Security News Round-Up: Well-Known Russian Hacker Found Selling Corporate Network Access
Well-Known Russian Hacker Found Selling Corporate Network Access
According to Info Security Magazine, a notorious Russian hacker made over $1.5 million through selling access to various corporate networks as he gained entry to them over a three year period. The companies spanned a number of industries and countries, totaling 150 different victims across 44 nations around the world. Four of the affected companies were of the Fortune 500, says the article, and 9% of total victims were governments. The criminal operates under the name “Fxmsp” and was successful enough in his endeavors to hire a manager of sales for his operation.
Nigerian Man Admits to Carrying Out $11M BEC Scam
Obinwanne Okeke, a 32 year old Nigerian man, pleaded guilty to carrying out an $11 million BEC scam on Unatrac Holding Ltd., a sales office in the U.K. affiliated with manufacturing company Caterpillar, as stated by Bank Info Security. The operation took place from 2015 all the way until 2019 when Okeke was arrested on conspiracy to commit computer and wire fraud. In 2018, Okeke and his co-conspirators were able to successfully steal the credentials of the company’s CFO via a phishing link and fake Microsoft 365 login page. The criminals then accessed it 464 different times, often to send false financial requests on the CFO’s behalf, the article states.
Data of Twitter’s Business Customers Exposed
A misconfiguration letting data be seen in browser cache’s was found by Twitter on May 20th, says Info Security Magazine. The social network’s business customers were affected, but other users of the platform were not included. Phone numbers, email addresses, and the last four digits of customers’ cards were amongst the exposed data, the article notes. The impacted billing information is from ads.twitter.com and analytics.twitter.com. A similar incident occurred within the company only a month prior, also involving information being exposed in browser caches, specifically Mozilla Firefox.
Data of 1.2M Online Gaming Platform Users Sold on Dark Web
Stalker Online, an online platform for gaming that allows multiple users to play together, had the data of 1.2 million of its users stolen and listed on the dark web. An additional 136,000 user records were compiled into a database and listed for sale on a number of other hacking forums, says Hack Read. Included in the stolen data were usernames, email IDs, MD5 salted and hashed passwords, IP addresses, and contact numbers, according to the article. The data has been tested via purchases from the hackers and the records have been found to be accurate.
Cyber Criminal Involved in Fraud Loses $90 Million Seized by Police
Funds stolen by Alexander Vinnik, a cybercriminal who ran a BTC-e cryptocurrency exchange, had $90 million seized from his company known as Canton Business Corp. According to Bank Info Security, the New Zealand company was simply set up to hold stolen funds, even after the exchange was shut down back in 2017. Vinnik, who is being held in France in custody, has since claimed to not be the one who ran the exchange but rather a technical consultant to it. Over $105 million from the operation was uncovered and unfrozen by authorities back in 2017, the article states, in addition to $42 million of Canton Business Corp’s property and assets.