Russian Money Laundering Networks Busted in International Crackdown

Dec 07 2024

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that can protect you from the cyberstorm, but not Storm Darragh. UK readers beware! ๐ŸŒช๏ธโ›ˆ๏ธ๐Ÿšจ #RedWarning

Patch of the Week!ย ๐Ÿฉน

First thingโ€™s first, folks. Our weekly segment goes by many names. Patch of the Week, Tweak of the week. Okay, thatโ€™s itโ€ฆ ๐Ÿ˜ณย 

Congrats to Veeam, the cybercriminals are no matchโ€ฆ for your patch! ๐Ÿฉน

Check out this freshly hatched patch ๐Ÿฃ

๐Ÿšจ Critical Security Alert for Veeam Users! ๐Ÿ™๐Ÿปโ€โ™‚๏ธ

Veeam has patched a critical flaw (CVE-2024-42448, CVSS 9.9) in its Service Provider Console (VSPC) that could enable remote code execution (RCE) on vulnerable instances ๐Ÿ’ฅ.

๐Ÿ”‘ Key Details:

Exploitation requires an authorized management agent on the server.

A second flaw (CVE-2024-42449, CVSS 7.1) could leak NTLM hashes and delete files โš ๏ธ.

๐Ÿ› ๏ธ Impacted Versions:

ย VSPC 8.1.0.21377 and all earlier versions of builds 7 and 8.

โœ… Fixed in:

ย Version 8.1.0.21999

โšก Action Required:

There are no mitigations. Update immediately to protect against potential exploits, especially as Veeam products are often targeted by ransomware operators ๐Ÿ”.ย 

Stay safe and secure your systems today! ๐ŸŒโœจ

Now, on to this weekโ€™s hottest cybersecurity news stories:ย 

  • ๐Ÿ‘ฎ๐Ÿปโ€โ™‚๏ธ UK crypto squad arrests 84, seizes $20M in Operation Destabilise ๐Ÿ’ฅ

  • ๐Ÿฐ Europol takes down the MATRIX invite-only criminal messaging service ๐Ÿ‘ฉ๐Ÿปโ€๐Ÿ’ป

  • ๐Ÿšช Backdoor discovered in Solanaโ€™s popular Web3.js npm library ๐Ÿ“š

Elon Musk Reaction GIF by Saturday Night Live

Gif by snl on Giphy

Destabilise to the Moon ๐Ÿš€๐Ÿ“ˆ๐Ÿ˜‚

๐Ÿšจ Russian Money Laundering Networks Busted in International Crackdown ๐ŸŒ

The U.K. National Crime Agency (NCA) has led a massive global investigation, Operation Destabilise, targeting Russian money laundering networks linked to organized crime across the U.K., the Middle East, Russia, and South America.

๐Ÿ† Major Wins:

๐Ÿ•ต๏ธ 84 arrests connected to the Smart Group and TGR Group, two Russian-speaking money laundering networks.

๐Ÿ’ฐ Seized ยฃ20 million ($25.4M) in cash and cryptocurrency.

๐Ÿ’ก How They Operated:

๐Ÿข Based in Moscow's Federation Tower, a known hub for money laundering.

๐Ÿ’ณ Provided illicit financial services, including:

  • Laundering funds for sanctioned Russian elites.

  • Converting cash to cryptocurrency and vice versa.

  • ย Facilitating the purchase of property in the U.K. for Russian elites.

๐Ÿ—ฝ U.S. Treasury Steps In:

The U.S. Treasury's OFAC sanctioned five individuals and four entities tied to the TGR Group.

๐Ÿ›‘ TGRโ€™s Role: Helping Russian elites evade sanctions using cryptocurrency and stablecoins to funnel wealth back to the Kremlin.

๐Ÿ”ฅ Key Player: Ekaterina Zhdanova

  • Head of the Smart Group.

  • ย Previously sanctioned for laundering $2.3 million in proceeds for the Ryuk ransomware group.

  • Allegedly supported Russian espionage operations and cybercrime syndicates.

๐ŸŒ Broader Implications:

ย For the first time, investigators uncovered:

ย ๐Ÿงต A clear link between Russian elites, crypto-funded cybercriminals, and UK street-level drug gangs.

๐Ÿ” "Smart and TGR acted as a financial bridge, enabling Russian elites to bypass sanctions and access Western economies," the NCA said.

This operation highlights the role of illicit financial networks in sustaining cybercrime, espionage, and organized crime worldwide. ๐Ÿ•ถ๏ธ

Learn AI in 5 Minutes a Day

AI Tool Report is one of the fastest-growing and most respected newsletters in the world, with over 550,000 readers from companies like OpenAI, Nvidia, Meta, Microsoft, and more.

Our research team spends hundreds of hours a week summarizing the latest news, and finding you the best opportunities to save time and earn more using AI.

Sign up with 1-Click

The Matrix has youโ€ฆ ๐Ÿ‘ฉ๐Ÿปโ€๐Ÿ’ป

Europol: hold my beer ๐Ÿ’ช

ย ๐Ÿšจ Encrypted Messaging Service MATRIX Dismantled in Europol Operation ๐Ÿ“ฑ

Europol has taken down MATRIX, an encrypted messaging platform built specifically for criminal activities. The operation, codenamed Passionflower, was spearheaded by French and Dutch authorities, marking a major victory against organized crime.

๐Ÿ’€ The Takedown:

๐ŸŒ Global Reach: Over 8,000 users across the world paid $1,360โ€“$1,700 in cryptocurrency for MATRIX-enabled devices.

๐Ÿ“ฑ Authorities intercepted 2.3 million messages in 33 languages, uncovering crimes like drug trafficking, arms smuggling, and money laundering.

๐ŸŽฏ Key Arrests:

  • ย A 52-year-old Lithuanian identified as MATRIXโ€™s owner and manager.

  • Two others apprehended in Spain, alongside seizures of โ‚ฌ145,000 in cash, โ‚ฌ500,000 in cryptocurrency, 970 phones, and more.

๐Ÿ•ต๏ธ Inside MATRIX:

๐Ÿ”’ Not to be confused with matrix.org (a legit, open-source app).

๐Ÿ“ฑ Offered video calls, anonymous browsing, and secure transaction tracking via customized Google Pixel phones.

๐ŸŒ Ran on over 40 servers worldwide, primarily in France and Germany, which have now been seized.

๐ŸŒ The Bigger Picture:

Europol notes a shift in the encrypted crime landscape after the fall of other platforms like Sky ECC, EncroChat, and Ghost. Criminals are now resorting to less-established or custom-built tools, but the takedown proves authorities are keeping up with these evolving technologies.

๐Ÿ” Key Takeaway:

These actions show law enforcement's growing capability to disrupt criminal tech. While new, fragmented platforms are harder to track, takedowns like these send a clear message: nowhere is safe for digital criminals.

Leading the Future of Finance

  • C$152M YTD revenue.

  • Expanding global reach.

  • Zero-debt growth strategy.

Learn More

Solana palava ๐Ÿ™ƒ

๐Ÿšจ๐Ÿ’ป Critical Software Supply Chain Attack Hits Popular Solana Library

A malicious supply chain attack has targeted the widely used @solana/web3.js npm library, compromising developers and crypto wallets. The attack, which exploited versions 1.95.6 and 1.95.7, could steal private keys, putting funds at risk.

๐Ÿ” The Key Details:

What Happened? Hackers injected malicious code into the library, harvesting private keys to drain cryptocurrency wallets. The compromised versions were available for a short window on December 2, 2024, and have since been removed.

The Malicious Mechanism: Threat actors used a backdoor function (addToQueue) to exfiltrate private keys via Cloudflare headers to a server at sol-rpc[.]xyz (now inactive).

Attack likely stemmed from a phishing attack that compromised a maintainerโ€™s credentials.

Impact: Projects handling private keys directly (e.g., bots) were most affected.

Non-custodial wallets (e.g., traditional crypto wallets) were not vulnerable.

โš ๏ธ Next Steps for Developers:

  1. Update Now: Move to version 1.95.8 or later immediately.

  2. Rotate Keys: If you suspect exposure, regenerate your private keys.

  3. Be Cautious: Avoid opening suspicious emails or links, especially from unknown sources.

๐Ÿ“œ Broader Context:

๐Ÿ› ๏ธ More Attacks on Open-Source Ecosystems

  • Fake Solana Libraries: Another package, solana-systemprogram-utils, rerouted 2% of transactions to attacker wallets, cleverly masking malicious behavior.

  • ย Bogus Crypto Libraries: Fake npm packages like crypto-keccak and crypto-jsonwebtoken have siphoned credentials and crypto wallet data.

๐Ÿง‘โ€๐Ÿ’ป How It Happened

The phishing campaign used a fake npm website clone to steal login credentials and 2FA codes from a maintainer. Hackers transferred $164,100 (674.86 SOL) to their wallet before detection.

๐Ÿ›ก๏ธ The Bigger Challenge

Security experts emphasize the fragility of trust in open-source ecosystems. Social engineering attacks often target just a few developers but can have significant financial and operational impacts.

๐Ÿ” Takeaway:

This attack underscores the importance of vigilance in the software development pipeline. Developers must:

  • Regularly audit dependencies.

  • Employ robust account security (e.g., hardware-based 2FA).

  • Stay informed about potential risks in the open-source community.

  • Protect your code, your keys, and your wallet. ๐Ÿ›ก๏ธ

๐Ÿ—ž๏ธ Extra, Extra! Read all about it! ๐Ÿ—ž๏ธ

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • ๐Ÿ›ก๏ธ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday ๐Ÿ“…

  • ๐Ÿ’ตCrypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for ๐Ÿ†“

  • ๐Ÿ“ˆBitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future ๐Ÿ‘พ

Let us know what you think.

So long and thanks for reading all the phish!

footer graphic cyber security newsletter

Recent articles