flipboard.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Welcome to Flipboard on Mastodon. A place for our community of curators and enthusiasts to inform and inspire each other. If you'd like to join please request an invitation via the sign-up page.

Administered by:

Server stats:

1.1K
active users

#cybercrime

141 posts77 participants34 posts today

BKA (Germany): Administrator der größten deutschsprachigen Handelsplattform für illegale Waren und Dienstleistungen festgenommen (German language)
English translated title: "Administrator of the largest German-speaking trading platform for illegal goods and services arrested"
Germany's Federal Criminal Police Office (BKA) shut down the servers belonging to the criminal trading platform "Crimenetwork" and arrested one of the administrators yesterday. The platform was considered the largest German-speaking online marketplace for the underground economy and had been active for many years. Crimenetwork served as a marketplace for illegal goods and services, especially stolen data, drugs and forged documents since 2012. Crimenetwork used Bitcoin (BTC) and Monero (XMR) and received commission payments of 1-5% of the sale value for processing the sales. Sellers also paid monthly fees to the platform for advertising and sales licenses. BKA said that between 2018-2024, sales generated at least 1,000 BTC (today worth 90 million Euros) and 20,000 XMR (3 million Euros) were generated via Crimenetwork. The 29-year old is the technical administrator for the platform. Assets around 1.000.000€ (one million Euros) in cryptocurrency assets were seized along with "extensive evidence and high-value vehicles."

h/t Bleeping Computer: Police seizes largest German online crime marketplace, arrests admin

Continued thread

Dutch National Police: Opnieuw versleutelde communicatiedienst criminelen ontmanteld (Dutch language)
English translated title: "Criminals' Encrypted Communications Service Dismantled Again." Politie provides more information in their press release compared to EUROPOL (see parent toot above). MATRIX is an international crypto communication service considered the successor to ANOM, Sky ECC and EncroChat which were previously taken down. The Matrix takedown is known as Operation Passionflower:

At the request of the Dutch authorities, two people were arrested in Marbella, Spain by the Policia nacional, udyco central. This concerns the suspected owner and manager of the service, a 52-year-old man of Lithuanian nationality. A 30-year-old Dutch suspect was also arrested who actively participated in the criminal service for some time. This Dutch suspect is also suspected of international cocaine trafficking in 2020 based on messages from the crypto communication service Sky ECC. There have been 6 house searches in southern Spain and a freezing order has been placed on one of the homes, with an estimated value of more than 15 million euros. The most important servers in France and Germany have been taken down. During the actions, 145,000 euros in cash and half a million euros in cryptocurrencies were seized. In addition, four vehicles were seized and more than 970 telephones were seized. There were also 6 searches in Lithuania today. The police do not rule out more arrests.

www.politie.nlOpnieuw versleutelde communicatiedienst criminelen ontmanteldOpnieuw is het opsporingsdiensten gelukt om een internationale cryptocommunicatiedienst te ontmantelen. Deze dienst, Matrix, wordt gezien als de opvolger van voorgangers als ANOM, Sky ECC en EncroChat. De politie wist ruim 2,3 miljoen berichten te onderscheppen en mee te lezen, die vervolgens kunnen worden gebruikt in opsporingsonderzoeken wereldwijd. Tijdens de internationale operatie, ondersteund door Eurojust en Europol, werd de cryptocommunicatiedienst vandaag door Nederlandse en Franse autoriteiten neergehaald en vonden er in Spanje twee aanhoudingen plaats.

Untergrund-Marktplatz: BKA legt Crimenetwork still und verhaftet Techniker

Ermittler werfen dem Verdächtigen vor, eine illegale Handelsplattform im Darknet betrieben und sich an Drogenhandel beteiligt zu haben. Er sitzt in U-Haft.

heise.de/news/Untergrund-Markt

heise online · Untergrund-Marktplatz: BKA legt Crimenetwork still und verhaftet Techniker
More from Dr. Christopher Kunz

EUROPOL: International operation takes down another encrypted messaging service used by criminals
MATRIX is an encrypted messaging service "made by criminals for criminals," that was invitation-only. It was first discovered by Dutch authorities on the phone of a criminal who murdered a Dutch journalist in 2021. Today EURPOL announced the takedown of MATRIX by Dutch and French authorities (infrastructure contained over 40 servers), and several search warrants and arrests were executed in Spain, the Netherlands, Lithuania, France, and Germany. Law enforcement was able to monitor messages for 3 months, deciphering over 2.3 million messages in 33 languages. Intercepted messages were linked to international drug trafficking, arms trafficking and money laundering.

EuropolInternational operation takes down another encrypted messaging service used by criminals | EuropolBlack glove holding phone
Continued thread

Unit 42: Threat Assessment: Howling Scorpius (Akira Ransomware)
Not to be outdone by Check Point Research, Unit 42 provides a whole ransomware actor profile for Akira Ransomware. Akira is a Ransomware-as-a-Service (RaaS) group relying on a double extortion strategy. They operate a Tor-based data leak site for listing victims and exfiltrating stolen data. Unit 42 describes targeted regions and industries, and provides a technical analysis of Akira's attack lifecycle. Vulnerabilities they exploit include CVE-2020-3259 (7.5 high) Cisco ASA and FTD Information Disclosure Vulnerability and CVE-2023-20269 (5.0 medium) Cisco ASA and FTD Unauthorized Access Vulnerability. Indicators of compromise include Check Point Research's single SHA256 hash, listed as Akira_v2.

Unit 42 · Threat Assessment: Howling Scorpius (Akira Ransomware)By Yoav Zemah

Check Point Research (CPR): Inside Akira Ransomware's Rust Experiment
Check Point Research analyzed the construction and control flow of Akira ransomware's Rust version that circulated in early 2024, which has specific features uniquely targeting ESXi servers. Their analysis demonstrates how Rust idioms, boilerplate code, and compiler strategies come together to account for the complicated assembly. The report outlines principles to follow when analyzing in-the-wild Rust binaries in general. We present an analysis of the design strategies used by the malware's authors, as indicated by the assembly and parts of the reconstructed source code. Indicators of compromise provided.

Check Point Research · Inside Akira Ransomware's Rust Experiment - Check Point ResearchExecutive Summary Introduction Earlier this year, Talos published an update on the ongoing evolution of Akira ransomware-as-a-service (RaaS) that has become one of the more prominent players in the current ransomware landscape. According to this update, for a while in early 2024, Akira affiliates experimented with promoting a new cross-platform variant of the ransomware called […]