Oleksandr Vitalyevich Ieremenko1 is a Ukrainian national charged with several fraud-related and cybercrime cases in August 2015. Barely a year after the allegation, Ieremenko joined a cybercrime group led by Artem Viacheslavovich Radchenko and gained unauthorized entry into the U.S. Securities and Exchange Commission (SEC) network.Continue reading
Danil Potekhin,1 a Russian national, managed to steal approximately US$17 million from users of several digital currency exchange platforms by defrauding several cryptocurrency exchange sites. Potekhin was then indicted2 in September 2020 for conspiracy to commit computer fraud, unauthorized access to a protected computer, and aggravated identity theft, among other crimes.
To assist law enforcement agencies and the security community, WhoisXML API Threat Researcher Dancho Danchev took a closer look at some of Potekhin’s cyber footprint and online infrastructure.
Using one of Protekhin’s personal email addresses found through OSINT analysis, Danchev discovered a website associated with Protekhin and seemingly pointing at a profitable managed Android malware botnet enterprise.Continue reading
WhoisXML API DNS Threat Researcher Dancho Danchev identified domain intelligence related to several bogus free VPN service providers. Those bogus entities could seemingly be traced back to the National Security Agency (NSA) as part of an effort to monitor the online activities of suspicious Iran-based users.Continue reading
WannaCry ransomware made waves as part of a global cyber attack detected in 2017, which resulted in around US$4 billion1 in financial losses. The ransomware campaign targeted organizations in various industries, including the telecommunications, airline, and medical services sectors.Continue reading
Cyber jihad, a term that loosely describes using the Internet as a communication, fundraising, recruitment, training, and planning tool in cyber attacks, gained traction over the years. It has become a force to reckon with for many government institutions tasked to battle cyberterrorism. In fact, at the end of 2020 alone, three cyber-enabled campaigns targeting government institutions worldwide were brought down.Continue reading
About 1,500 small and medium-sized businesses (SMBs)1 may have been affected by the ransomware attack targeting Kaseya, an IT solutions developer catering to managed service providers (MSPs) and enterprises. The attack, which occurred in July 2021, exploited a vulnerability in the company’s remote monitoring and management software. The threat actors behind the attack reportedly asked for US$70 million2 in exchange for a decryption tool.
Given the gravity of the attacks and the number of affected organizations, the security community can use as much threat intelligence as possible. To help both the security community and the exposed companies, WhoisXML API DNS Threat Researcher Dancho Danchev uncovered properties related to the Kaseya attacks and found several currently active.Continue reading
Total losses from BEC scams and CEO impersonation are estimated at tens of US$billion over the past years. In 2021, Elon Musk’s impersonators were able to amass about US$2 million from numerous victims.Continue reading