{"id":16364,"date":"2024-08-24T07:00:00","date_gmt":"2024-08-24T04:00:00","guid":{"rendered":"https:\/\/forklog.com\/en\/cybersecurity-roundup-arrest-linked-to-lazarus-us-sanctions-on-russian-it-and-more\/"},"modified":"2024-08-24T07:00:00","modified_gmt":"2024-08-24T04:00:00","slug":"cybersecurity-roundup-arrest-linked-to-lazarus-us-sanctions-on-russian-it-and-more","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/cybersecurity-roundup-arrest-linked-to-lazarus-us-sanctions-on-russian-it-and-more\/","title":{"rendered":"Cybersecurity Roundup: Arrest Linked to Lazarus, US Sanctions on Russian IT, and More"},"content":{"rendered":"<p>Here are the week&#8217;s most significant cybersecurity news stories.<\/p>\n<div class=\"wp-block-text-wrappers-keypoints article_keypoints\">\n<ul class=\"wp-block-list\">\n<li>A Russian involved in laundering cryptocurrency for Lazarus was arrested in Argentina.<\/li>\n<li>The US has sanctioned Russian cybersecurity companies.<\/li>\n<li>Experts have identified the creator of Styx Stealer, targeting Bitcoin wallets.<\/li>\n<\/ul>\n<\/div>\n<h2 class=\"wp-block-heading\"><strong>Russian National Arrested in Argentina for Laundering Cryptocurrency for Lazarus<\/strong><\/h2>\n<p>The Argentine Federal Police arrested a 29-year-old Russian citizen in Buenos Aires, accused of laundering cryptocurrency for various criminals, including North Korean hackers Lazarus. The identification of the suspect was aided by the analytics firm <a href=\"https:\/\/www.trmlabs.com\/post\/argentinian-authorities-arrest-russian-national-for-laundering-the-crypto-proceeds-of-illicit-activity\">TRM Labs<\/a>.<\/p>\n<p>According to <a href=\"https:\/\/www.lanacion.com.ar\/seguridad\/investigacion-del-fbi-la-ruta-de-una-ciberestafa-de-norcoreanos-que-termino-en-el-departamento-de-un-nid21082024\/\">La Nacion<\/a>, the accused laundered funds through cryptocurrency exchanges and mixers, then converted assets into fiat. People reportedly visited his apartment daily with bags.<\/p>\n<p>Among other transactions, the Russian handled part of the $100 million stolen from the Horizon cross-chain bridge by Lazarus hackers in the summer of 2022.<\/p>\n<p>Investigations revealed that as of December 18, 2023, the individual had acquired over 1.3 million USDT for Russian rubles and conducted 2,463 cryptocurrency transfers via Binance Pay, totaling more than $4.5 million.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-qw.googleusercontent.com\/docsz\/AD_4nXfQ1rHMrgwwUEB6cuXlNqcd9YCV5_fYqXSiTdK7j_eLR_RixaO3t-zAtKABQwA3wNRlm3uc4BbeK0X0CQbiDdeU37cNrLo8mZIEW6qBiHKCnw94M1YGDZjEZ0L5VqQ2vgNM4aXamA9taO6fRlguL8ODBKnK?key=NCLwcvX7Xo3HrJUlCxAs3w\" alt=\"Cybersecurity Roundup: Arrest Linked to Lazarus, US Sanctions on Russian IT, and More\"\/><figcaption class=\"wp-element-caption\">Source: TRM Labs.<\/figcaption><\/figure>\n<p>Surveillance had been ongoing since November 2023. The suspect changed apartments monthly. His last location was identified with information provided by Binance.<\/p>\n<p>All electronic devices, two cryptocurrency wallets with assets worth $121,000, and $15 million in cash were seized from the apartment.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Experts Identify Creator of Styx Stealer Targeting Bitcoin Wallets<\/strong><\/h2>\n<p>Researchers at Check Point tracked and exposed the developer of the malware Styx Stealer, which targets password theft, system information, browser autofills, Telegram and Discord data, and cryptocurrency wallets. Vulnerable brands include Armory, Atomic, Bytecoin, Coinomi, Jaxx, Electrum, Exodus, and Guarda.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Are you interested in how cybercriminals are exposed? Our latest research reveals a major OpSec fail by the Styx Stealer developer, leading to critical intel that unmasked hackers behind Styx Stealer and one of the Agent Tesla campaigns.<a href=\"https:\/\/t.co\/yLUdOJEcjs\">https:\/\/t.co\/yLUdOJEcjs<\/a><\/p>\n<p>\u2014 Check Point Research (@_CPResearch_) <a href=\"https:\/\/twitter.com\/_CPResearch_\/status\/1824478552571416884?ref_src=twsrc%5Etfw\">August 16, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Styx Stealer is distributed via subscription with payments in cryptocurrencies. Check Point specialists tracked eight wallets associated with the hacker. In just two months\u2014from April to June\u2014these wallets received approximately $9,500 in various coins.<\/p>\n<p>The malware&#8217;s creator was identified as Turkish hacker Sty1x. He inadvertently revealed personal data while debugging the stealer using a Telegram bot token provided by a participant in the Agent Tesla spam campaign.<\/p>\n<p>Researchers gained access to his messenger account, email, and contacts. They also identified 54 clients who used the malware.<\/p>\n<h2 class=\"wp-block-heading\"><strong>US Sanctions Russian Cybersecurity Companies<\/strong><\/h2>\n<p><span data-descr=\"Office of Foreign Assets Control of the US Treasury\" class=\"old_tooltip\">OFAC<\/span> <a href=\"https:\/\/ofac.treasury.gov\/recent-actions\/20240823\">expanded<\/a> sanctions to include 400 Russian legal and physical entities.<\/p>\n<p>The publication <a href=\"https:\/\/kod.ru\/ssha-vvieli-novyie-sanktsii-prosti-400-rossiiskii-iuridichieskikh-i-fizichieskikh-lits\">\u201cDurov\u2019s Code\u201d<\/a> noted that the list includes a significant number of firms related to IT and cybersecurity:<\/p>\n<ul class=\"wp-block-list\">\n<li>Atol;<\/li>\n<li>DiaSoft;<\/li>\n<li>Digital Compliance;<\/li>\n<li>Digital Security Service;<\/li>\n<li>AI Research Institute;<\/li>\n<li>CyberService;<\/li>\n<li>Basalt;<\/li>\n<li>Rustech TD;<\/li>\n<li>Vladimir Radio Communication Design Bureau;<\/li>\n<li>Center for Financial Technologies;<\/li>\n<li>Soft Plus;<\/li>\n<li>Radiofeed Systems;<\/li>\n<li>Radioline;<\/li>\n<li>MTS RED;<\/li>\n<li>CRT;<\/li>\n<li>CRT Soft.<\/li>\n<\/ul>\n<p>Sanctions were also imposed on over a hundred companies from China, UAE, Turkey, and Switzerland, which enabled Russia to circumvent previously imposed restrictions.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Toyota Confirms Customer Data Breach Due to Third-Party Leak<\/strong><\/h2>\n<p>A user named ZeroSevenGroup released a 240 GB archive allegedly obtained from hacking a branch of the automaker Toyota in the US. The perpetrator claims the dump contains employee and customer information, as well as contracts and financial data.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-qw.googleusercontent.com\/docsz\/AD_4nXeSveu7-yiH19DFqjKQH3lQsfjylVBlAfMDeS6ekrijz-03Bc6ojzBeeLOGXjLI_79JK4MAJmE79TP3axQmOvrJ60DMHMq0XOy1_L0oYnw-48_ZAWA2zCJpoPGumg9W3uG39ia2B0eHjVxIhxftX7LGfBo?key=NCLwcvX7Xo3HrJUlCxAs3w\" alt=\"Cybersecurity Roundup: Arrest Linked to Lazarus, US Sanctions on Russian IT, and More\"\/><figcaption class=\"wp-element-caption\">Source: BreachForums.<\/figcaption><\/figure>\n<p>According to <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/toyota-confirms-third-party-data-breach-impacting-customers\/\">Bleeping Computer<\/a>, the files were stolen or at least created on December 25, 2022, possibly indicating they were obtained from a backup server.<\/p>\n<p>In a comment to the publication, Toyota confirmed the incident at an unnamed third-party organization, indirectly affecting its customers. They are cooperating with all affected parties and providing assistance as needed.<\/p>\n<p>Company representatives emphasized that Toyota Motor North America&#8217;s systems were &#8220;not hacked or compromised.&#8221;<\/p>\n<h2 class=\"wp-block-heading\"><strong>Russian Ransomware Group Member Charged in the US<\/strong><\/h2>\n<p>The US Department of Justice <a href=\"https:\/\/www.justice.gov\/usao-sdoh\/pr\/member-russian-cybercrime-group-charged-ohio\">charged<\/a> 33-year-old Latvian citizen Denis Zolotarev with money laundering, wire fraud, and extortion as part of the Russian group Karakurt.<\/p>\n<p>The gang began operations in mid-2021, engaging in data theft without using encryption tools.<\/p>\n<p>According to case materials, Zolotarev used the alias Sforza_cesarini and acted as a negotiator. He is linked to at least six extortion incidents involving US organizations from August 2021 to November 2023. One of these companies paid Karakurt a ransom of over $1.3 million.<\/p>\n<p>The suspect&#8217;s identity was established through cryptocurrency tracking, communication analysis, and data from Rocket.Chat obtained via a warrant. Zolotarev was arrested in December 2023 in Georgia and extradited to the US earlier this month.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Russian Communications Watchdog Blames DDoS for Messaging App Outages, Experts Skeptical<\/strong><\/h2>\n<p>On August 21, Russian residents reported widespread issues accessing messaging apps Telegram, WhatsApp, and several other services, including Discord, Skype, Facebook Messenger, AnyDesk, GitHub, Wikipedia, Steam, Cloudflare, and Yandex Cloud.<\/p>\n<p><script async src=\"https:\/\/telegram.org\/js\/telegram-widget.js?22\" data-telegram-post=\"zatelecom\/28718\" data-width=\"100%\"><\/script><\/p>\n<p>In a comment to <a href=\"https:\/\/www.forbes.ru\/tekhnologii\/519563-roskomnadzor-nazval-pricinu-massovogo-sboa-telegram-v-rossii\">Forbes<\/a>, representatives of Roskomnadzor attributed the outage to a <span data-descr=\"distributed denial of service\" class=\"old_tooltip\">DDoS<\/span> attack on Russian operators. However, experts doubted the agency&#8217;s statement.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cHow could a DDoS attack be organized against all operators in Russia? [\u2026] And how do you explain that only messengers and a few other resources went down, while everything else (including VPNs, by the way) remained operational? Roskomnadzor is lying,\u201d wrote the author of the Telegram channel \u201cZaTelecom\u201d Mikhail Klimarev.\u00a0<\/p>\n<\/blockquote>\n<p>On August 23, outages <a href=\"https:\/\/t.me\/zatelecom\/28739\">affected<\/a> Telegram, WhatsApp, and Viber. Klimarev suggests that authorities have begun testing technology to block messengers.<\/p>\n<p>Also on ForkLog:<\/p>\n<ul class=\"wp-block-list\">\n<li>Organizer of a $4 billion crypto scam arrested in Turkey.<\/li>\n<li>Report: 77% of hacked cryptocurrencies have not recovered in value.<\/li>\n<li>McDonald\u2019s Instagram account hacked to promote a fake meme coin.<\/li>\n<li>Co-founder of the FutureNet Bitcoin pyramid arrested in Montenegro.<\/li>\n<li>MakerDAO user lost $55 million in a phishing attack.<\/li>\n<li>DOGS team warned of a fake meme coin listing on exchanges.<\/li>\n<li>Binance announced the use of AI against fraudsters.<\/li>\n<li>Bull Checker extension stole meme tokens from users.<\/li>\n<li>Expert suggested a $238 million hack of unknown creditor Genesis Trading.<\/li>\n<li>Vitalik Buterin sent $1.05 million in ETH to the Railgun mixer.<\/li>\n<li>American filed a lawsuit against Google for losing $5 million through a crypto app.<\/li>\n<li>Optimism Foundation disabled fraud protection due to vulnerabilities.<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\"><strong>Weekend Reading Suggestions<\/strong><\/h2>\n<p>Top 10 cringe-makers in the crypto industry we\u2019d rather not remember at the upcoming <a href=\"https:\/\/www.youtube.com\/watch?v=lqbNPNaN-BM\">ForkLog 100x online conference<\/a>.\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Here are the week&#8217;s most significant cybersecurity news stories. A Russian involved in laundering cryptocurrency for Lazarus was arrested in Argentina. The US has sanctioned Russian cybersecurity companies. Experts have identified the creator of Styx Stealer, targeting Bitcoin wallets. Russian National Arrested in Argentina for Laundering Cryptocurrency for Lazarus The Argentine Federal Police arrested a [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":16363,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1238,1233],"class_list":["post-16364","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybersecurity-digest","tag-industry-digests"],"aioseo_notices":[],"amp_enabled":true,"views":"19","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/16364","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=16364"}],"version-history":[{"count":0,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/16364\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/16363"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=16364"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=16364"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=16364"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}