributing cracked RATs, leaked databases, carding activities, and selling Facebook/X (formerly Twitter) bots. These bots are used by cybercriminals to automatically engage and comment on user content, promoting illicit services.

๐ŸŒ In-the-wild detections of Silver RAT v1.0 were spotted in November 2023, with official plans announced a year prior. The C#-based malware, equipped with features like connecting to a command-and-control server, keystroke logging, and potential data encryption, may also have an Android version in the works.

๐Ÿ› ๏ธ Silver RAT's unique evasion feature allows payload execution delay and covert launching of apps on the compromised host. Analysis reveals a developer, likely in their mid-20s based in Damascus, with online posts indicating support for Palestine. The group's involvement spans social media, development platforms, underground forums, and Clearnet websites, suggesting widespread malware distribution. ๐Ÿ•ต๏ธโ€โ™‚๏ธ๐ŸŒ๐Ÿ”

Stay safe, yโ€™all ๐Ÿ›ก๏ธ

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

๐Ÿƒย The Motley Fool: โ€œFool me once, shame on โ€” shame on you. Fool me โ€” you can't get fooled again.โ€ Good olโ€™ George Dubya ๐Ÿ˜‚ Let us tell whoโ€™s not fooling around though; thatโ€™s the Crรผe ๐Ÿ‘€ at Motley Fool. Youโ€™d be a fool (alright, enough already! ๐Ÿ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐Ÿ› Kidding aside, if you check out their website theyโ€™ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐Ÿค‘ย (LINK)

๐Ÿšตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐ŸŒ๏ธโ›ณ๐ŸŒˆ๐Ÿ•Š๏ธ Mmmm Happy Placeโ€ฆ ๐Ÿ˜‡ So, weโ€™ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโ€™s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐Ÿž๏ธ๐Ÿ˜ย (LINK)

๐ŸŒŠย Digital Ocean: If you build it they will come. Nope, weโ€™re not talking about a baseball field for ghosts โšพ๐Ÿ‘ป๐Ÿฟ (Great movie, to be fair ๐Ÿ™ˆ). This is the Digital Ocean whoโ€™ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโ€™ll find yourself catching the buzz even if you canโ€™t code (guilty ๐Ÿ˜‘). But if you can and youโ€™re looking for somewhere to test things out or launch something new or simply enhance what youโ€™ve got, weโ€™d recommend checking out their services foโ€™ sho ๐Ÿ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ŸŒฟย (LINK)

Theyโ€™ve out Jong themselves this time ๐Ÿ˜ฌ Actually no, last year was more ๐Ÿ™ˆ

๐Ÿ”’ Cyber Alert: North Korea Strikes Big in $600M Crypto Heist! ๐Ÿ”’

๐ŸŒ North Korean threat actors have pulled off a staggering $600 million cryptocurrency heist in 2023, accounting for almost a third of all crypto funds stolen last year.

Despite a 30% reduction from 2022's $850 million haul, attacks linked to the Democratic People's Republic of Korea (DPRK) were ten times more damaging than non-North Korean hacks, reveals blockchain analytics firm TRM Labs.

๐Ÿ’ฐ These financially motivated attacks serve as a vital revenue source for the sanctions-hit nation, funding weapons of mass destruction and ballistic missile programs, accumulating a total of $3 billion since 2017. The DPRK employs social engineering techniques to compromise private keys and seed phrases, gaining unauthorised access to victims' assets.

๐Ÿ’ผ In late 2023, additional breaches targeting the crypto sector could push the total figure to around $700 million. Despite U.S. Treasury sanctions on the crypto mixer service Sinbad, used by DPRK hackers, TRM Labs notes a continued evolution in their money laundering tactics, demanding constant vigilance and innovation from businesses and governments.

โš ๏ธ Stay vigilant in the crypto space! ๐Ÿšจ๐Ÿ•ต๏ธโ€โ™‚๏ธ

๐Ÿ—ž๏ธ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Libby Copa:ย The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.

  • Techspresso:ย Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles