19 xDedic affiliates fall prey to DoJ in international sting

Jan 09 2024

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s checking out #CES2024 on X to remind ourselves that technology is, on occasion, used for good and not evil ????????????

 Today’s hottest cybersecurity news stories:

  • ????‍???? 19 xDedic affiliates fall prey to DoJ in international sting ????

  • ???? ‘Anonymous Arabic’ distributes ‘Silver RAT’ to hackers ????

  • ???? DPRK hackers crypto-jacked $600 Million in 2023 alone ????

xDedic becomes ExDedic ???????????? DoJ Don’t Play ????

???? Breaking News: Global Cybercrime Ring Busted by U.S. Department of Justice! ????

The DoJ has successfully charged 19 individuals worldwide in connection with the notorious xDedic Marketplace, which facilitated over $68 million in fraud before its takedown in January 2019. ????????

In a joint effort with international law enforcement, including authorities from Belgium, Germany, the Netherlands, Ukraine, and Europol, the investigation unveiled a transnational operation.

Three defendants have received 6.5 years in prison, eight face jail terms from one to five years, and one is on five years' probation.

Notably, Ukrainian Glib Ivanov-Tolpintsev and high-volume seller Dariy Pankov received sentences for selling compromised credentials and hacking thousands of servers.

Nigerian Allen Levinson, a "prolific buyer," targeted U.S.-based Certified Public Accounting firms for bogus tax returns. Five others await sentencing for wire fraud conspiracy. Two buyers, Olufemi Odedeyi and Oluwaseyi Shodipe, charged with wire fraud and identity theft, await extradition from the U.K., facing a maximum 20-year prison term if convicted.

xDedic's takedown revealed its role in illegal activities like tax fraud and ransomware attacks on government infrastructure, hospitals, call centres, and more. Administrators Alexandru Habasescu and Pavlo Kharmanskyi played key roles. ????️‍♂️????

Stay vigilant, and report any suspicious activity! ????????????

Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

Or Arabics Anonymous? Hi my name is Ahmed and I’m a hacker ????????????

???? Cyber Threat Alert: Silver RAT Unleashed by Anonymous Arabic! ????

???? Anonymous Arabic, a threat actor group, has released the Silver RAT—a cunning remote access trojan designed to outsmart security systems and launch hidden applications discreetly. According to cybersecurity firm Cyfirma, these actors, likely of Syrian origin, operate actively on hacker forums and social media, showcasing sophistication in their approach.

???? The group is linked to the S500 RAT's development and runs a Telegram channel offering services like distributing cracked RATs, leaked databases, carding activities, and selling Facebook/X (formerly Twitter) bots. These bots are used by cybercriminals to automatically engage and comment on user content, promoting illicit services.

???? In-the-wild detections of Silver RAT v1.0 were spotted in November 2023, with official plans announced a year prior. The C#-based malware, equipped with features like connecting to a command-and-control server, keystroke logging, and potential data encryption, may also have an Android version in the works.

????️ Silver RAT's unique evasion feature allows payload execution delay and covert launching of apps on the compromised host. Analysis reveals a developer, likely in their mid-20s based in Damascus, with online posts indicating support for Palestine. The group's involvement spans social media, development platforms, underground forums, and Clearnet websites, suggesting widespread malware distribution. ????️‍♂️????????

Stay safe, y’all ????️

???? Catch of the Day!! ????????????

???? The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can't get fooled again.” Good ol’ George Dubya ???? Let us tell who’s not fooling around though; that’s the Crüe ???? at Motley Fool. You’d be a fool (alright, enough already! ????) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ???? Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ???? (LINK)


???? Wander: Find your happy place. Cue Happy Gilmore flashback ????️⛳????????️ Mmmm Happy Place… ???? So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ????️???? (LINK)


???? Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts ???????? (Great movie, to be fair ????). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty ????). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho ???? And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ???? (LINK)

They’ve out Jong themselves this time ???? Actually no, last year was more ????

???? Cyber Alert: North Korea Strikes Big in $600M Crypto Heist! ????

???? North Korean threat actors have pulled off a staggering $600 million cryptocurrency heist in 2023, accounting for almost a third of all crypto funds stolen last year.

Despite a 30% reduction from 2022's $850 million haul, attacks linked to the Democratic People's Republic of Korea (DPRK) were ten times more damaging than non-North Korean hacks, reveals blockchain analytics firm TRM Labs.

???? These financially motivated attacks serve as a vital revenue source for the sanctions-hit nation, funding weapons of mass destruction and ballistic missile programs, accumulating a total of $3 billion since 2017. The DPRK employs social engineering techniques to compromise private keys and seed phrases, gaining unauthorised access to victims' assets.

???? In late 2023, additional breaches targeting the crypto sector could push the total figure to around $700 million. Despite U.S. Treasury sanctions on the crypto mixer service Sinbad, used by DPRK hackers, TRM Labs notes a continued evolution in their money laundering tactics, demanding constant vigilance and innovation from businesses and governments.

⚠️ Stay vigilant in the crypto space! ????????️‍♂️

????️ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Libby Copa: The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.

  • Techspresso: Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles