{"id":13615,"date":"2024-05-18T07:00:00","date_gmt":"2024-05-18T04:00:00","guid":{"rendered":"https:\/\/forklog.com\/en\/cybersecurity-highlights-pink-drainers-closure-fbis-breachforums-seizure-and-more\/"},"modified":"2024-05-18T07:00:00","modified_gmt":"2024-05-18T04:00:00","slug":"cybersecurity-highlights-pink-drainers-closure-fbis-breachforums-seizure-and-more","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/cybersecurity-highlights-pink-drainers-closure-fbis-breachforums-seizure-and-more\/","title":{"rendered":"Cybersecurity Highlights: Pink Drainer&#8217;s Closure, FBI&#8217;s BreachForums Seizure, and More"},"content":{"rendered":"<p>Here are the week&#8217;s most significant cybersecurity news stories.<\/p>\n<div class=\"wp-block-text-wrappers-keypoints article_keypoints\">\n<ul class=\"wp-block-list\">\n<li>The phishing service Pink Drainer has announced its closure.<\/li>\n<li>In the US, members of a gang were arrested for laundering $73 million through USDT.<\/li>\n<li>The FBI arrested BreachForums administrators and seized the forum&#8217;s website and Telegram channel.<\/li>\n<li>In Russia, illegal P2P operations involving Ozon wallets have increased.<\/li>\n<\/ul>\n<\/div>\n<h2 class=\"wp-block-heading\"><strong>Phishing Service Pink Drainer Announces Closure<\/strong><\/h2>\n<p>The developers of the popular cryptocurrency wallet phishing service Pink Drainer have decided to shut down their infrastructure. On-chain researcher ZachXBT highlighted this development.<\/p>\n<p><script async src=\"https:\/\/telegram.org\/js\/telegram-widget.js?22\" data-telegram-post=\"investigations\/125\" data-width=\"100%\"><\/script><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cWe have achieved our goal, and now, as planned, it is time for us to retire. After this message is published, we will begin dismantling our infrastructure. All stored information will be erased and securely destroyed,\u201d the group stated.<\/p>\n<\/blockquote>\n<p>Pink Drainer operated as a <span data-descr=\"phishing as a service\" class=\"old_tooltip\">PhaaS<\/span> platform, providing cybercriminals with tools to steal cryptocurrency through social engineering and phishing links. The developers charged fees and a percentage of the stolen funds as payment.<\/p>\n<p>According to <a href=\"https:\/\/dune.com\/scamsniffer\/pinkdrainer-stats\">ScamSniffer<\/a>, Pink Drainer was involved in the theft of digital assets worth $85 million from over 21,000 victims.<\/p>\n<h2 class=\"wp-block-heading\"><strong>US Arrests Gang Members for Laundering $73 Million via USDT<\/strong><\/h2>\n<p>US law enforcement <a href=\"https:\/\/www.justice.gov\/opa\/pr\/two-foreign-nationals-arrested-laundering-least-73m-through-shell-companies-tied\">arrested<\/a> two Chinese nationals, Daren Lee and Yichen Zhang, who allegedly orchestrated a scheme to launder funds obtained through cryptocurrency investment fraud.<\/p>\n<p>According to the indictment, the defendants, part of an \u201cinternational syndicate,\u201d funneled over $73 million through US financial institutions to domestic and international bank accounts, later converting the funds into USDT.<\/p>\n<p>The cryptocurrency wallet used in the scheme received over $341 million in various assets.<\/p>\n<p>Lee and Zhang were charged with conspiracy and six counts of international money laundering, each carrying a potential 20-year prison sentence.<\/p>\n<h2 class=\"wp-block-heading\"><strong>FBI Seizes BreachForums, Arrests Administrators<\/strong><\/h2>\n<p>On May 15, the FBI confiscated servers and domains of the hacker forum BreachForums, known for publishing various leaks. <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/fbi-seize-breachforums-hacking-forum-used-to-leak-stolen-data\/\">Bleeping Computer<\/a> reported this development.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-eu.googleusercontent.com\/V8Hp1Da4-DODd5KowF4QlgKRH8xSc9AdP9UnCyJsOyOzw9AsWjfs3DWcm3egRkefoYxMWl5MDamNOXNlR64toxYxEopLNRo-yNanIBrztpljsHLyRFNbgJDOuO-6lKcT-nnCD_JsFiqM4fpiJMKwKpk\" alt=\"Cybersecurity Highlights: Pink Drainer's Closure, FBI's BreachForums Seizure, and More\"\/><figcaption class=\"wp-element-caption\">Source: Bleeping Computer.<\/figcaption><\/figure>\n<p>The placeholder banner depicted avatars of two site administrators, Baphomet and ShinyHunters, overlaid with prison bars.<\/p>\n<p>Additionally, authorities seized the BreachForums Telegram channel and chat. They made a corresponding post under the Baphomet account, suggesting the seizure of his devices.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-eu.googleusercontent.com\/DWfwEXrjx15MVEtzoStwsZaAQS8PF6jWgk9tg0D4YddfaaAwiqM0etfb6vhZzzVOUzRV6PLkblTzpcIjxQ66vxxWpze2viPChGqivMOL4K2kThwNwQEu_HcQldnjF9pOFUXYN1GyR8ySAYD7Itu1RW8\" alt=\"Cybersecurity Highlights: Pink Drainer's Closure, FBI's BreachForums Seizure, and More\"\/><figcaption class=\"wp-element-caption\">Source: BleepingComputer<\/figcaption><\/figure>\n<p>The FBI continues to investigate cybercriminal activities on BreachForums and its predecessor RaidForums, urging all victims and witnesses to <a href=\"https:\/\/breachforums.ic3.gov\/\">provide information<\/a> on the case.<\/p>\n<p>US law enforcement shut down BreachForums in March 2023. Its creator and administrator, Conor Brian Fitzpatrick (Pompompurin), was sentenced to <a href=\"https:\/\/u1f987.com\/en\/news\/cryptocurrency-scams-on-telegram-mass-surveillance-in-switzerland-and-other-cybersecurity-events\">20 years of supervised probation<\/a>.<\/p>\n<p>At the end of June, the FBI gained control over the forum&#8217;s backup domain on the clear web. Nevertheless, BreachForums continued to operate by changing sites.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Illegal P2P Operations with Ozon Wallets Surge in Russia<\/strong><\/h2>\n<p>Criminals have increasingly used Ozon electronic wallets for illegal operations. Reports of buying and selling verified marketplace accounts for P2P transfers tripled from February to April, according to <a href=\"https:\/\/www.forbes.ru\/tekhnologii\/512047-ozonovye-dyry-kosel-ki-ozon-stali-ispol-zovat-dla-nelegal-nyh-p2p-operacij\">Forbes<\/a>, citing Angara Security.<\/p>\n<p>Ozon electronic wallets are freely sold on Telegram and the dark web for an average price of 2599 rubles.<\/p>\n<p>Additionally, criminals sell databases with legitimate user data or exploit the service&#8217;s feature to link a digital card to an anonymous account, which only requires a SIM card from any operator for registration.<\/p>\n<p>Access to Ozon Bank&#8217;s personal accounts ranges from 500 to 10,000 rubles, depending on the wallet&#8217;s status, verification method, account block risk, and the volume of data available to the buyer.<\/p>\n<h2 class=\"wp-block-heading\"><strong>American and Ukrainian Charged with Aiding North Korean IT Workers<\/strong><\/h2>\n<p>US authorities <a href=\"https:\/\/www.justice.gov\/usao-dc\/pr\/charges-and-seizures-brought-fraud-scheme-aimed-denying-revenue-workers-associated-north\">arrested<\/a> American Kristina Marie Chapman and Ukrainian Oleksandr Didenko for separately assisting North Korean IT specialists in securing employment and conducting payment operations.<\/p>\n<p>According to Chapman&#8217;s case, from October 2020 to October 2023, she managed a \u201claptop farm\u201d used by North Korean citizens to secure remote work at over 300 US firms, presenting fake documents to employers. The scheme earned foreigners at least $6.8 million.<\/p>\n<p>Didenko, in turn, controlled approximately 871 proxy servers and provided accounts to three freelance IT hiring platforms and three money service providers. Since July 2018, he processed transactions totaling $920,000.<\/p>\n<p>Both defendants face charges of conspiracy to defraud the US, aggravated identity theft, money laundering, and various fraud offenses.<\/p>\n<p>Chapman faces up to 97.5 years in prison, while Didenko faces up to 67.5 years.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Russian Hackers Deploy New Backdoors Against European Government<\/strong><\/h2>\n<p>ESET researchers have discovered two new backdoors, LunarWeb and LunarMail, used by Russian hackers, allegedly the Turla group, to breach the Ministry of Foreign Affairs of an unnamed European country with diplomatic missions in the Middle East.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/ESETresearch?src=hash&#038;ref_src=twsrc%5Etfw\">#ESETresearch<\/a> has discovered the Lunar toolset, two previously unknown backdoors (which we named <a href=\"https:\/\/twitter.com\/hashtag\/LunarWeb?src=hash&#038;ref_src=twsrc%5Etfw\">#LunarWeb<\/a> and <a href=\"https:\/\/twitter.com\/hashtag\/LunarMail?src=hash&#038;ref_src=twsrc%5Etfw\">#LunarMail<\/a>) possibly linked to Turla, compromising a European MFA and its diplomatic missions abroad. <a href=\"https:\/\/t.co\/VnCsGTidwr\">https:\/\/t.co\/VnCsGTidwr<\/a> 1\/6<\/p>\n<p>\u2014 ESET Research (@ESETresearch) <a href=\"https:\/\/twitter.com\/ESETresearch\/status\/1790676491396612148?ref_src=twsrc%5Etfw\">May 15, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The intrusion occurs via phishing emails containing Word files with malicious macros. The backdoors can remain undetected for extended periods, monitoring user activity and stealing data.<\/p>\n<p>Experts estimate that LunarWeb and LunarMail have been active since at least 2020, targeting government and diplomatic institutions.<\/p>\n<p>Also on ForkLog:<\/p>\n<ul class=\"wp-block-list\">\n<li>Pump.fun lost $1.9 million in an insider attack.<\/li>\n<li>Binance introduced an \u201cantidote\u201d to spoofing scams.<\/li>\n<li>Two brothers in the US were arrested for an Ethereum attack and stealing $25 million.<\/li>\n<li>North Korean hackers laundered $147 million stolen from HTX through Tornado Cash.<\/li>\n<li>In Ukraine, the list of dubious projects expanded to include miners and crypto traders.<\/li>\n<li>Journalists uncovered a hacking attack on hedge fund BlockTower Capital.<\/li>\n<li>A participant in the hacked DEX Cypher admitted to stealing part of the funds.<\/li>\n<li>DeFi protocol Alex Labs lost $4.3 million in a hacking attack.<\/li>\n<li>In China, an underground bank with a turnover of $1.9 billion in USDT was dismantled.<\/li>\n<li>DeFi project Sonne Finance was hacked for $20 million.<\/li>\n<li>A hacker attacked users of the decentralized exchange Equalizer.<\/li>\n<li>Kimsuky deployed new software for attacks on cryptocurrency companies.<\/li>\n<li>ZachXBT speculated on a $14.8 million hack of the Rain bitcoin exchange.<\/li>\n<li>In China, a scheme for illegally withdrawing $295 million through cryptocurrencies was uncovered.<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\"><strong>Weekend Reading Suggestions<\/strong><\/h2>\n<p>In our News+ format, we explain the risks posed by EIP-3074 for Ethereum wallets and Vitalik Buterin&#8217;s proposed alternative to this standard:<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Here are the week&#8217;s most significant cybersecurity news stories. The phishing service Pink Drainer has announced its closure. In the US, members of a gang were arrested for laundering $73 million through USDT. The FBI arrested BreachForums administrators and seized the forum&#8217;s website and Telegram channel. In Russia, illegal P2P operations involving Ozon wallets have [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":13614,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1238,1233],"class_list":["post-13615","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybersecurity-digest","tag-industry-digests"],"aioseo_notices":[],"amp_enabled":true,"views":"68","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/13615","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=13615"}],"version-history":[{"count":0,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/13615\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/13614"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=13615"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=13615"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=13615"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}