Found 109 bookmarks
Newest
Google confirms fraudulent account created in law enforcement portal
Google confirms fraudulent account created in law enforcement portal
Google has confirmed that hackers created a fraudulent account in its Law Enforcement Request System (LERS) platform that law enforcement uses to submit official data requests to the company "We have identified that a fraudulent account was created in our system for law enforcement requests and have disabled the account," Google told BleepingComputer. "No requests were made with this fraudulent account, and no data was accessed." The FBI declined to comment on the threat actor's claims. This statement comes after a group of threat actors calling itself "Scattered Lapsus$ Hunters" claimed on Telegram to have gained access to both Google's LERS portal and the FBI's eCheck background check system. The group posted screenshots of their alleged access shortly after announcing on Thursday that they were "going dark." The hackers' claims raised concerns as both LERS and the FBI's eCheck system are used by police and intelligence agencies worldwide to submit subpoenas, court orders, and emergency disclosure requests. Unauthorized access could allow attackers to impersonate law enforcement and gain access to sensitive user data that should normally be protected. The "Scattered Lapsus$ Hunters" group, which claims to consist of members linked to the Shiny Hunters, Scattered Spider, and Lapsus$ extortion groups, is behind widespread data theft attacks targeting Salesforce data this year. The threat actors initially utilized social engineering scams to trick employees into connecting Salesforce's Data Loader tool to corporate Salesforce instances, which was then used to steal data and extort companies. The threat actors later breached Salesloft's GitHub repository and used Trufflehog to scan for secrets exposed in the private source code. This allowed them to find authentication tokens for Salesloft Drift, which were used to conduct further Salesforce data theft attacks. These attacks have impacted many companies, including Google, Adidas, Qantas, Allianz Life, Cisco, Kering, Louis Vuitton, Dior, Tiffany & Co, Cloudflare, Zscaler, Elastic, Proofpoint, JFrog, Rubrik, Palo Alto Networks, and many more. Google Threat Intelligence (Mandiant) has been a thorn in the side of these threat actors, being the first to disclose the Salesforce and Salesloft attacks and warning companies to shore up their defenses. Since then, the threat actors have been taunting the FBI, Google, Mandiant, and security researchers in posts to various Telegram channels. Late Thursday night, the group posted a lengthy message to a BreachForums-linked domain causing some to believe the threat actors were retiring. "This is why we have decided that silence will now be our strength," wrote the threat actors. "You may see our names in new databreach disclosure reports from the tens of other multi billion dollar companies that have yet to disclose a breach, as well as some governmental agencies, including highly secured ones, that does not mean we are still active." However, cybersecurity researchers who spoke with BleepingComputer believe the group will continue conducting attacks quietly despite their claims of going dark. Update 9/15/25: Article title updated as some felt it indicated a breach.
#bleepingcomputer.com#EN#2025#Data-Request#Extortion#FBI#Google#Lapsus$#Scattered-Spider#ShinyHunters
·bleepingcomputer.com·
Google confirms fraudulent account created in law enforcement portal
FBI warns of Scattered Spider and ShinyHunters attacks on Salesforce platforms
FBI warns of Scattered Spider and ShinyHunters attacks on Salesforce platforms
| The Record from Recorded Future News Jonathan Greig September 15th, 2025 Hackers connected to the Scattered Spider and ShinyHunters cybercriminal operations are extorting organizations for exorbitant ransoms after stealing data from Salesforce, the FBI warned. The agency released a flash notice on Friday with information about an ongoing data theft campaign that has impacted hundreds of businesses this year. The FBI refers to the hackers as both UNC6040 and UNC6395 and by their colloquial names of ShinyHunters and Scattered Spider, respectively. After months spent breaching some of the largest companies in the world, the hackers are now attempting to extort victim organizations — threatening to leak troves of customer data, business documents and more. The FBI did not say how many victims have received extortion emails demanding payment in cryptocurrency but they noted that the monetary demands have varied widely and are made at seemingly random times. Some extortion incidents were initiated days after data exfiltration while others took place months later. The FBI said the campaign began in October 2024 when members of the group gained access to organizations through social engineering attacks that involved contacting call centers and posing as IT employees. That scheme typically gave the cybercriminals access to employee credentials that were then leveraged to access Salesforce instances holding customer data. In other cases, the hackers used phishing emails or texts to take over employees’ phones or computers. The hackers evolved their tactics throughout the summer, switching to exploiting third-party applications that organizations linked to their Salesforce instances. “UNC6040 threat actors have deceived victims into authorizing malicious connected apps to their organization's Salesforce portal,” the FBI said. “This grants UNC6040 threat actors significant capabilities to access, query, and exfiltrate sensitive information directly from the compromised Salesforce customer environments.” By August, the hackers began targeting the Salesloft Drift application, an AI chatbot that can be integrated with Salesforce. The tactic allowed them to bypass traditional defenses like multifactor authentication, login monitoring and password resets, the FBI explained. In some cases, the FBI has found that the hackers created malicious applications within Salesforce trial accounts that allowed them to register connected apps without using a legitimate corporate account. On Monday, Reuters and the BBC confirmed that Kering — the French conglomerate that owns Gucci, Balenciaga and Alexander McQueen — was attacked by the same ShinyHunters cybercriminals. ShinyHunters told the BBC that it stole information connected to 7.4 million unique email addresses. The hackers told another news outlet that they stole the information in late 2024 but only began negotiating a ransom in June 2025. Last week, a critical government agency in Vietnam confirmed that millions of financial records were stolen in an attack claimed by ShinyHunters. The cybercriminals previously took credit for devastating campaigns targeting giants in the insurance, retail and aviation industries. The FBI provided indicators of compromise that potential victims can use to see whether they have been affected by the hacking campaigns and urged companies to train call center employees on the tactics used. The agency also said companies should limit the privileges of almost every employee account, enforce IP-based access restrictions, monitor API usage and more. Experts said the information provided by the FBI showed how sophisticated the actors are at abusing legitimate tools for nefarious purposes, like Azure cloud infrastructure, virtual servers, Tor exit nodes and proxy services to obfuscate their origin. Scattered retirement? The FBI notice came shortly after the group made several posts on Telegram claiming to be retiring. The group blamed a recent string of arrests, law enforcement activity and criminal convictions against members as their reason for ceasing the current operation. Cybersecurity experts were dubious about the disbanding claims, noting that cybercriminal operations often make similar claims before reconstituting under different names. Some theorized the hackers are likely going to enjoy the spoils of their recent extortion campaigns before returning to cybercriminal activity. Sam Rubin, a senior official with Palo Alto Networks’ Unit 42, said recent arrests may have prompted the group to lay low, but history says such activity is often temporary. “Groups like this splinter, rebrand, and resurface — much like ShinyHunters. Even if public operations pause, the risks remain: stolen data can resurface, undetected backdoors may persist, and actors may re-emerge under new names,” he said. “Silence from a threat group does not equal safety.”
#therecord.media#EN#2025#ScatteredSpider#ShinyHunters#FBI#Salesforce
·therecord.media·
FBI warns of Scattered Spider and ShinyHunters attacks on Salesforce platforms
China’s ‘Typhoons’ changing the way FBI hunts sophisticated threats
China’s ‘Typhoons’ changing the way FBI hunts sophisticated threats
| CyberScoop By Tim Starks September 10, 202 Major cyber intrusions by the Chinese hacking groups known as Salt Typhoon and Volt Typhoon have forced the FBI to change its methods of hunting sophisticated threats, a top FBI cyber official said Wednesday. U.S. officials, allied governments and threat researchers have identified Salt Typhoon as the group behind the massive telecommunications hack revealed last fall but that could have been ongoing for years. Investigators have pointed at Volt Typhoon as a group that has infiltrated critical infrastructure to cause disruptions in the United States if China invades Taiwan and Americans intervene. Those hacks were stealthier than in the past, and more patient, said Jason Bilnoski, deputy assistant director of the FBI’s cyber division. The Typhoons have focused on persistent access and gotten better at hiding their infiltration by using “living off the land” techniques that involve using legitimate tools within systems to camouflage their efforts, he said. That in turn has complicated FBI efforts to share indicators of compromise (IOCs). “We’re having to now hunt as if they’re already on the network, and we’re hunting in ways we hadn’t before,” he said at the Billington Cybersecurity Summit. “They’re not dropping tools and malware that we used to see, and perhaps there’s not a lot of IOCs that we’d be able to share in certain situations.” The hackers used to be “noisy,” with an emphasis on hitting a target quickly, stealing data and then escaping, Bilnoski said. But now for nation-backed attackers, “we’re watching exponential leaps” in tactics, techniques and procedures, he said. Jermaine Roebuck, associate director for threat hunting at the Cybersecurity and Infrastructure Security Agency, said his agency is also seeing those kinds of changes in the level of stealth from sophisticated hackers, in addition to “a significant change” in their intentions and targeting. “We saw a lot of espionage over the last several years, but here lately, there’s been a decided shift into computer network attack, prepositioning or disruption in terms of capabilities,” he said at the same conference. The targeting has changed as organizations, including government agencies, have shifted to the cloud. “Well, guess what?” he asked. “The actors are going toward the cloud” in response. They’ve also focused on “edge devices,” like devices that supply virtual private network connections or other services provided by managed service providers, Roebuck said. Organizations have less insight into the attacks those devices and providers are facing than more direct intrusions, he said.
#cyberscoop.com#EN#2025#US#FBI#China#SaltTyphoon#Typhoons
·cyberscoop.com·
China’s ‘Typhoons’ changing the way FBI hunts sophisticated threats
The FBI Destroyed an Internet Weapon, but Criminals Picked Up the Pieces
The FBI Destroyed an Internet Weapon, but Criminals Picked Up the Pieces
wsj.com By Robert McMillan Sept. 15, 2025 7:00 am ET Botnets, massive networks of hacked devices, are being used for dangerous attacks, one of which recently set a world record The Federal Bureau of Investigation recently disrupted a network of hacked devices used by criminals in some of the largest online attacks yet seen. Now those devices have been hacked by someone new to build an even bigger weapon. Law-enforcement agencies and technology companies are waging a war against increasingly powerful networks of hacked devices, called botnets, that can knock websites offline for a fee. They are used for extortion and by disreputable companies to knock rivals offline, federal prosecutors say. But lately, a new age of dangerous botnets has arrived, and existing internet infrastructure isn’t prepared, some network operators say. These botnets are leveraging new types of internet-connected devices with faster processors and more network bandwidth, offering them immense power. The criminals controlling the botnets now have the capabilities to move beyond website takedowns to target internet connectivity and disrupt very large swaths of the internet. “Before the concern was websites; now the concern is countries,” said Craig Labovitz, head of technology with Nokia’s Deepfield division. In August, federal prosecutors charged a 22-year-old Oregon man with operating a botnet that had shut down the X social-media site earlier this year. But the FBI’s takedown last month appeared to have an unwanted consequence: freeing up as many as 95,000 devices to be taken over by new botnet overlords. That led to a free-for-all to take over the machines “as fast as possible,” said Damian Menscher, a Google engineer. The operators of a rival botnet, called Aisuru, seized control of more than one-fourth of them and immediately started launching attacks that are “breaking records,” he said. On Sept. 1, the network services company Cloudflare said it had measured an attack that clogged up computer networks with 11.5 trillion bits of junk information per second. That is enough to consume the download bandwidth of more than 50,000 consumer internet connections. In a post to X, Cloudflare declared this attack, known as a distributed denial of service, or DDoS, a “world record” in terms of intensity. Some analysts see it almost as an advertisement of the botnet’s capabilities. It was one of several dozen attacks of a similar size that network operators have witnessed over the past weeks. The attacks were very short in duration—often lasting just seconds—and may be demonstrations of the Aisuru capabilities, likely representing just a fraction of their total available bandwidth, according to Nokia. With the world’s increasing dependence on computer networks, denial-of-service attacks have become weapons of war. Russia’s intelligence service, the GRU, used DDoS attacks on Ukraine’s financial-services industry as a way to cause disruption ahead of its 2022 invasion, U.K. authorities have said. Botnets such as Aisuru are made up of a range of internet-connected devices—routers or security cameras, for example—rather than PCs, and often these machines can only join one botnet at a time. Their attacks can typically be fended off by the largest cloud-computing providers. One massive network that Google disrupted earlier this year had mushroomed from at least 74,000 Android devices in 2023 to more than 10 million devices in two years. That made it the “largest known botnet of internet-connected TV devices,” according to a July Google court filing. This network was being used to click billions of Google advertisements in an ad fraud scheme, Google said, but the massive network “could be used to commit more dangerous cybercrimes, such as ransomware” or denial-of-service attacks, the Google filing said. To date, denial-of-service attacks are spawned from networks like Aisuru that typically include tens of thousands of computers, not millions, making them easier to defend against. In the past year, a very large botnet that has typically been used for fraud began launching online attacks. Called ResHydra, it is made up of tens of millions of devices, according to Nokia. Res Hydra represents a whole new level of problem, said Chris Formosa, a researcher with the networking company Lumen’s Black Lotus Labs. Harnessing a botnet of that size would “do extreme damage to a country.”
#wsj.com#EN#2025#Aisuru#botnet#DDoS#FBI
·wsj.com·
The FBI Destroyed an Internet Weapon, but Criminals Picked Up the Pieces
U.S. Government Seizes Online Marketplaces Selling Fraudulent Identity Documents Used in Cybercrime Schemes
U.S. Government Seizes Online Marketplaces Selling Fraudulent Identity Documents Used in Cybercrime Schemes
justice.gov District of New Mexico | U.S. Government Seizes Online Marketplaces Selling Fraudulent Identity Documents Used in Cybercrime Schemes | United States Department of Justice Thursday, August 28, 2025 The operators of VerifTools produced and sold counterfeit driver’s licenses, passports, and other identification documents that could be used to bypass identity verification systems and gain unauthorized access to online accounts. ALBUQUERQUE – The U.S. Attorney’s Office for the District of New Mexico announced today the seizure of two marketplace domains and one blog used to sell fraudulent identity documents to cybercriminals worldwide. The operators of VerifTools produced and sold counterfeit driver’s licenses, passports, and other identification documents that could be used to bypass identity verification systems and gain unauthorized access to online accounts. The Federal Bureau of Investigation (FBI) began investigating in August 2022 after discovering a conspiracy to use stolen identity information to access cryptocurrency accounts. The investigation revealed that VerifTools offered counterfeit identification documents for all 50 U.S. states and multiple foreign countries for as little as nine dollars, payable in cryptocurrency. The FBI used the VerifTools marketplace to generate and purchase counterfeit New Mexico driver’s licenses, which were paid for with cryptocurrency. The FBI has identified the equivalent of approximately $6.4 million of illicit proceeds linked to the VerifTools marketplace. The following counterfeit documents are an example of New Mexico driver’s licenses obtained from VerifTools. “The internet is not a refuge for criminals. If you build or sell tools that let offenders impersonate victims, you are part of the crime,” said Acting U.S. Attorney Ryan Ellison. “We will use every lawful tool to disrupt your business, take the profit out of it, and bring you to justice. No one operation is bigger than us together. With our partners at every level of law enforcement we will protect New Mexicans and defend those who stand up for our community.” "The removal of this marketplace is a major step in protecting the public from fraud and identity theft crime," said Philip Russell, Acting Special Agent in Charge of the FBI Albuquerque Division. "Together with our partners, we will continue to target and dismantle the platforms that criminals depend on, no matter where they operate." Acting U.S. Attorney Ryan Ellison and Acting Special Agent in Charge Philip Russell of the FBI’s Albuquerque Field Office made the announcement today. The FBI’s Albuquerque Field Office investigated this case. The Justice Department’s Office of International Affairs provided valuable assistance. The Justice Department collaborated closely with investigators and prosecutors from multiple jurisdictions in this investigation, including the District of New Mexico, Eastern District of Virginia, the Dutch National Police and the Netherlands Public Prosecution Service.
#justice.gov#EN#2025#US#FBI#VerifTools#seized#Fraudulent#identity
·justice.gov·
U.S. Government Seizes Online Marketplaces Selling Fraudulent Identity Documents Used in Cybercrime Schemes
Microsoft Asked FBI for Help Tracking Palestinian Protests
Microsoft Asked FBI for Help Tracking Palestinian Protests
bloomberg.com 2025-08-26 - Twenty activists urging company to sever ties with Israeli military were arrested last week. Executive Brad Smith said he welcomed discussion but not disruption. For the better part of a year, Microsoft Corp. has failed to quell a small but persistent revolt by employees bent on forcing the company to sever business ties with Israel over its war in Gaza. The world’s largest software maker has requested help from the Federal Bureau of Investigation in tracking protests, worked with local authorities to try and prevent them, flagged internal emails containing words like “Gaza” and deleted some internal posts about the protests, according to employees and documents reviewed by Bloomberg. Microsoft has also suspended and fired protesters for disrupting company events. Despite those efforts, a steady trickle of employees, sometimes joined by outside supporters, continue to speak out in an escalating guerilla campaign of mass emails and noisy public demonstrations. While still relatively small, the employee activism is notable given the weakening job market and the Trump administration’s crackdown on pro-Palestinian protests. Last week, 20 people were arrested on a plaza at Microsoft’s Redmond, Washington, headquarters after disregarding orders by police to disperse. Instead, they chanted and called out Microsoft executives by name, linking arms as police dismantled their makeshift barricades and, one by one, zip-tied them and led them away. On Tuesday, protesters occupied the office of Microsoft President Brad Smith, sharing video on the Twitch livestreaming platform that showed them chanting, hanging banners and briefly attempting to barricade a door with furniture. Smith didn’t appear to be there. Police detained at least two people who entered a building that houses the offices of senior executives, said Jill Green, a spokesperson for the Redmond Police Department. Others were protesting outside, she said. An employee group called No Azure for Apartheid says that by selling software and artificial intelligence tools to Israel’s military, the company’s Azure cloud service is profiting from the deaths of civilians. Microsoft denies that, but the protests threaten to dent its reputation as a thoughtful employer and reasonable actor on the world stage. In recent years, Microsoft has generally stayed above the fray while its industry peers battled antitrust investigations, privacy scandals or controversial treatment of employees. Now Microsoft is being forced to grapple with perhaps the most politically charged issue of the day: Israel’s treatment of Palestinians. Earlier this month, the company announced an investigation into reports by the Guardian newspaper and other news outlets that Israel’s military surveillance agency intercepted millions of Palestinian mobile phone calls, stored them on Microsoft servers then used the data to select bombing targets in Gaza. An earlier investigation commissioned by Microsoft found no evidence its software was used to harm people. Microsoft says it expects customers to adhere to international law governing human rights and armed conflict, and that the company’s terms of service prohibit the use of Microsoft products to violate people’s rights. “If we determine that a customer — any customer — is using our technology in ways that violate our terms of service, we will take steps to address that,” Smith said in an interview last week, adding that the investigation should be completed within several weeks. Smith said employees were welcome to discuss the issue internally but that the company will not tolerate activities that disrupt its operation or staffers. After Hamas’s deadly Oct. 7, 2023 attack on Israel, Microsoft executives were quick to offer condolences and support to employees. “Let us stand together in our shared humanity,” then-human resources chief Kathleen Hogan said in a note a few days after the attacks, which killed some 1,200 people, including civilians and soldiers. Unity was short-lived: Jewish employees lamented what they said was a troubling rise in antisemitism. Palestinian staffers and their allies accused executives of ignoring concerns about their welfare and the war in Gaza, which has killed tens of thousands. The debate continued in internal chatrooms, meetings with human resources leaders and in question-and-answer sessions with executives. But the chatter was mostly limited to Microsoft’s halls. That changed in early April at a bash Microsoft hosted to mark the 50th anniversary of the company’s founding. Early that morning, Vaniya Agrawal picked up Ibtihal Aboussad and drove to Microsoft’s campus. The two early-career company engineers — who respectively hail from the Chicago area and Morocco — had both decided to leave Microsoft over its ties to Israel, which had been documented in a series of articles, including by the Associated Press, and reached out to No Azure for Apartheid. “This isn’t just Microsoft Word with a little Clippy in the corner,” said Agrawal, who was arrested on Wednesday. “These are technological weapons. Cloud and AI are just as deadly as bombs and bullets.”
#bloomberg.com#EN#2025#Microsoft#Israel#FBI#US
·bloomberg.com·
Microsoft Asked FBI for Help Tracking Palestinian Protests
Arizona woman sentenced to 8.5 years for running North Korean laptop farm
Arizona woman sentenced to 8.5 years for running North Korean laptop farm
therecord.media - Prosecutors said Chapman helped the North Korean IT workers obtain jobs at 309 companies, including a major television network, a car maker, a media company, a Silicon Valley technology company and more. A U.S. District Court judge sentenced an Arizona woman to eight and a half years in prison for running a laptop farm used by North Korea’s government to perpetrate its IT worker scheme. Christina Chapman pleaded guilty in February to wire fraud, money laundering and identity theft after the FBI discovered she was an instrumental cog in a wider campaign to get North Koreans hired in six-figure IT roles at prominent companies. Prosecutors said Chapman helped the North Korean IT workers obtain jobs at 309 companies, including a major television network, a car maker, a media company, a Silicon Valley technology company and more. Members of the same group unsuccessfully tried to get employed at two different U.S. government agencies. After North Korean officials obtained employment using fake identities, work laptops were sent to a home owned by Chapman, where she enabled the workers to connect remotely to the U.S. companies’ IT networks on a daily basis. The FBI seized more than 90 laptops from Chapman’s home during an October 2023 raid. In addition to hosting the laptops and installing software that allowed the North Koreans to access them remotely, she also shipped 49 laptops to locations overseas, including multiple shipments to a Chinese city on the North Korean border. In total, Chapman’s operation helped generate $17 million for the North Korean government. Security companies and law enforcement have not said how many laptop farms they estimate are scattered across North America and Europe but the DOJ called Chapman’s case “one of the largest North Korean IT worker fraud schemes charged by the Department of Justice.” Her part of the operation involved 68 stolen identities and she reported millions in income to the IRS under the names of the people who had their identity stolen. She forged payroll checks with the fake identities and typically managed the wages received from U.S. companies through direct deposit. She would then transfer the earnings to people overseas. District Court Judge Randolph Moss ordered the 50-year-old Chapman to serve a 102-month prison term and three years of supervised release. She will have to forfeit nearly $300,000 that she planned to send to North Korea before her arrest and will pay a fine of more than $175,000. Chapman was arrested last May as part of a wider takedown of North Korea’s scheme to have hundreds of their citizens hired at unwitting U.S. companies in IT positions. Chapman was initially charged alongside a 27-year-old Ukrainian, Oleksandr Didenko, for helping at least three workers who operated under the aliases Jiho Han, Chunji Jin and Haoran Xu. The three were hired as software and applications developers with companies in a range of sectors and industries. U.S. State Department officials said the three North Koreans assisted by Chapman and Didenko “are linked to the DPRK’s Munitions Industry Department, which oversees the development of the DPRK’s ballistic missiles, weapons production, and research and development programs.” Didenko was arrested in Poland last year and the U.S. is seeking his extradition.
#therecord.media#EN#2025#North-Korea#workers#US#FBI#guilty#sentenced
·therecord.media·
Arizona woman sentenced to 8.5 years for running North Korean laptop farm
FBI Warning on IoT Devices: How to Tell If You Are Impacted
FBI Warning on IoT Devices: How to Tell If You Are Impacted
On June 5th, the FBI released a PSA titled “Home Internet Connected Devices Facilitate Criminal Activity.” This PSA largely references devices impacted by the latest generation of BADBOX malware (as named by HUMAN’s Satori Threat Intelligence and Research team) that EFF researchers also encountered primarily on Android TV set-top boxes. However, the malware has impacted tablets, digital projectors, aftermarket vehicle infotainment units, picture frames, and other types of IoT devices. One goal of this malware is to create a network proxy on the devices of unsuspecting buyers, potentially making them hubs for various potential criminal activities, putting the owners of these devices at risk from authorities. This malware is particularly insidious, coming pre-installed out of the box from major online retailers such as Amazon and AliExpress. If you search “Android TV Box” on Amazon right now, many of the same models that have been impacted are still up being sold by sellers of opaque origins. Facilitating the sale of these devices even led us to write an open letter to the FTC, urging them to take action on resellers. The FBI listed some indicators of compromise (IoCs) in the PSA for consumers to tell if they were impacted. But the average person isn’t running network detection infrastructure in their homes, and cannot hope to understand what IoCs can be used to determine if their devices generate “unexplained or suspicious Internet traffic.” Here, we will attempt to help give more comprehensive background information about these IoCs. If you find any of these on devices you own, then we encourage you to follow through by contacting the FBI's Internet Crime Complaint Center (IC3) at www.ic3.gov. The FBI lists these IoC: The presence of suspicious marketplaces where apps are downloaded. Requiring Google Play Protect settings to be disabled. Generic TV streaming devices advertised as unlocked or capable of accessing free content. IoT devices advertised from unrecognizable brands. Android devices that are not Play Protect certified. Unexplained or suspicious Internet traffic. The following adds context to above, as well as some added IoCs we have seen from our research.
#eff#EN#2025#guide#IoCs#FBI#BADBOX
·eff.org·
FBI Warning on IoT Devices: How to Tell If You Are Impacted
Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
A cartel affiliate notified an FBI agent about a hacker who infiltrated cameras and phones to track an FBI official’s meetings, the DOJ inspector general said. A hacker working on behalf of the Sinaloa drug cartel infiltrated cameras and phones to track an FBI official in Mexico investigating the drug lord El Chapo, then used data from that surveillance to kill and intimidate potential sources and witnesses the agent was meeting with, a Justice Department watchdog report revealed. An FBI case agent learned about the hacker from someone affiliated with the cartel in 2018, according to the inspector general report released Friday. “That individual said the cartel had hired a ‘hacker’ who offered a menu of services related to exploiting mobile phones and other electronic devices,” the report states. “According to the individual, the hacker had observed people going in and out of the United States Embassy in Mexico City and identified ‘people of interest’ for the cartel, including the FBI Assistant Legal Attache (ALA T), and then was able to use the ALA T’s mobile phone number to obtain calls made and received, as well as geolocation data, associated with the ALAT’s phone.
#cyberscoop#EN#2025#Sinaloa#cartel#hacker#FBI#US#El-Chapo#hired
·cyberscoop.com·
Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
FBI Releases Annual Internet Crime Report
FBI Releases Annual Internet Crime Report
April 23, 2025 The Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) has released its latest annual report. The 2024 Internet Crime Report combines information from 859,532 complaints of suspected internet crime and details reported losses exceeding $16 billion—a 33% increase in losses from 2023. The top three cyber crimes, by number of complaints reported by victims in 2024, were phishing/spoofing, extortion, and personal data breaches. Victims of investment fraud, specifically those involving cryptocurrency, reported the most losses—totaling over $6.5 billion. According to the 2024 report, the most complaints were received from California, Texas, and Florida. As a group, people over the age of 60 suffered the most losses at nearly $5 billion and submitted the greatest number of complaints. “Reporting is one of the first and most important steps in fighting crime so law enforcement can use this information to combat a variety of frauds and scams,” said FBI Director, Kash Patel. “The IC3, which is celebrating its 25th anniversary this year, is only as successful as the reports it receives; that’s why it’s imperative that the public immediately report suspected cyber-enabled criminal activity to the FBI.” To promote public awareness, the IC3 produces an annual report to aggregate and highlight the data provided by the general public. The quality of the data is a direct reflection of the information the public provides through the IC3 website. The IC3 standardizes the data by categorizing each complaint and analyzes the data to identify and forecast trends in internet crime. The annual report helps the FBI develop effective relationships with industry partners and share information for investigative and intelligence purposes for law enforcement and public awareness. The IC3, which was established in May 2000, houses nine million complaints from the public in its database and continues to encourage anyone who thinks they’ve been the victim of a cyber-enabled crime, regardless of dollar loss, to file a complaint through the IC3 website. The more comprehensive complaints the FBI receives, the more effective it will be in helping law enforcement gain a more accurate picture of the extent and nature of internet-facilitated crimes. The FBI recommends that everyone frequently review consumer and industry alerts published by the IC3. If you or your business are a victim of an internet crime, immediately notify all financial institutions involved in the relevant transactions, submit a complaint to www.ic3.gov, contact your nearest FBI field office, and contact local law enforcement. Learn more about the history of IC3 by listening to this previously released FBI podcast episode: Inside the FBI: IC3 Turns 20.
#fbi#US#2025#EN#Annual#Internet#Crime#Report
·fbi.gov·
FBI Releases Annual Internet Crime Report
Internet Crime Complaint Center (IC3) | FBI Warns of Scammers Impersonating the IC3
Internet Crime Complaint Center (IC3) | FBI Warns of Scammers Impersonating the IC3
The Federal Bureau of Investigation (FBI) warns the public about an ongoing fraud scheme where criminal scammers are impersonating FBI Internet Crime Complaint Center (IC3) employees to deceive and defraud individuals. Between December 2023 and February 2025, the FBI received more than 100 reports of IC3 impersonation scams.
#ic3.gov#EN#2025#US#scam#FBI#warning#IC3#impersonation
·ic3.gov·
Internet Crime Complaint Center (IC3) | FBI Warns of Scammers Impersonating the IC3
BreachForums taken down by the FBI? Dark Storm hackers say they did it “for fun”
BreachForums taken down by the FBI? Dark Storm hackers say they did it “for fun”
The notorious BreachForums online hacker marketplace appears to have been seized yet again. This time, it has been claimed by fellow hacktivst gang the Dark Storm Team – the same group believed responsible for last month’s massive outage of Elon Musk’s X. It all coincides with rumors swirling on social media Tuesday about the arrest of “IntelBroker,” one of BreachForums’ major players. The pro-Palestinian hacktivist group posted about the Breached takeover on its Dark Storm Team telegram channel early Tuesday morning (ET), claiming to have carried out the distributed denial-of-service (DDoS) attack “for fun.”
#cybernews#EN#2025#FBI#BreachForums#taken-down#IntelBroker#DarkStorm-Team
·cybernews.com·
BreachForums taken down by the FBI? Dark Storm hackers say they did it “for fun”
CISA and FBI: Ghost ransomware breached orgs in 70 countries
CISA and FBI: Ghost ransomware breached orgs in 70 countries
CISA and the FBI said attackers deploying Ghost ransomware have breached victims from multiple industry sectors across over 70 countries, including critical infrastructure organizations. #CISA #Computer #Cring #Critical #FBI #Ghost #InfoSec #Infrastructure #Ransomware #Security
#bleepingcomputer#EN#2025#Ghost#Ransomware#Critical-Infrastructure#Cring#CISA#FBI
·bleepingcomputer.com·
CISA and FBI: Ghost ransomware breached orgs in 70 countries
Hacker forums Cracked, Nulled and others, seized under FBI's 'Operation Talent'
Hacker forums Cracked, Nulled and others, seized under FBI's 'Operation Talent'
Hacker forums Cracked[.]io, Nulled[.]to, MySellIX[.]io, and StarkRDP[.]io on Wednesday are seized by the FBI, Europol, and international law enforcement as part of ‘Operation Talent.’ A large ‘‘Operation Talent’ seizure poster was splashed across most of the shady websites by Wednesday afternoon.
#cybernews#EN#2025#Cracked#Nulled#MySellIX#forum#seized#Operation-Talent#FBI#Europol
·cybernews.com·
Hacker forums Cracked, Nulled and others, seized under FBI's 'Operation Talent'
A Member of SiegedSec Group Arrested by FBI
A Member of SiegedSec Group Arrested by FBI
A key member of the notorious hacker group SiegedSec was arrested today by federal authorities. The arrest came just hours after the hacker published a provocative manifesto titled “The Conscience of a Catgirl.” The document offers sharp criticisms of governments, corporations, and the state of modern surveillance, right before the hacker was taken into custody.
#dailydarkweb#EN#2024#busted#SiegedSec#FBI#judische
·dailydarkweb.net·
A Member of SiegedSec Group Arrested by FBI
Russian Military Cyber Actors Target US and Global Critical Infrastructure
Russian Military Cyber Actors Target US and Global Critical Infrastructure
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) assess that cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm since at least 2020. GRU Unit 29155 cyber actors began deploying the destructive WhisperGate malware against multiple Ukrainian victim organizations as early as January 13, 2022. These cyber actors are separate from other known and more established GRU-affiliated cyber groups, such as Unit 26165 and Unit 74455.
#cisa#EN#2024#FBI#CISA#GRU#Global#Critical#Infrastructure#Unit29155#GRU-affiliated
·cisa.gov·
Russian Military Cyber Actors Target US and Global Critical Infrastructure
Moscow’s Spies Were Stealing US Tech — Until the FBI Started a Sabotage Campaign
Moscow’s Spies Were Stealing US Tech — Until the FBI Started a Sabotage Campaign
One day at the dawn of the 1980s, an FBI agent in his 30s named Rick Smith walked into the Balboa Café, an ornate, historic watering hole in San Francisco’s leafy Cow Hollow neighborhood. Smith, who was single at the time, lived nearby and regularly frequented the spot. As he approached the oak wood bar to order a drink he suddenly spotted a familiar face — someone Smith had met about a year before, after the man had walked into the Soviet Consulate in San Francisco. He was Austrian by birth, but a denizen of Silicon Valley, an entrepreneur who operated as a middleman between American tech companies and European countries hungry for the latest hi-tech goods.
#politico#EN#2024#sabotage#operation#history#US#URSS#SiliconValley#FBI
·politico.com·
Moscow’s Spies Were Stealing US Tech — Until the FBI Started a Sabotage Campaign
FBI’s LockBit Takedown Postponed a Ticking Time Bomb in Fulton County, Ga. – Krebs on Security
FBI’s LockBit Takedown Postponed a Ticking Time Bomb in Fulton County, Ga. – Krebs on Security
The FBI’s takedown of the LockBit ransomware group last week came as LockBit was preparing to release sensitive data stolen from government computer systems in Fulton County, Ga. But LockBit is now regrouping, and the gang says it will publish the stolen Fulton County data on March 2 unless paid a ransom. LockBit claims the cache includes documents tied to the county’s ongoing criminal prosecution of former President Trump, but court watchers say teaser documents published by the crime gang suggest a total leak of the Fulton County data could put lives at risk and jeopardize a number of other criminal trials
#krebsonsecurity#EN#2024#lockbit#Fulton-County#leak#Trump#FBI#claim
·krebsonsecurity.com·
FBI’s LockBit Takedown Postponed a Ticking Time Bomb in Fulton County, Ga. – Krebs on Security