By Deeba Ahmed
The RomCom RAT is also tracked as Tropical Scorpius, Void Rabisu, and UNC2596.
This is a post from HackRead.com Read the original post: RomCom RAT Targets Pro-Ukraine Guests at Upcoming NATO Summit

The upcoming NATO summit is scheduled to be held in Vilnius, Lithuania from July 11th to 12th 2023.

The BlackBerry Threat Research and Intelligence team has discovered a new campaign in which the threat actor targets Ukraine and NATO supporters with the RomCom RAT (**remote access trojan**).

According to their analysis of the threat actor’s TTPs (tactics, techniques, and procedures), network infrastructure, and code similarity, the threat actor RomCom is behind the campaign. Therefore, the malware is named RomCom RAT.

For your information, the RomCom RAT is also tracked as Tropical Scorpius, Void Rabisu, and **UNC2596**. It is written in C and was recently spotted in cyberattacks launched against Ukrainian politicians working closely with Western nations and a healthcare organization in the USA that aids refugees who have fled Ukraine.

This campaign was launched just before the **upcoming NATO summit**, which is scheduled to be held in Vilnius, Lithuania on July 11-12 2023. Researchers noted that threat actors targeted the summit and an international organization supporting Ukraine with phishing attacks.

According to **blog post** published by BlackBerry, its cybersecurity team detected two malicious documents submitted on July 4, 2023, via a Hungary-based IP address titled:

*   Letter\_NATO\_Summit\_Vilnius\_2023\_ENG(1).docx
*   Overview\_of\_UWCs\_UkraineInNATO\_campaign.docx

These documents are sent to the organization and **pro-Ukraine guests** invited to the NATO summit as a lure. This indicates that the threat actor is using fake documents pretending to attempt to lobby for Ukraine’s NATO accession and the probability of Ukraine becoming a member of the organization in the future.

BlackBerry researchers suspect that threat actors are trying to benefit from this event by creating and distributing a malicious document impersonating the Ukrainian World Congress website to target supporters of Ukraine.

These documents lure the recipient into clicking on a link, which redirects them to another fake website domain. The attackers use **typosquatting** to mimic ukrainianworldcongress(.) org, but with one change: instead of .org, they use .info at the end. This change is made to make the spear-phishing campaign successful.

Image: BlackBerry

If the victim clicks on the link, their device becomes infected by RomCom RAT, and the attackers can obtain sensitive system data such as IP address, username, and even location.

The malicious document essentially triggers a well-designed execution sequence. This sequence starts with contacting a remote server to retrieve intermediate payloads. After that, the attackers exploit the now-patched security flaw **Follina (tracked as CVE-2022-30190)**, which impacts the Microsoft Support Diagnostic Tool. This exploitation allows them to acquire remote code execution.

> “If successfully exploited, it allows an attacker to conduct a remote code execution-based attack via the crafting of a malicious .docx or .rtf document designed to exploit the vulnerability. That technique is effective even when macros are disabled, and a document is opened in Protected mode.”
> 
> The BlackBerry Research & Intelligence Team

Further probing of the internal telemetry, cyber weapons, and network data analysis led to the assumption that the campaign became active on 22 June. The attacker’s C2 server was registered and went live just a few days before.

Researchers haven’t yet determined the initial infection vector. However, they are sure that this is a geopolitically motivated campaign, and its prime targets include militaries, IT firms, and food supply chains.

**RELATED ARTICLES**

1.  KillNet Creates Gay Dating Profiles with NATO Logins
2.  NATO Data Stolen in Cyberattack on Portugal’s Armed Forces
3.  NATO Probes Hackers Selling Data from Top Missile Firm MBDA
4.  Authentication bypass flaw found in NATO, EU approved firewall
5.  Data center in former NATO bunker seized for hosting child porn

RomCom RAT Targets Pro-Ukraine Guests at Upcoming NATO Summit

By Owais Sultan
Automation is crucial for logistics and warehousing – Explore 5 game-changing benefits of Artificial intelligence or AI for…
This is a post from HackRead.com Read the original post: 5 Benefits of AI for Logistics and Supply Chains

Automation is crucial for logistics and warehousing – Explore 5 game-changing benefits of Artificial intelligence or AI for logistics and supply chains.

In 2023, _resilience_ has become the key to success in industries from healthcare to banking and finance. In some sense, resilient is the new smart, and smart often means “empowered by technology”.

In this context, the integration of Artificial intelligence (AI) has emerged as a game-changer for logistics and supply chains. 

AI offers many benefits that can revolutionize how your organization operates, ensuring streamlined processes, enhanced decision-making, and a competitive edge. In this blog post, we will explore the key benefits of **AI for logistics and supply chains**, showcasing the transformative potential it holds for global companies.

**Understanding Automation in Supply Chains**

Artificial intelligence has been named one of the main trends in supply chains for the years to come by **Statista**. Apart from the hype, automation, including AI, has a beneficial impact on all the components of logistics supply chains, from fleets to inventories and warehouses.

Let’s explore how AI and automation transform supply chains in detail – below are the five game-changing benefits.

**Improved Demand Forecasting and Inventory Management**

One of the primary **challenges in logistics** is accurately predicting demand patterns and managing inventory levels effectively. AI brings a paradigm shift to demand forecasting by leveraging advanced machine learning algorithms. These algorithms analyze vast amounts of historical and real-time data, including customer behavior, market trends, and external factors, to provide accurate demand predictions.

By harnessing AI-powered demand forecasting, your company can optimize inventory levels, reduce costs associated with overstocking or stockouts, and enhance customer satisfaction through timely order fulfilment.

Moreover, AI-driven inventory management systems can:

*   Identify slow-moving or obsolete inventory, enabling proactive actions such as targeted marketing or clearance sales.
*   Optimize replenishment strategies, ensuring the right quantities of products are available at the right locations.
*   Monitor and analyze supplier performance, enabling data-driven decisions regarding partnerships and sourcing strategies.
*   Detect anomalies and identify potential stock discrepancies, reducing inventory shrinkage and improving accuracy.

**Enhanced Route Optimization and Fleet Management**

Efficient fleet management is crucial for timely deliveries, reduced fuel consumption, and cost optimization. **AI provides a range of tools** and technologies that empower your organization to achieve these goals.

With AI-enabled route optimization, algorithms can analyze real-time data, including traffic conditions, weather updates, and historical patterns, to identify the most efficient routes for your fleet. This not only minimizes travel time but also reduces fuel expenses and lowers carbon emissions. AI can also monitor vehicle health, allowing proactive maintenance scheduling to minimize breakdowns and maximize fleet uptime.

In addition, AI-powered fleet management solutions can:

*   Optimize load planning to maximize the utilization of available cargo space, reducing transportation costs.
*   Monitor driver behavior and safety, providing real-time feedback and enabling the implementation of driver training programs.
*   Predict maintenance needs and detect potential vehicle failures, minimizing downtime and ensuring the reliability of operations.
*   Enable real-time tracking of shipments, enhancing transparency and improving customer service by providing accurate delivery estimates.

**Intelligent Warehouse Operations and Inventory Tracking**

Warehouses are the core of supply chain operations, and AI brings intelligence and automation to their functioning. By incorporating AI-powered robotics and automation systems, your company can optimize warehouse operations, enhance efficiency, and reduce human errors. **AI-driven robots** can perform repetitive tasks such as picking, sorting, and packaging with speed and precision.

Furthermore, AI algorithms can monitor inventory levels, analyze demand patterns, and optimize storage and retrieval processes. Real-time inventory tracking using AI sensors ensures accurate stock management, reducing discrepancies and improving order fulfilment.

Key benefits of AI for warehouse operations include:

*   Increased operational efficiency through automated material handling, reducing labor costs and improving productivity.
*   Enhanced accuracy in order fulfilment, reducing errors and improving customer satisfaction.
*   Real-time inventory tracking and visibility, minimizing stockouts and enabling proactive replenishment.
*   Improved warehouse layout optimization, maximizing space utilization and minimizing travel time within the facility.
*   Predictive maintenance of equipment, reducing downtime, and optimizing maintenance schedules.

**Enhanced Supply Chain Visibility and Real-time Analytics**

Visibility across the supply chain is crucial for effective decision-making and proactive management of operations. AI offers real-time analytics and integration capabilities that enable seamless data flow and visibility across multiple stakeholders, including suppliers, logistics partners, and customers.

AI algorithms can analyze data from various sources, providing insights into shipment tracking, inventory levels, and potential bottlenecks. This enhanced visibility allows your organization to make data-driven decisions, identify operational inefficiencies, and respond promptly to market changes, ultimately improving supply chain agility and customer satisfaction.

AI-powered supply chain visibility solutions offer the following benefits:

*   End-to-end traceability of goods, enabling real-time tracking and monitoring of shipments.
*   Proactive identification of potential bottlenecks, allowing for timely interventions and optimized processes.
*   Improved collaboration and communication among supply chain partners, reducing response times and enhancing efficiency.
*   Enhanced customer experience through accurate and transparent order tracking, leading to increased satisfaction and loyalty.
*   Real-time analytics and reporting, enabling proactive decision-making based on actionable insights.

**Mitigating Risks and Predicting Disruptions**

Logistics and supply chains are prone to risks and disruptions, ranging from natural disasters and geopolitical events to supplier failures and unforeseen market changes. AI equips your organization with the tools to proactively manage and mitigate these risks.

**AI algorithms** can analyze a vast amount of data, including historical data, external factors, and emerging trends, to predict potential risks and their impact on the supply chain. With this predictive capability, you can implement proactive measures, develop contingency plans, and optimize your response to minimize disruptions and ensure business continuity.

Key benefits of AI in risk management for logistics include:

*   Early detection of potential disruptions or supply chain vulnerabilities, allowing for proactive risk mitigation strategies.
*   Real-time monitoring and analysis of external factors, such as weather conditions, political events, and market trends.
*   Predictive analytics for demand volatility and market fluctuations, enabling agile decision-making and adaptive strategies.
*   Supplier risk assessment and monitoring, ensuring a resilient and reliable supply base.
*   Streamlined compliance management through AI-powered analytics, reducing the risk of regulatory non-compliance.

**Wrapping Up**

When it comes to building smarter supply chains, automation is the synonym for resilience. By harnessing AI’s capabilities in demand forecasting, route optimization, warehouse automation, supply chain visibility, and risk management, your organization can unlock transformative benefits. These include improved efficiency, cost optimization, enhanced customer experiences, and proactive risk mitigation.

By leveraging AI’s potential, you position your company at the forefront of innovation, ensuring a competitive edge in the dynamic world of logistics and supply chains.

**RELATED ARTICLES**

1.  How to use AI in cybersecurity?
2.  The Benefits Of Blockchain In The Travel Industry
3.  How Will Blockchain Technology Revolutionize Logistics?
4.  What Are Secure Supply Chain Management Solutions There?
5.  How To Reduce Cost Overruns For AI Implementation Projects

5 Benefits of AI for Logistics and Supply Chains

Cities across the US have established RTCCs that police say protect the rights of innocent people, but critics warn of creeping surveillance.

In the 1990s, London built the Ring of Steel—a network of concrete barriers, checkpoints, and thousands of video cameras around the historic City of London—after bombings by the Irish Republican Army. The idea was to monitor everyone entering and leaving the Square Mile, what the _The New York Times_ later called “fortress urbanism.”

After the September 11, 2001, attacks, city planners looking to defend New York from terrorism turned to London and fortress urbanism for inspiration. Fusion centers, where US law enforcement agencies share intelligence at a federal level to be analyzed and build a bigger picture of crime, had been around for a few years. But officials began asking, what if fusion centers could be localized? What if local law enforcement could analyze and gather masses of intelligence from one city?

In 2005, they answered with the first “real-time crime center” (RTCC), a sprawling network of CCTV and automatic license plate readers (ALPR) linked to a central hub in the New York Police Department headquarters costing $11 million. Since then, from Miami to Seattle, RTCCs have steadily expanded across the US. The Atlas of Surveillance, a project from the digital rights nonprofit the Electronic Frontier Foundation (EFF), which monitors police surveillance technology, has counted 123 RTCCs nationwide—and that number is rising.

Each RTCC is slightly different, but their function is the same: gather surveillance data across a city and use that to build a live picture of crime in the city. Police departments have an array of technologies available to them that span from CCTV, gunshot sensors, and social media monitoring to drones and body cameras. In Ogden, Utah, police even floated the idea of a 30-foot “crime blimp.” In many cases, images that police systems collect are run through facial recognition technology, and the data gathered is often used in predictive policing. In Pasco County, Florida, which operates an RTCC, the sheriff’s office’s predictive policing system encouraged officers to continuously monitor and harass residents for minor code violations such as missing mailbox numbers and overgrown grass.

Erik Lavigne is a detective at the Fort Worth Police Department in Texas and communications director at the National RTCC Association. He says there has been a boom in RTCCs over the past year because officers believe they help with more precise policing. He likens the scattered approach to policing in previous years to throwing out a fishnet and hoping to catch something. “For what we had at the time, that worked. But what inevitably happens is, you end up alienating the community because you're not just stopping the bad guys, you're also stopping innocent people that are just trying to live their lives,” he says. “A real-time crime center is a scalpel. We aren't catching the wrong people anymore.”

Lavigne says RTCCs are also a cheaper alternative to hiring more boots on the ground because each camera becomes, in effect, a stationary officer keeping watch over an area. Lavigne says this has proved so effective that analysts at RTCCs have been recording more crime than they can deal with, and  the Fort Worth RTCC has significantly helped decrease vehicle thefts.

Most evidence for RTCC effectiveness, however, is anecdotal, and there is a real lack of studies into how effective they really are. In Detroit, a National Institute of Justice study concluded that Project Green Light—a part of the Detroit Police Department RTCC that established cameras at more than 550 locations, including schools, churches, private businesses, and health centers—helped decrease property violence in some areas but did nothing to prevent violent and other crimes. But police departments argue they do work.

Few people know RTCCs even exist, let alone the extent of the surveillance they entail, so they can receive little public scrutiny and often operate without much oversight. There have long been concerns around how surveillance technologies could affect First and Fourth Amendment rights in the US, but Beryl Lipton, an investigative researcher at the EFF, says RTCCs “hyper-charge” these worries by collating all this data in one place.

“It’s perpetuating this mass collection of people's private information from a whole bunch of different video streams,” Lipton says. “They're really lowering the bar on the ways police can access that information … When there are these types of large databases without proper audit and oversight mechanisms, law enforcement officials and individuals can use them for their own purposes, which can be very scary.”

Regulations around the storage and usage of this data are patchy at best. For example, RTCC-collected data may be shared across jurisdictions because third parties contracted for the hardware or software will also collect data and share it, Lipton says. “Some of these companies will, in good faith, delete data in accordance with retention schedules, but we've seen them not do that,” she says. “With large databases like license plate reader databases, that information is sometimes shared without police departments realizing it and in violation of jurisdictional rules.”

While companies will argue this data is being stored securely, this is no guarantee. In 2020, hackers stole internal memos, financial records, and more from over 200 local, state, and federal agencies from web development firm Netsential, which provided data storage for fusion centers across the US. The trove of leaked data later became known as #BlueLeaks.

“There are real concerns around having this amount of information stored somewhere,” says Lipton, “I have no reason to believe these are somehow more secure systems than we have in other situations. And we know that those get breached all the time, law enforcement agencies in this country get hacked all the time.”

Lipton’s biggest worry is that this ability to follow people remotely and share that data across state lines could instead be used to target people involved in protests and political organizing, which has already happened, or those accessing reproductive health care. “Those issues become compounded because there’s the frightening ‘real time’ element to it,” she says. “That means that if you leave your house, there’s a very good chance that law enforcement could jump into a feed that is just following you around.”

In addition to police setting up their own technology, RTCCs draw on wider existing surveillance networks. Cooperation of public institutions like schools and colleges and privately owned cameras have been crucial to developing RTCCs by giving officers access to cameras that might otherwise need a warrant. In Atlanta, which has seen the number of cameras integrated into their RTCC treble to 15,329 in the past year, four higher-education institutions—Clark Atlanta University, Spelman College, Morehouse College, and the Morehouse School of Medicine—installed $700,000 worth of cameras, including five ALPRs, that were linked to the Atlanta RTCC.

Fusus, which claims to be “the most widely used & trusted Real-Time Crime Center platform in U.S. Public Safety,” sells hardware that can be connected to private CCTV cameras and linked up to the local RTCC. Fusus sells a solution that brings all the various technologies under “a single pane of glass,” as the company describes it. Through partnerships with companies that provide surveillance technology, including a $21 million investment from Axon, which produces Tasers and body cams, Fusus promises to integrate these technologies into one RTCC platform for analysts.

Police departments that use Fusus, like the Memphis Police Department, have been encouraging homeowners and local businesses to purchase fususCORE bundles—hardware that connects cameras to an RTCC—ranging from $350 to $7,300, plus an annual $150 subscription. Fusus has even gone as far as developing technology that allows Amazon’s Ring doorbells to livestream to an RTCC.

Amid a push for policing to harness new technologies and become “smarter,” Lipton is quick to point out that more technology doesn’t necessarily equal smarter. “It almost always just means that they're going to keep heavily policing poor and minority areas,” she says. Despite Lavigne’s claims that RTCCs mean the wrong people aren’t getting arrested anymore, in a recent lawsuit, the New Orleans Police Department was sued for arresting a Black man after watching him for 15 minutes through their RTCC and wrongly concluding he had a gun. The department ultimately settled for $10,000 in damages.

Lipton believes relentless surveillance is an infringement of citizens rights and would like to see the use of these technologies limited—aside from facial recognition, which she says should be banned. “There are certain elements we just shouldn't be using at all,” she says. “We should never be applying facial recognition to almost anything … As soon as you apply any really individualizing technology like that, I mean, it's kind of over for people's privacy.” Communities and organizations like EFF and ACLU have been arguing for Community Control Over Police Surveillance (CCOPS) laws that bring surveillance technologies under the control of elected officials and communities. Cities like Oakland have found success with this, but without nationwide restrictions, the rise of RTCCs will likely continue on the periphery of the public eye.

The Quiet Rise of Real-Time Crime Centers

The threat actors behind the RomCom RAT have been suspected of phishing attacks targeting the upcoming NATO Summit in Vilnius as well as an identified organization supporting Ukraine abroad.
The findings come from the BlackBerry Threat Research and Intelligence team, which found two malicious documents submitted from a Hungarian IP address on July 4, 2023.
RomCom, also tracked under the names

The threat actors behind the RomCom RAT have been suspected of phishing attacks targeting the upcoming NATO Summit in Vilnius as well as an identified organization supporting Ukraine abroad.

The findings come from the BlackBerry Threat Research and Intelligence team, which found two malicious documents submitted from a Hungarian IP address on July 4, 2023.

RomCom, also tracked under the names Tropical Scorpius, UNC2596, and Void Rabisu, was recently observed staging cyber attacks against politicians in Ukraine who are working closely with Western countries and a U.S.-based healthcare organization involved with aiding refugees fleeing the war-torn country.

Attack chains mounted by the group are geopolitically motivated and have employed spear-phishing emails to point victims to cloned websites hosting trojanized versions of popular software. Targets include militaries, food supply chains, and IT companies.

The latest lure documents identified by BlackBerry impersonate Ukrainian World Congress, a legitimate non-profit, ("Overview\_of\_UWCs\_UkraineInNATO\_campaign.docx") and feature a bogus letter declaring support for Ukraine's inclusion to NATO ("Letter\_NATO\_Summit\_Vilnius\_2023\_ENG(1).docx").

"Although we haven't yet uncovered the initial infection vector, the threat actor likely relied on spear-phishing techniques, engaging their victims to click on a specially crafted replica of the Ukrainian World Congress website," the Canadian company said in an analysis published last week.

Opening the file triggers a sophisticated execution sequence that entails retrieving intermediate payloads from a remote server, which, in turn, exploits Follina (CVE-2022-30190), a now-patched security flaw affecting Microsoft's Support Diagnostic Tool (MSDT), to achieve remote code execution.

UPCOMING WEBINAR

🔐 Privileged Access Management: Learn How to Conquer Key Challenges

Discover different approaches to conquer Privileged Account Management (PAM) challenges and level up your privileged access security strategy.

Reserve Your Spot

The result is the deployment of RomCom RAT, an executable written in C++ that's designed to collect information about the compromised system and remote commandeer it.

"Based on the nature of the upcoming NATO Summit and the related lure documents sent out by the threat actor, the intended victims are representatives of Ukraine, foreign organizations, and individuals supporting Ukraine," BlackBerry said.

"Based on the available information, we have medium to high confidence to conclude that this is a RomCom rebranded operation, or that one or more members of the RomCom threat group are behind this new campaign supporting a new threat group."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

RomCom RAT Targeting NATO and Ukraine Support Groups

By Waqas
The owner and administrator of the Illicit Services OSINT Tool cites the rise in illegitimate activities and exploitation as reasons for closure.
This is a post from HackRead.com Read the original post: OSINT Tool ‘Illicit Services’ Shuts Down Amidst Exploitation Concerns

In a surprising turn of events, Illicit Services (Search.illicit.services), an **OSINT** (Open-Source Intelligence) tool widely used for gathering information based on personal identifiers, has been shut down by its owner due to growing concerns of exploitation and abuse.

The platform, known for its comprehensive search capabilities covering various personal data points, has been a subject of both controversy and praise.

The owner of Illicit Services, who remains anonymous but is referred to as “Miyako Yakota,” made the decision to close the service following mounting evidence that it was being misused for illegitimate purposes rather than functioning as an effective tool for Open-Source Intelligence. The irony of the platform’s name, given the circumstances, is not lost on Yakota.

Homepage of Illicit Services (left) – Search result on Illicit Services (right) – Screenshot: Hackread.com

One of the key reasons cited by Yakota for the shutdown was the observed spike in abuse of the service, particularly within communities engaged in doxxing and **sim-swapping**. These malicious activities involve the exposure of personal information and unauthorized manipulation of phone services, respectively. By shutting down the service, Yakota aims to curtail the potential harm inflicted upon unsuspecting victims.

However, it is worth noting that Yakota acknowledged the positive aspects of Illicit Services during their announcement on the official Telegram channel. Sharing a user’s success story, Yakota highlighted the case of a non-paying roommate who was exposed for using a fake name on a lease agreement and engaging in fraudulent internship activities, leading to their eviction. Such instances, according to Yakota, shed light on the potential benefits of the platform when used responsibly.

In an unexpected twist, Yakota expressed a willingness to share the data with the Intelligence Community, specifically those allied with the United States. They clarified that while aggregated leaks shared in confidence would not be disclosed, other information would be made available for analysis. Yakota’s decision to involve the Intelligence Community underscores the need to leverage data for lawful purposes while maintaining user privacy and security.

Miyako Yakota on Telegram (Screenshot credit: Hackread.com)

The closure of Illicit Services raises questions about the wider implications of exploiting personal data and the ethical considerations surrounding the use of OSINT tools. It also highlights the responsibility of platform owners to ensure their services are not inadvertently facilitating illegal activities.

**RELATED ARTICLES**

1.  What is an OSINT Tool – Best OSINT Tools 2023
2.  CISA Publishes List of Free Cybersecurity Tools and Services
3.  Temporary Phone Number: An Essential Tool for Privacy Protection

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

OSINT Tool ‘Illicit Services’ Shuts Down Amidst Exploitation Concerns

By Habiba Rashid
The dark net, the illegal drugs, and what's next.
This is a post from HackRead.com Read the original post: Russian Dark Net Markets Dominate the Global Illicit Drug Trade: Report

**The staggering new stat show Russian-language Dark Net Markets (DNM) dominated the Illicit drug trade with over 80% of the $1.49 billion spent in 2022.**

Russian-language Dark Net Markets (DNMs) have experienced a significant surge in popularity among drug dealers and buyers, emerging as a dominant force in the global illicit drug trade, a new report suggests.

Recent data **presented** by blockchain intelligence platform TRM Labs reveals that these markets accounted for an alarming 80% of the $1.49 billion worth of illicit drugs purchased in 2022.

In order to fully understand the rise of Russian DNMs in the drug trade, one must unpack the technological advancements, socio-political factors, and evolving drug market dynamics that have contributed to their unprecedented popularity.

According to researchers, the appeal of Russian DNMs in the drug trade lies in the convenience and perceived anonymity they offer. Technological advances have made the **battle against cybercrime syndicates** all the more challenging for law enforcement, and the same encryption and anonymity tools are being used to run the dark net markets.

These underground online marketplaces allow dealers and buyers to operate covertly, challenging law enforcement investigations and arrests. The **preference for crypto transactions** and blockchain technology within DNMs has further amplified the advantage bestowed upon actors in the illicit drug trade. Loose regulations surrounding cryptocurrency payments make them an ideal tool for masking illegal exchanges.

The growing prominence of Russian-language DNMs also begs the question: how much of a free rein has the widening disconnect between the West and the Kremlin on matters of cybercrime given them?

According to BanklessTimes’ **report**, geopolitical tensions and conflicting interests have hindered collaboration, creating fertile ground for DNMs to flourish. Consequently, law enforcement agencies ability to track, apprehend, and prosecute cybercriminals has been significantly impacted.

**Impact of Russian DNM Takedown on Illicit Drug Trade**

Moreover, the shift from traditional to online markets in recent years has allowed the drug trade to flourish in the shadows of the dark net. According to the Chainanalysis **report**, four out of five of the highest-earning dark net markets in 2022 were involved in the drug trade.

Investigations and arrests that could previously be conducted within one region are now slowed by these DNMs, which provide an open market free from geographical boundaries and laws, making them highly alluring to those involved in illicit drug sales.

In April 2022, when law enforcement **shut down Hydra**, a major Russian-speaking DNM, a decline in the average daily revenue of all such markets was observed, dropping from $4.2 million before closing to $447,000 after its closure. If global efforts against Russian-language DNMs are combined, their impact would send shockwaves through the online illicit drug trade market.

**Halting Illegal Transactions**

Addressing the most nefarious darknet marketplaces starts with improved information sharing among law enforcement agencies, financial institutions, and cyber-research institutions. The global nature of the dark web makes international cooperation imperative.

During 2018 and 2019, Interpol and the European Union brought together law enforcement agencies from 19 countries, leading to the identification of 247 high-value targets and the sharing of operational intelligence required for effective enforcement.

The outcomes were promising, as these joint efforts resulted in arrests and the closure of 50 illicit dark-web platforms, including major drug markets such as the **Wall Street Market**, **Genesis**, **Alphabay**, **Hansa**, and **Valhalla**.

**RELATED ARTICLES:**

1.  Report Shows More Women Presence in Cyber Crime Forum
2.  DarkBERT: Enhancing Cybersecurity Efforts on the Dark Web
3.  179 Dark Web vendors arrested, 500kg worth of drugs seized
4.  Military Satellite Access Sold on Russian Hacker Forum for $15K
5.  IoT Botnet DDoS Attacks Threaten Global Telecom Network, Nokia
6.  Largest Dark Web Webinjects Marketplace “In The Box” Discovered

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Russian Dark Net Markets Dominate the Global Illicit Drug Trade: Report

By Deeba Ahmed
Vade, a provider of email security and threat detection services, has released a report on a recently discovered…
This is a post from HackRead.com Read the original post: New Phishing Attack Spoofs Microsoft 365 Authentication System

Vade, a provider of email security and threat detection services, has released a report on a recently discovered phishing attack that involves the spoofing of the **Microsoft 365** authentication system.

According to Vade’s Threat Intelligence and Response Center (TIRC), the attack email includes a harmful HTML attachment with JavaScript code. This code is designed to gather the recipient’s email address and modify the page using data from a callback function’s variable.

TIRC researchers decoded the base64-encoded string when analyzing a malicious domain and obtained results related to **Microsoft 365 phishing attacks**. Researchers noted that requests for phishing applications were made to eevilcorponline.

Its source code, found via periodic-checkerglitchme, was similar to the attachment’s HTML file, indicating that phishers are leveraging glitch.me to host malicious HTML pages.

Glitch.me is a platform that enables users to create and host web applications, websites, and various online projects. Unfortunately, in this instance, the platform is being exploited to host domains involved in the ongoing Microsoft 365 phishing scam.

The attack begins when the victim receives an email containing a malicious HTML file as an attachment. When the victim opens the file, a **phishing page** masquerading as Microsoft 365 is launched in their web browser. On this deceptive page, the victim is prompted to enter their credentials, which the attackers promptly gather for malicious purposes.

Due to Microsoft 365’s widespread adoption in the business community, there is a significant likelihood that the compromised account belongs to a corporate user. As a result, if the attacker gains access to these credentials, they can potentially obtain sensitive business and trade information.

Additionally, according to their **report**, Vade’s researchers have also discovered a phishing attack that involves the use of a spoofed version of Adobe.

Login pages for Office 365 and Adobe phishing scams (Image credit: Vade)

Further analysis revealed that the malicious “eevilcorp” domain returns an authentication page related to an application called Hawkeye. It is important to highlight that cybersecurity experts, including Talos, have conducted assessments on the original **HawkEye keylogger** and classified it as a malware kit that emerged in 2013, with subsequent versions appearing over time.

This context is relevant because it explains why TIRC researchers were unable to establish a direct connection between the authentication page and the HawkEye keylogger.

The indicators of compromises were identified to be the following ones:

*   periodic-checkerglitchme
*   scan-verifiedglitchme
*   transfer-withglitchme
*   air-droppedglitchme
*   precise-shareglitchme
*   monthly-payment-invoiceglitchme
*   monthly-report-checkglitchme
*   eevilcorponline
*   ultimotemporeonline

This attack stands out due to the utilization of a malicious domain (eevilcorponline) and HawkEye, which is available for purchase on hacker forums as a keylogger and data-stealing tool. While Vade’s investigation is still ongoing, it is crucial for users to remain vigilant and follow these steps to prevent falling victim to a Microsoft 365 phishing scam:

*   **Check the email sender:** Be cautious of emails claiming to be from Microsoft 365 that are sent from suspicious or unfamiliar email addresses. Verify the sender’s email address to ensure it matches the official Microsoft domain.
*   **Look for generic greetings:** Phishing emails often use generic greetings like “Dear User” instead of addressing you by name. Legitimate Microsoft emails usually address you by your name or username.
*   **Analyze email content and formatting:** Pay attention to spelling and grammar mistakes, as well as poor formatting. Phishing emails often contain errors that legitimate communications from Microsoft would not have.
*   **Hover over links:** Before clicking on any links in the email, hover your mouse cursor over them to see the actual URL. If the link’s destination looks suspicious or differs from official Microsoft domains, do not click on it.
*   **Be cautious of urgent requests:** Phishing emails often create a sense of urgency, pressuring you to take immediate action. Beware of emails that claim your Microsoft 365 account is at risk or that require urgent verification of personal information.

Remember, if you suspect an email to be a phishing scam, it’s best to err on the side of caution. Report any suspicious emails to Microsoft and avoid providing personal or sensitive information unless you can verify the legitimacy of the request through official channels.

**RELATED ARTICLES**

1.  Microsoft Teams Flaw Sends Malware to Employees’ Inboxes
2.  CISA’s Sparrow.ps1 tool detects malicious activity on Microsoft 365
3.  Office 365 Phishing Protection – Is Native Microsoft Protection Safe?
4.  10 Crucial Security Tips to Reduce Data Loss in Microsoft Office 365
5.  Microsoft Dynamics 365 Customer Voice Exploited to Steal Credentials
6.  Fake supreme court subpoena phishing scam steals Office 365 credentials

New Phishing Attack Spoofs Microsoft 365 Authentication System

By Habiba Rashid
The cybercrime group has targeted financial institutions, telecoms firms, and mobile banking services, exploiting vulnerabilities to steal funds.
This is a post from HackRead.com Read the original post: Senior OPERA1ER Cybercrime Gang Member Arrested in Global Operation

The OPERA1ER group’s illicit activities have resulted in estimated losses of at least $11 million, with the potential to exceed $30 million.

In a breakthrough against cybercrime, authorities have apprehended a suspected senior member of the notorious cybercriminal organization known as OPERA1ER.

The arrest, which occurred in Côte d’Ivoire, a country in West Africa, marks a significant blow to the group’s criminal activities that have targeted financial institutions and mobile banking services across Africa, Asia, and Latin America.

The international operation, codenamed Nervone, was conducted in collaboration between INTERPOL, AFRIPOL, Group-IB, and Côte d’Ivoire’s Direction de l’Information et des Traces Technologiques (DITT).  

OPERA1ER, also identified as Common Raven, Desktop-Group, and NXSMS, has been operating since at least 2016, carrying out highly-organized attacks using sophisticated techniques such as spear-phishing campaigns, malware distribution, and large-scale Business Email Compromise (BEC) scams.

The group has targeted financial institutions, telecoms firms, and mobile banking services, exploiting vulnerabilities to steal funds. Their illicit activities have resulted in estimated losses of at least $11 million, with the potential to exceed $30 million.

The cybercriminal gang’s malicious email campaigns first came to the attention of Group-IB in 2018, when they detected spear-phishing operations responsible for spreading remote access tools and other malware.

In a collaborative effort, INTERPOL’s Cybercrime Directorate, Group-IB, and Orange exchanged intelligence, allowing authorities to track the group’s activities and identify a likely location for their operations.

Additional support was provided by the United States Secret Service’s Criminal Investigative Division and Booz Allen Hamilton DarkLabs cybersecurity researchers, who confirmed leads crucial to the investigation.

**How it occurred**

The arrest of a key suspect in Côte d’Ivoire in early June resulted from the successful coordination of international efforts. The captured individual is believed to be a senior member of OPERA1ER and was involved in attacks against financial institutions across Africa.

Authorities are confident that this arrest will have a significant impact on the group’s criminal endeavours, disrupting their network and preventing further financial losses.

In a press release, Bernardo Pillot, INTERPOL’s Assistant Director of Cybercrime Operations, commended the operation, stating,

> “Operation Nervone is a testament to what we can achieve through international collaboration and intelligence sharing. This successful operation marks a significant step in our ongoing mission to dismantle organized cybercrime networks, showcasing the power of collective action in stemming the tide against cybercrime.”
> 
> Bernardo Pillot

The successful arrest of a senior member of the OPERA1ER cybercrime group demonstrates the importance of international collaboration and the tireless efforts of law enforcement agencies and cybersecurity experts in safeguarding financial systems and protecting individuals from cyber threats.

As the fight against cybercrime continues, authorities remain dedicated to dismantling criminal networks and ensuring the security of global cyberspace.

1.  Do Kwon, Founder of Terraform Labs, Arrested in Montenegro
2.  Owner of Breach Forums Pompompurin Arrested in New York
3.  Alcasec Hacker, aka “Robin Hood of Spanish Hackers,” Arrested
4.  Estonian Arrested: Accused of Supplying Hacking Tools to Russia
5.  Teen among suspects arrested in Android banking malware scheme

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Senior OPERA1ER Cybercrime Gang Member Arrested in Global Operation

Plus: A French bill would allow spying via phone cameras, ATM skimmers target welfare families, and Japan’s largest cargo port gets hit with ransomware.

When Yevgeny Prighozin, the head of the notorious mercenary army known as the Wagner Group, staged an aborted coup against the Russian government, his brief revolt led to the deaths of 13 Russian fighter pilots and a serious blow to Vladimir Putin's sense of invulnerability. Now the fallout of that strange story has also apparently taken another casualty: the most notorious troll farm in the world, known as the Internet Research Agency.

But we'll get to that. First, Elon Musk is having a tough week. After Twitter’s baffling decision to temporarily limit the number of tweets users can read each day, Mark Zuckerberg sucker-punched the self-sabotaged platform with the launch of Threads. The Instagram-linked microblogging app surged to the top of the app store charts, gaining a staggering 30 million users in 24 hours—a clear sign that many people are willing to ignore Meta’s privacy-invading ways.

If you want to get in on the Threads action but don't want to share all your data with Meta, there's a better way: Don't join. Instead, wait until Threads connects to the broader decentralized social media ecosystem enabled by the ActivityPub protocol, which is also used by Mastodon. It should enable you to interact with Threads without signing up for an account or downloading the app. And if you're still trying to pick which Twitter alternative to jump on—or just want to see what data each platform collects—we've broken down the privacy policies of Threads, Bluesky, Mastodon, and more.

Even if you don't share your data with Meta, the information about you that's already out there is likely up for sale. But it's not just companies buying up your personal details—cops and spies are purchasing that data too. That is, unless the US Congress puts a stop to it. A bipartisan group of lawmakers has submitted an amendment to the National Defense Authorization Act, which Congress must pass each year, that would forbid intelligence agencies from buying sensitive data about Americans. The amendment has to survive a long debate before it can become law, but if Congress keeps it intact, US spies will no longer be able to buy your location data and search histories on the open market.

Finally, our partners at Grist investigated the risks posed by electric vehicle charging stations. Due to a variety of security vulnerabilities and a lack of industry standards for protecting EV chargers from hackers, both drivers and the entire power grid could be at risk.

But that's not all. Each week, we round up the security news we didn't report in depth ourselves. Click on the headlines to read the full stories. And stay safe out there.

For years, the St. Petersburg-based Internet Research Agency embodied many Americans’ worst fears of Russia’s disinformation influences across Western social media. The operation, created by Vladimir Putin ally and oligarch Yevgeny Prighozin, fueled scandals, spewed fake news, and meddled in US elections deeply enough to warrant an indictment from the Justice Department against a group of its staff and even a disruptive hacking operation from US Cyber Command targeting its network.

Now, after the US government's attempts to cripple or kill Prighozin’s troll factory, he’s managed to do it himself. In the wake of the bizarre, brief mutiny of Prighozin’s mercenary Wagner Group, contracted to take part in Russia’s invasion of Ukraine, Prighozin has been stripped of assets in Russia, including the media group of which the Internet Research Agency was a part. Initially, the troll farm sought a new owner, but Reuters reported ahead of the July 4 holiday that the infamous influence machine will instead be disbanded. Prighozin, meanwhile, was said to have been exiled to Belarus—but has now returned to Russia, according to the Belarusian president Alexander Lukashenko.

A highly controversial surveillance bill in France, making its way through the country’s parliament, would allow law enforcement to surreptitiously spy on criminal suspects via their devices’ cameras and microphones. The legislation, which would apply to smartphones, connected cars, laptops, and other devices, was passed by the French National Assembly earlier this week as part of wider changes to the French justice system. In response to criticism, French president Emmanuel Macron’s party made changes to the law that would only allow it to be used “when justified by the nature and seriousness of the crime,” only for an appropriate duration, and only for a maximum of six months, regardless of the suspected criminal conduct. Both the right and left political parties of the country continue to protest the bill.

In recent years, American credit cards have been far harder to defraud, as banks have added security features like authentication chips. But EBT cards, the debit cards provided to many of the poorest Americans in the welfare system, have lagged behind in those protections, instead continuing to store their numbers in a simple magnetic strip. The result has been millions of dollars in irreversible theft from some of the country’s most needy and vulnerable families, as captured in a _Bloomberg BusinessWeek_ feature in this week’s “Heist Issue” of the magazine. California alone, according to the report, saw an average of $10 million a month stolen in the first three months of this year. The fraud scheme is carried out by criminals who plant “skimmer” devices on grocery store point-of-sale systems and ATMs that record credit card numbers, which are then used to drain accounts of funds as soon as they’re refreshed at midnight on the first of the month. _BusinessWeek_ tells the story of a mother of five whose welfare funds were stolen in this way four times in less than a year.

The Japanese port of Nagoya—the country’s biggest cargo port. handling roughly 10 percent of its total shipping—on Tuesday revealed that it had been the victim of a ransomware attack. The attack, apparently carried out by the prolific Russia-linked ransomware group LockBit, prevented companies like Toyota from loading and unloading manufacturing components from ships and led to a traffic jam of truck drivers picking up and offloading containers at the port. To the Nagoya shipping port’s credit, however, it recovered quickly from the attack, resuming operations just two days later.

Russia’s Notorious Troll Farm Disbands

Guardrails need to be set in place to ensure confidentiality of sensitive information, while still leveraging AI as a force multiplier for productivity.

At the end of June, cybersecurity firm Group-IB revealed a notable security breach that impacted ChatGPT accounts. The company identified a staggering 100,000 compromised devices, each with ChatGPT credentials that were subsequently traded on illicit Dark Web marketplaces over the course of the past year. This breach prompted calls for immediate attention to address the compromised security of ChatGPT accounts, since search queries containing sensitive information become exposed to hackers.

In another incident, within a span of less than a month, Samsung suffered three documented instances in which employees inadvertently leaked sensitive information through ChatGPT. Because ChatGPT retains user input data to improve its own performance, these valuable trade secrets belonging to Samsung are now in the possession of OpenAI, the company behind the AI service. This poses significant concerns regarding the confidentiality and security of Samsung's proprietary information.

Because of such worries about ChatGPT's compliance with the EU's General Data Protection Regulation (GDPR), which mandates strict guidelines for data collection and usage, Italy has imposed a nationwide ban on the use of ChatGPT.

Rapid advancements in AI and generative AI applications have opened up new opportunities for accelerating growth in business intelligence, products, and operations. But cybersecurity program owners need to ensure data privacy while waiting for laws to be developed.

**Public Engine Versus Private Engine**

To better comprehend the concepts, let's start by defining public AI and private AI. Public AI refers to publicly accessible AI software applications that have been trained on datasets, often sourced from users or customers. A prime example of public AI is ChatGPT, which leverages publicly available data from the Internet, including text articles, images, and videos.

Public AI can also encompass algorithms that utilize datasets not exclusive to a specific user or organization. Consequently, customers of public AI should be aware that their data might not remain entirely private.

Private AI, on the other hand, involves training algorithms on data that is unique to a particular user or organization. In this case, if you use machine learning systems to train a model using a specific dataset, such as invoices or tax forms, that model remains exclusive to your organization. Platform vendors do not utilize your data to train their own models, so private AI prevents any use of your data to aid your competitors.

**Integrate AI Into Training Programs and Policies**

In order to experiment, develop, and integrate AI applications into their products and services while adhering to best practices, cybersecurity staff should put the following policies into practice.

**User Awareness and Education:** Educate users about the risks associated with utilizing AI and encourage them to be cautious when transmitting sensitive information. Promote secure communication practices and advise users to verify the authenticity of the AI system.

*   **Data Minimization:** Only provide the AI engine with the minimum amount of data necessary to accomplish the task. Avoid sharing unnecessary or sensitive information that is not relevant to the AI processing.
*   **Anonymization and De-identification:** Whenever possible, anonymize or de-identify the data before inputting it into the AI engine. This involves removing personally identifiable information (PII) or any other sensitive attributes that are not required for the AI processing.

**Secure Data Handling Practices:** Establish strict policies and procedures for handling your sensitive data. Limit access to authorized personnel only and enforce strong authentication mechanisms to prevent unauthorized access. Train employees on data privacy best practices and implement logging and auditing mechanisms to track data access and usage.

**Retention and Disposal:** Define data retention policies and securely dispose of the data once it is no longer needed. Implement proper data disposal mechanisms, such as secure deletion or cryptographic erasure, to ensure that the data cannot be recovered after it is no longer required.

**Legal and Compliance Considerations:** Understand the legal ramifications of the data you are inputting into the AI engine. Ensure that the way users employ the AI complies with relevant regulations, such as data protection laws or industry-specific standards.

**Vendor Assessment:** If you are utilizing an AI engine provided by a third-party vendor, perform a thorough assessment of their security measures. Ensure that the vendor follows industry best practices for data security and privacy, and that they have appropriate safeguards in place to protect your data. ISO and SOC attestation, for example, provide valuable third-party validations of a vendor's adherence to recognized standards and their commitment to information security.

**Formalize an AI Acceptable Use Policy (AUP):** An AI acceptable use policy should outline the purpose and objectives of the policy, emphasizing the responsible and ethical use of AI technologies. It should define acceptable use cases, specifying the scope and boundaries for AI utilization. The AUP should encourage transparency, accountability, and responsible decision-making in AI usage, fostering a culture of ethical AI practices within the organization. Regular reviews and updates ensure the policy's relevance to evolving AI technologies and ethics.

**Conclusions**

By adhering to these guidelines, program owners can effectively leverage AI tools while safeguarding sensitive information and upholding ethical and professional standards. It is crucial to review AI-generated material for accuracy while simultaneously protecting the inputted data that goes into generating response prompts.

Tag

#intel