Les Bell
Blog entry by Les Bell
Welcome to today's daily briefing on security news relevant to our CISSP (and other) courses. Links within stories may lead to further details in the course notes of some of our courses, and will only be accessible if you are enrolled in the corresponding course - this is a shallow ploy to encourage ongoing study. However, each item ends with a link to the original source.
News Stories
German and Ukrainian Police Bust DoppelPaymer Ransomware Gang
In late February, the German Regional Police (Landeskriminalamt Nordrhein-Westfalen) and the Ukrainian National Police (Націона́льна полі́ція Украї́ни), arrested suspected core members of the DoppelPaymer ransomware threat actor. The gang, which has ties to Russia, has been extorting large companies since 2019 - its most prominent victims include the UK's National Health Service and Duesseldorf University Hospital, the latter case resulting in the death of a woman who had to be urgently taken to another city for treatment.
Dirk Kunze, head of the cybercrime department of the North Rhine-Westphalia state police, said at least 601 victims had been identified worldwide, with US victims having paid at least $US42.5 million between May 2019 and March 2021. The group specialized in "big game hunting" and operated a professional recruitment operation, asking candidates for references for past cybercrimes and offering 'employees' paid vacations.
German offcers raided the house of a German national who is believed to have been a key player in the group, and seized equipment which is being analyzed in order to determine his exact role. Ukrainian police officers interrogated a Ukrainian national following a simultaneous raid, and also searched two locations in Kiev and Kharkiv, seizing electronic equipment for forensic examination.
Three further suspects are beyond the reach of European law enforcement: Russian citizens Igor Turashev, 41, and Irina Zemlyanikina, 36, as well as Igor Garsin, 31, who was born in Russia but whose nationality is unknown. Turashev is also wanted by US authorities for his part in attacks carried out with BitPaymer, a predecessor to DoppelPaymer.
Europol Media Office, Germany and Ukraine hit two high-value ransomware targets, media release, 6 March 2023. Available online at https://www.europol.europa.eu/media-press/newsroom/news/germany-and-ukraine-hit-two-high-value-ransomware-targets.
Jordans, Frank, European police, FBI bust international cybercrime gang, news report, 6 March 2023. Available online at https://apnews.com/article/germany-russia-europol-fbi-cybercrime-ukraine-ransomware-f0652c5ef0a281738a50ee02e4191413.
Intensive Spam Campaign Gets Woman Arrested
A Sydney woman was arrested by the Australian Federal Police at her home on 1 March, appearing before Penrith Local Court the following day where she was bailed to reappear on 11 April 2023. What got her arrested was a spamming campaign in which she is alleged to have used multiple domains to send - wait for it - 32,397 emails over a 24-hour period until she was arrested. That's more than an email every three seconds; isn't automation wonderful?
An ordinary spam campaign would not have triggered such rapid action, but all these emails were sent to the office of a Commonwealth Member of Parliament (hence the AFP taking an interest). The volume of emails impaired workers from operating office systems and prevented members of the public making contact with the office.
The woman was charged with one count of committing unauthorised impairment of electronic communication, contrary to section 477.3 of the Criminal Code Act 1995 (Cth). The maximum penalty for this offence is 10 years’ imprisonment. Further charges have not been ruled out.
AFP Media, Woman charged for alleged cyber-attack against Federal MP, media release, 2 March 2023. Available online at https://www.afp.gov.au/news-media/media-releases/woman-charged-alleged-cyber-attack-against-federal-mp.
These news brief blog articles are collected at https://www.lesbell.com.au/blog/index.php?courseid=1. If you would prefer an RSS feed for your reader, the feed can be found at https://www.lesbell.com.au/rss/file.php/1/dd977d83ae51998b0b79799c822ac0a1/blog/user/3/rss.xml.
Copyright to linked articles is held by their individual authors or publishers. Our commentary is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License and is labeled TLP:CLEAR.