A naukri.com initiative
Sentinelone
1M
390
Image Credit: Sentinelone
The Good, the Bad and the Ugly in Cybersecurity – Week 39
- The US government has indicted a Russian money launderer and imposed sanctions on two illegal virtual currency exchanges that have links to ransomware operations and other threat actors, including brokers and darknet vendors.
- PM2BTC, one of the exchanges, has long-standing ties with Russia and Russian-affiliated financial institutions many of which are also sanctioned, and provides convertible virtual currency-to-ruble exchange services with no anti-money laundering or KYC programmes in place.
- Cryptex, the second exchange, was found to have processed $51.2m in ransomware-derived funds and handled over $720m in suspicious transactions tied to Russian cybercriminals.
- The Department of State has issued a $10m reward for information leading to the arrest of Sergey Sergeevich Ivanov, who has allegedly facilitated hundreds of millions in virtual transactions using various payment processors to do business with malicious parties.
- Mallox ransomware affiliate TargetCompany has now turned to a version of Kryptina ransomware to target Linux machines, showing the ever-evolving tactics within the ransomware ecosystem.
- Initially launched as a low-cost ransomware-as-a-service platform for Linux, in February 2024, the platform’s alleged administrator leaked its source code for free, leading to various ransomware actors to repurpose Kryptina’s code.
- The new version, dubbed Mallox Linux 1.0, retains Kryptina’s core source code, encryption mechanisms and command line functions. Experts warn that ransomware groups will continue to cross-pollinate toolsets and codebases in order to advance.
- North Korean-tied threat group Kimsuky has developed two new malware strains, KLogEXE and FPSpy, both of which are being delivered through targeted spear-phishing emails designed to look like legitimate communications.
- KLogEXE is a variant of a previously documented PowerShell-based keylogger, while FPSpy can enumerate files, drives and folders and execute further payloads; researchers have noted similarities in the source code of both strains, leading to the idea of a common author.
- While Kimsuky attacks remain extremely targeted and focused on specific industries and regions, its use of both KLogEXE and FPSpy illustrates the group's ongoing effort to enhance its malware arsenal and expand its operational reach.
Read Full Article
23 Likes
For uninterrupted reading, download the app