杭州江阴科强工业胶带有限公司 https://securityaffairs.com/category/deep-web Read, think, share … Security is everyone's responsibility Thu, 26 Sep 2024 10:49:31 +0000 en-US hourly 1 29506073 杭州江阴科强工业胶带有限公司 https://securityaffairs.com/168912/deep-web/3000-congressional-staffers-data-leaked-dark-web.html Thu, 26 Sep 2024 05:03:30 +0000 https://securityaffairs.com/?p=168912

The personal information of over 3,000 congressional staffers was leaked on the dark web following a major cyberattack on the U.S. Capitol.

The personal information of approximately 3,191 congressional staffers has been leaked on the , according to . The leaked data includes passwords, IP addresses, and social media information.

The Washington Times first reported that the researchers found over 1,800 passwords used by staffers in Congress available on the dark web.

Almost 1 in 5 congressional staffers had personal information exposed on the dark web. Nearly 300 staffers had their data compromised across more than 10 different incidents.

Congressional staffers’ data originated from various sources, including social media, dating apps, and adult websites. The experts reported the case of a single staffer who had 31 passwords exposed.Bad habits are the root cause of the leaks, staffers used their official email addresses to sign up for third-party services that were later compromised.

“Many of these leaks likely occurred because staffers used their official email addresses to sign up for various services, including high-risk sites such as dating and adult websites, which were later compromised in data breaches,” . “This situation highlights a critical security lapse, where sensitive work-related emails became entangled with less secure, third-party platforms.”

Proton announced the release of additional findings in the coming weeks to prevent any interference during the shortcoming Presidential election.

“The volume of exposed accounts among U.S. political staffers is alarming, and the potential consequences of compromised accounts could be severe.” said Proton’s head of account security Eamonn Maguire. “Vigilance and strict security measures are essential to safeguard personal and national security.”

The company has already contacted all affected congressional staffers and notified them.

In June, another joint investigation conducted by Proton and Constella Intelligence revealed that personal information of hundreds of British and EU politicians is available on dark web marketplaces.

According to the research, the email addresses and other sensitive information of 918 British MPs, European Parliament members, and French deputies and senators are available in the dark web marketplaces. 40% of 2,280 official government email addresses from the British, European, and French Parliaments were exposed, including passwords, birth dates, and other details.

Most leaked data email addresses belong to British MPs (68%), followed by EU MEPs (44%).

Follow me on Twitter:  and  and Mastodon

(SecurityAffairs – hacking, U.S. Capitol)

]]>
168912
杭州江阴科强工业胶带有限公司 https://securityaffairs.com/168177/cyber-crime/feds-indicted-admins-wwh-club-marketplace.html Sun, 08 Sep 2024 13:59:58 +0000 https://securityaffairs.com/?p=168177

Russian And Kazakhstani men indicted for operating the Dark Web cybercriminals marketplace WWH Club and other crime forums and markets.

Alex Khodyrev (35) from Kazakhstan) and Pavel Kublitskii (37) from Russia have been indicted in Tampa, Florida, for conspiracy to commit access device fraud and wire fraud.

Between 2014 and 2024, the duo the dark web marketplace WWH Club (wwh-club[.]ws) which focused on selling stolen personal data and conducting illegal activities. WWH Club had over 353,000 users by 2023 and offered courses on fraud and cybercrime, generating profits through membership and tuition fees.

Khodyrev and Kublitskii were also the administrators of many similar websites, including marketplaces, forums, and training centers to enable cybercrime.

The indictment also notifies Alex Khodyrev and Pavel Kublitskii of the seizure respectively of a 2023 Mercedes-Benz G63 AMG and a 2020 Cadillac CT5 Sport sedan. The two vehicles were likely paid with the proceeds of their alleged crimes.

“WWH Club and sister site members used the marketplaces to buy and sell stolen personal identifying information (PII), credit card and bank account information, and computer passwords, among other sensitive information. On the forums of WWH Club and its sister sites, users discussed best practices for committing frauds, launching cyberattacks, and evading law enforcement, among other topics.” reads the published by DoJ. “WWH Club also offered online courses that taught aspiring and active cyber criminals how to commit frauds.”

As of 2023, WWH marketplace had around 353,000 global users. Khodyrev, Kublitskii, and other co-administrators profited from membership fees, tuition, and advertising. Before their arrest and indictment, the two men had been living in Miami for two years while secretly operating WWH Club and related dark web platforms.

In January 2023, an undercover FBI agent in Florida registered for an account on the WWH dark web marketplace and paid about $1,000 in Bitcoin to attend a training session. The training, held online via chat had around 50 participants and covered methods for obtaining and using stolen credit card data and personal information for fraudulent purposes. The instructors also promoted tools and services available on WWH that could help users carry out criminal activities.

If convicted, each could face up to 20 years in prison.

Despite the arrests of Khodyrev and Kublitskii, the WWH dark web marketplace remains active. Current administrators claim the two men were merely moderators without administrative control. However, the US authorities believe that the two men had a key role in the administration of the marketplace.

Follow me on Twitter:  and  and Mastodon

(SecurityAffairs – hacking, WWH Club)

]]>
168177
杭州江阴科强工业胶带有限公司 https://securityaffairs.com/167146/deep-web/russian-national-sentenced-40-months.html Fri, 16 Aug 2024 17:56:33 +0000 https://securityaffairs.com/?p=167146

A Russian national was sentenced to over three years in prison for selling stolen information and credentials on a dark web marketplace.

The 27-year-old Russian national Georgy Kavzharadze (also known as “George,” “TeRorPP,” “Torqovec,” and “PlutuSS”) has been sentenced to over three years in prison for selling financial information, login credentials, and other personal data on the dark web marketplace, .

In June 2021, the US Department of Justice announced the seizure of the infrastructure of SlilPP. The seizure is the result of a multinational operation involving law enforcement agencies in the United States, Germany, the Netherlands, and Romania.

The marketplace had been active since 2012, it was allowing sellers to offer stolen login credentials, including usernames and passwords for bank accounts, online payment accounts, mobile phone accounts, retailer accounts, and other online accounts.

According to the DOJ, more than 80 million login credentials from more than 1,400 companies were sold through the SlilPP portal.

Kavzharadze to conspiracy to commit bank and wire fraud on February 16, 2024. The Russian man was sentenced to 40 months in prison and ordered to pay $1,233,521.47 in restitution.

Between July 2016 and May 2021, Kavzharadze listed over 626,100 stolen login credentials on Slilpp and sold more than 297,300 of them. These credentials were linked to $1.2 million in fraudulent transactions.

“According to court documents, between July 2016 and May 2021, Kavzharadze, using the name “TeRorPP,” listed over 626,100 stolen login credentials for sale on Slilpp and sold more than 297,300 of them on the illegal marketplace. Those credentials were subsequently linked to $1.2 million in fraudulent transactions. On May 27, 2021, Kavzharadze’s account on Slilpp listed 240,495 login credentials for sale that would allow the buyer to use the information to steal money from the victim’s online payment and bank accounts.” reads the published by DoJ. “The credentials included access to accounts with banks located in New York, California, Nevada, and Georgia. Kavzharadze accepted Bitcoin as payment for the credentials. An FBI analysis connected Kavzharadze to withdrawals of more $200,000 in Slilpp profits from his Bitcoin account.”

Prosecutors believe that the man has made at least $200,000 in illegal profits from the sale of stolen credentials.

On August 24, 2021, Kavzharadze was charged with multiple crimes, including conspiracy to commit bank and wire fraud, and was later extradited to the U.S. He made his initial court appearance on May 18, 2022, and has been detained since his extradition.

Follow me on Twitter:  and  and Mastodon

(SecurityAffairs – hacking, Russian national Georgy Kavzharadze)

]]>
167146
杭州江阴科强工业胶带有限公司 https://securityaffairs.com/164619/deep-web/empire-market-owners-charged.html Mon, 17 Jun 2024 21:34:28 +0000 https://securityaffairs.com/?p=164619

Federal authorities charged two individuals with operating the dark web marketplace Empire Market that facilitated over $430 million in illegal transactions.

Two men, Thomas Pavey (aka “Dopenugget”) and Raheim Hamilton (aka “Sydney” and “Zero Angel”), have been charged in federal court in Chicago for operating the dark web marketplace “” from 2018 to 2020.

According to the , the duo was previously involved in selling counterfeit U.S. currency on before starting Empire Market.

The two men are accused of having facilitated over four million transactions for a total value of more than $430 million, involving illegal goods and services. The authorities charged them with various crimes, including drug trafficking, computer fraud, access device fraud, counterfeiting, and , which carry a maximum sentence of life in federal prison. Pavey and Hamilton are currently in U.S. law enforcement custody, with arraignments yet to be scheduled.

“THOMAS PAVEY, also known as “Dopenugget,” 38, of Ormond Beach, Fla., and RAHEIM HAMILTON, also known as “Sydney” and “Zero Angel,” 28, of Suffolk, Va., owned and operated Empire Market from 2018 to 2020, during which time they facilitated approximately four million transactions between vendors and buyers valued at more than $430 million, according to a superseding indictment returned Thursday in U.S. District Court in Chicago.” reads the published by DoJ. “They began operating Empire Market on Feb. 1, 2018, the indictment states.”

The dark web marketplace Empire Market featured multiple categories of illicit goods such as illegal drugs, counterfeit items, Software & Malware, and credit card numbers, it allowed its users to pay using Bitcoin (BTC), Monero (XMR), and Litecoin (LTC).

The dark web marketplace shut down in 2020, leaving users without time to withdraw funds from their escrow accounts, at the time some users blamed a prolonged denial-of-service (DDoS) attack, while others suspected an exit scam.

The two operators used cryptocurrency to conceal the nature and identities involved in the illicit transactions and encouraged users to use “, which mix and exchange cryptocurrencies to obscure their origin and connection to the marketplace.

During the investigation, the feds seized $75 million worth of cryptocurrency at the time of the seizures, as well as cash and precious metals.

Pavey and Hamilton face charges for five counts:

  • Conspiracy to sell counterfeit U.S. currency on AlphaBay.
  • Conspiracy to distribute controlled substances through Empire Market.
  • Conspiracy to possess unauthorized access devices.
  • Conspiracy to sell counterfeit currency on Empire Market.
  • Conspiracy to commit money laundering to conceal proceeds from illegal activities.

The two men can face a maximum sentence of life in federal prison.

Follow me on Twitter:  and  and Mastodon

(SecurityAffairs – hacking, Empire Market)

]]>
164619
杭州江阴科强工业胶带有限公司 https://securityaffairs.com/164441/data-breach/cylance-data-sale.html Tue, 11 Jun 2024 18:15:58 +0000 https://securityaffairs.com/?p=164441

A threat actor is selling the data belonging to BlackBerry’s Cylance cybersecurity unit, he demanded $750,000.

A threat actor, that goes online with the moniker Sp1d3r, is selling the stolen data for $750,000. The data includes 34 million customer and employee emails, customer / prospect email and PII, products used by organizations, sales prospect list with activity status, Cylance partners list and users list.

BlackBerry told several media outlets that it’s aware of the potential data breach and is investigating the alleged incident.

The company states that data was stolen from a third-party platform and appears to be old.

“Based on our initial reviews of the data in question, no current Cylance customers are impacted, and no sensitive information is involved,” . “The data in question was accessed from a third-party platform unrelated to BlackBerry and appears to be from 2015-2018, predating BlackBerry’s acquisition of the Cylance product portfolio.”

“We continue to monitor this situation closely and will take all necessary precautions to maintain the integrity of our products and systems and the trust of our customers,” it added

While several experts believe attackers may have obtained the data from the cloud data platform Snowflake, Cylance pointed out that it is currently not a Snowflake customer.

Follow me on Twitter:  and  and Mastodon

(SecurityAffairs – hacking, data breach)

]]>
164441
杭州江阴科强工业胶带有限公司 https://securityaffairs.com/164036/deep-web/info-european-politicians-dark-web.html Mon, 03 Jun 2024 07:08:26 +0000 https://securityaffairs.com/?p=164036

Personal information of hundreds of British and EU politicians is available on dark web marketplaces.

According to research conducted by Proton and Constella Intelligence, the email addresses and other sensitive information of 918 British MPs, European Parliament members, and French deputies and senators are available in the dark web marketplaces. 40% of 2,280 official government email addresses from the British, European, and French Parliaments were exposed, including passwords, birth dates, and other details.

Most leaked data email addresses belong to British MPs (68%), followed by EU MEPs (44%).

The researchers pointed out that French deputies and senators had the best security, with only 18% of searched emails in cybercrime forums and dark marketplaces.

Many of these MPs, MEPs, deputies, and senators hold senior positions, including heads of committees, government ministers, and senior opposition leaders. These politicians have access to highly sensitive information, and particularly alarming is that several of them are currently, or have previously been, members of committees tasked with overseeing and enforcing national and international digital strategies.

The presence of the emails on dark web shows that politicians used their official emails to create an account on third-party web services that suffered a data breach.

“The fact that these emails, which are publicly available on government websites, are on the dark web isn’t a security failure by itself. Nor is it evidence of a hack of the British, European, or French parliaments.” . “Instead, it shows that politicians used their official email addresses to set up accounts on third-party websites (which were later hacked or suffered a breach), putting themselves and the information they’re entrusted to keep safe needlessly at risk.” 

Even more concerning is that researchers were able to match these email addresses with 697 plain text passwords. The experts notified impacted politician, they pointed out that if a politician reused one of these exposed passwords for their official email account, it could also be at risk.

It’s a miracle if British MPs were not involved in major scandals due to account takeovers, because 68% of searched email addresses were found on the dark web, including senior figures from both the government and the opposition. MPs’ email addresses were exposed a total of 2,110 times on the dark web, the researchers noticed that the most frequently targeted MP experiencing up to 30 breaches. On average, breached MPs had their details show up in 4.7 breaches.

The member of the European Parliament experienced fewer breaches compared to their British counterparts, but nearly half of the emails searched were found on the dark web. Out of 309 MEPs exposed, 92 were involved in 10 or more leaks. EU politicians had their email addresses exposed 2,311 times, along with 161 plaintext passwords. This raises concerns, as the European Parliament has increasingly become a target of state-sponsored attacks and acknowledges its lack of preparedness.

Impacted politicians have used their official email addressed to create accounts several sites, including LinkedIn, Adobe, Dropbox, Dailymotion, petition websites, news services, and even, in a small number of cases, dating websites.

“Even if a hostile takeover of one of these accounts won’t grant an attacker (or foreign government) access to state secrets, it could reveal that politician’s private communications or other sensitive data. Attackers could then use this information to phish or blackmail the politicians.” concludes the report.

“And this is the best possible scenario. If a breached politician reused a password that was exposed on the dark web on one of their official accounts (and failed to use ), it could let attackers into government systems. “

Follow me on Twitter:  and  and Mastodon

(SecurityAffairs – hacking, dark web)

]]>
164036
杭州江阴科强工业胶带有限公司 https://securityaffairs.com/161888/cyber-crime/ransomware-dark-angels-nexperia.html Tue, 16 Apr 2024 07:08:46 +0000 https://securityaffairs.com/?p=161888

The Dark Angels (Dunghill) ransomware group claims the hack of the chipmaker Nexperia and the theft of 1 TB of data from the company.

The Dark Angels (Dunghill) ransomware group claims responsibility for hacking chipmaker Nexperia and stealing 1 TB of the company’s data.

is a semiconductor manufacturer headquartered in Nijmegen, the Netherlands. It is a subsidiary of the partially state-owned Chinese company Wingtech Technology. It has front-end factories in Hamburg, Germany, and Greater Manchester, England. The company’s product range includes bipolar transistors, diodes, ESD protection, TVS diodes, MOSFETs, and logic devices.

The chipmaker has 14,000 employees as of 2024.

The Dark Angels ransomware group added Nexperia to the list of victims on its Tor leak site. According to the announcement, the stolen data includes:

- 285 Gb of quality control data
- 24 Gb - 896 client folders, many famous brands like SpaceX, IBM, Apple, Huawei, etc.
- 139 Gb project data, very detailed and highly confidential: NDA, internal documents, trade secrets, design, specifications, manufacturing
- 49 Gb industrial production data and instructions
- Assessment of the product's competitiveness in comparison with competitors
- 45 Gb engineers' experience and studies
- 20 Gb product management
- 201 Gb semiconductor manufacturing technologies
- 70 Gb semiconductor commercial marketing data
- 26 Gb pricing, analysis, price books
- 20 Gb HR department, employee data, personal data, passports, contracts, diplomas, salaries, insurance.
- 18 Gb .dwg - 38295 pcs - drawings and schematics of chips, microchips, transistors, etc. All data is confidential, contains trade secrets.
- 30 Gb user data
- production line settings
- repository with equipment configures
- 26 Gb machine operation logs
- 1.2 Gb AWACS software
- 13 Gb .esm files
- 1.9 Gb .job files
- 3 Gb .svn-base
- 101 Gb - .pst files
- 1.5 Gb - NDA

The group published a set of files as proof of the security breach and threatens leak all the stolen data if the victim will not pay the ransom. 

The chipmaker confirmed it became aware of the unauthorized access to certain Nexperia IT servers in March 2024.

In response to the incident, the company disconnected the affected systems from the internet to prevent the threat from spreading. The Nexperia launched an investigation into the security breach with the help of third-party cybersecurity experts.

“we have reported the incident to the competent Authorities, including the ‘Autoriteit Persoonsgegevens’ and the police, and are keeping them informed of the progress of our investigation.” reads the published by the company. “Together with our external cybersecurity expert FoxIT, Nexperia continues to investigate the full extent and impact of the matter and we are closely monitoring the developments. In the interest of the ongoing investigation, we cannot disclose further details at this point.”

In September 2023, the Dark Angels ransomware group Johnson Controls and demanded a $51 million ransom.

(SecurityAffairs – hacking, Nexperia )

Follow me on Twitter:  and  and Mastodon

]]>
161888
杭州江阴科强工业胶带有限公司 https://securityaffairs.com/160930/cyber-crime/german-police-seized-nemesis-market.html Sat, 23 Mar 2024 08:45:10 +0000 https://securityaffairs.com/?p=160930

The German police seized the infrastructure of the darknet marketplace Nemesis Market disrupting its operation.

An operation conducted by the Federal Criminal Police Office in Germany (BKA) and the Frankfurt cybercrime combating unit (ZIT) led to the seizure of the infrastructure of the darknet marketplace Nemesis Market in Germany and Lithuania.

“On Wednesday , the Frankfurt am Main Public Prosecutor’s Office – Central Office for Combating Internet Crime ( ZIT ) – and the Federal Criminal Police Office ( BKA ) secured the server infrastructure of the global illegal darknet marketplace “Nemesis Market” located in Germany and Lithuania and thus closed it.” reads the press release published by the German BKA.

The international operation was conducted in coordination between German, American and Lithuanian law enforcement authorities.

The law enforcement confiscated about 94,000 euros worth of cryptocurrencies.

The Nemesis Market has been active since 2021, its offerings included illegal drugs and narcotics, stolen data and credit cards, as well as a selection of cybercrime services such as ransomware , phishing or DDoS attacks.

The Nemesis Market recently reached over 150,000 users and over 1,100 seller accounts registered worldwide. The investigation revealed that almost 20 percent were seller accounts from Germany.

The Nemesis Market marketplace currently displays the following banner informing visitors that the site has been seized by law enforcement.

The police will use the data obtained from the seized infrastructure to identify and persecute platform sellers and users.

The German police is very active and efficient, in early March, the Düsseldorf Police that a large-scale international law enforcement operation led to the seizure of the largest German-speaking cybercrime marketplace .

Crimemarket was a prominent platform for trading illegal drugs, narcotics, and cybercrime services. Operators were also offering tutorials for several criminal activities.

In December 2023, the Federal Criminal Police Office in Germany (BKA) and the internet-crime combating unit of Frankfurt (ZIT), along with law enforcement agencies from multiple countries (United States, Switzerland, Moldova, and Ukraine), .

Follow me on Twitter:  and  and Mastodon

(SecurityAffairs – hacking, Nemesis Market)

]]>
160930
杭州江阴科强工业胶带有限公司 https://securityaffairs.com/159918/data-breach/chunghwa-telecom-data-breach.html Mon, 04 Mar 2024 08:59:32 +0000 https://securityaffairs.com/?p=159918

Threat actors stole sensitive and confidential data from the telecom giant Chunghwa Telecom Company, revealed the Ministry of National Defense.

, Ltd. (literally Chinese Telecom Company) is the largest integrated telecom service provider in Taiwan, and the incumbent local exchange carrier of PSTN, Mobile, and broadband services in the country.

Threat actors stole sensitive information from the company, including military and government documents, revealed Taiwan’s Defense Ministry. Threat actors claim they have stolen 1.7 TeraBytes of data” that included government contracts.

Leaked data, including a contract between the Navy and Chunghwa Telecom, are available for sale on a hacking forum, Broadcaster TVBS first reported.

“The initial analysis of this case is that hackers obtained Chunghwa Telecom’s sensitive information and sold it on the dark web, including documents from the army, Ministry of Foreign Affairs, Coast Guard Administration and other units,” . “We have asked the contractor involved to strengthen its information security control to prevent any further incidents.”

Taiwan’s Defence Ministry pointed out that the leaked data, including contracts, did not contain confidential information.

“Currently, there is no significant impact on the Company’s operations,” reads a statement published by the company.

“Government officials have said that persistent cyber threats are a form of “grey zone harassment” engaged in by China on a near-daily basis, including flying warplanes around the island and sending vessels to its surrounding waters.” AFP agency.

Taiwan was a top target of cyber attacks ahead of the national elections. Cybersecurity experts attribute the vast majority of these attacks to China-linked threat actors. The country continues to be the target of an impressive number of cyber espionage campaigns.

Follow me on Twitter:  and 

(SecurityAffairs – hacking, Chunghwa Telecom)

]]>
159918
杭州江阴科强工业胶带有限公司 https://securityaffairs.com/159813/cyber-crime/germany-police-seized-crimemarket.html Fri, 01 Mar 2024 19:38:32 +0000 https://securityaffairs.com/?p=159813

German police seized the largest German-speaking cybercrime marketplace Crimemarket and arrested one of its operators.

The Düsseldorf Police announced that a large-scale international law enforcement operation led to the seizure of the largest German-speaking cybercrime marketplace.

“Under the direction of the North Rhine-Westphalia Cybercrime Central and Contact Office (ZAC NRW), an investigative commission at the Düsseldorf Police Headquarters has been collecting evidence for years about crimes relating to the criminal platform “Crimemarket”.” reads the press release published by the German police. “Based on the usual structure of legal digital marketplaces, narcotics, criminal services, but also detailed instructions on serious crimes were sold in various categories. In addition to the operators, the investigations are directed against both the providers operating through this marketplace and against users.”

The investigation lasted several years during which the police performed numerous searches. The authorities arrested six individuals, including an alleged operator of the marketplace. The police seized numerous pieces of electronic equipment, including cell phones, IT devices and data carriers. In 21 cases, officers in North Rhine-Westphalia seized narcotics, including 1 kilogram of marijuana and various ecstasy tablets. The authorities also seized almost 600,000 euros in cash and movable assets.

Crimemarket was a prominent platform for trading illegal drugs, narcotics, and cybercrime services. Operators were also offering tutorials for several criminal activities.

During the seizure, the marketplace had more than 180,000 registered users. The platform was accessible through both the “Darknet” and the “Clearnet.

“On Thursday, February 29, 2024, a total of 102 search warrants were executed nationwide at the same time in the evening. The local focus of the measures was primarily in North Rhine-Westphalia with 36 search objects. A total of three people were arrested here, including the 23-year-old main suspect at his home address in the Rhine district of Neuss (Korschenbroich).” reads the press release published by the Düsseldorf Police. “A total of three more people were arrested in police measures in other federal states, which were initiated by the police there.”

The investigation is still ongoing, the police plan to identify and target the users of the platform. 

Follow me on Twitter:  and 

(SecurityAffairs – hacking, Crimemarket)

]]>
159813