Two decade malware snagged.

May 10 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s uncovering more state problems than Imran Khan.

Thought we would start our Wednesday with some Humpday happiness.

iPhone Users – Make sure to update to IOS 16.4.1 (a)

This new release is the new RSR ( its first ever rapid security response update ) does what it says on the tin… its a security only upgrade containing important fixes for SERIOUS Iphone vulnerabilities, which should hopefully patch threats quicker for IOS.

However there have been complaints of battery power running out quicker since the updates, I don’t know what’s worse my phone being hacked or my iPhone running out of battery, maybe its time to get my Nokia out, that battery lasted days.

Today’s hottest cyber security stories:

  • US Justice Department doing what they do best… taking down the Russian FSB
  • 2 for 2 US Justice Department take out DDoS services

A WHOLE NEW LEVEL OF SNAKE SNAGGING (AND NOT THE NOKIA GAME)

Oh boy, have you heard the news? The US Justice Department just busted a long-running cyberespionage campaign by the Russians, snagging Snake malware in the process. According to the Department, this malware has been used for two decades by Russia’s Federal Security Service (FSB), and it was routed through compromised computers in the US to cover their tracks.

These Russian hackers are no joke – they targeted more than 50 countries, including NATO members. They hacked hundreds of computer systems belonging to foreign governments and stole sensitive information. Talk about gutsy! And get this, an unidentified journalist for a US news organization who reported on Russia was also a specific target.

Prosecutors linked the espionage to a unit of Russia’s FSB and accused the hackers of stealing information from select targets of interest to the Kremlin. The Justice Department identified the location of the operation as a known FSB facility in Ryazan, Russia. That’s like a dog leaving a trail of bones straight to their den!

The FSB unit responsible for the malware  – Turla – is said to have revised it multiple times to avoid being shut down. I mean, if you’re already a dog deep in the junkyard, you gotta look for different ways to dodge the guard dog, right?

But the Justice Department wasn’t letting them get away with it. They came up with a specialised tool called Perseus that caused the malware to effectively self-destruct. Woof! Talk about a cyber takedown.

Assistant Attorney General Matthew Olsen – the head of the Justice Department’s National Security Division – said in a statement, “For 20 years, the FSB has relied on the Snake malware to conduct cyberespionage against the United States and our allies — that ends today.” That’s a confident statement, but we’ll see if the FSB learns any new tricks.

All in all, this was a very consequential operation. These cyber dogs were able to exfiltrate sensitive documents from NATO countries. But now, all those bones are buried – the malware is out, the hackers are busted and justice has been served. Go America!

GUNS FOR HIRE, DDOS FOR HIRE, WHAT NEXT…

Emilio Estevez is coming out of retirement, Young Guns 4…. jk jk

The US authorities announced the seizure of 13 websites that provide DDoS-for-hire services to cybercriminals. This was part of a worldwide operation aimed at dismantling these criminal enterprises. These services allow paying users to launch DDoS attacks against targets of interest, including schools, universities, financial institutions and government websites. Such attacks not only harm victims but also sever internet connections for other customers.

In December 2022, 48 similar services were dismantled as part of a sweep. Ten of the domains seized in this latest crackdown were reincarnations of previous booter or stresser services. Booter services continue to proliferate because they have a low barrier to entry.

The US Department of Justice (DoJ) charged six individuals in December, four of whom have pleaded guilty. The department also charged Denis Gennadievich Kulkov, a Russian national, who created and turned one of the services into a primary tool of the illicit credit card trade. He had a $10m bounty on his head, and the State Department is also offering a separate bounty of up to $1m for information that will help to identify other key leaders.

One of the targeted booter services, Try2Check, launched in 2005, processing tens of millions of credit card checks every year. It facilitated the operations of several major card shops that specialized in bulk trafficking of stolen credit cards. The site’s illegal operation allowed the founder to make at least $18m in bitcoin.

In summary, the crackdown on DDoS-for-hire services is necessary to protect victims and the wider online community. However, these booter services continue to escalate, making it challenging to completely eradicate them. If you are looking to engage in cyber-criminal activity, think twice before using these booter services. The DoJ and other agencies worldwide are working tirelessly to dismantle these infrastructures and prosecute those involved.

Well its a day for the books for the American hero’s in the US Justice Department.

So long and thanks for reading all the phish!

Recent articles