4 October 2024

6 min read

LockBit and Evil Corp members sanctioned and arrested | Cyber Intelligence Briefing: 4 October

October 2024
LockBit and Evil Corp members sanctioned and arrested
LockBit and Evil Corp members sanctioned and arrested | Cyber Intelligence Briefing: 4 October
4:29

Top news stories this week

  1. Cronos crackdown. International law enforcement targets LockBit and Evil Corp affiliates.
  2. Hold the press. AFP suffers disruption after being hit by cyber attack.
  3. Indicted. US authorities charge three Iranians with hacking Trump's presidential campaign.
  4. Trio of fines. Meta, T-Mobile, and Sellafield nuclear power plant fined for cyber security failings.
  5. Stock trade. US arrests British citizen over USD 3.75 million hack-to-trade scheme.
  6. Scam camps. Cambodia arrests journalist who uncovered cyber scam compounds.

 

1. Operation Cronos continues: Sanctions and arrests of LockBit and Evil Corp members

An ongoing international law enforcement operation has resulted in four arrests and the sanctioning of multiple individuals linked to the LockBit and Evil Corp gangs. The NCA has arrested two individuals associated with a LockBit affiliate in the UK, Spanish authorities arrested one suspect and seized nine servers, whilst French authorities detained a ransomware developer who was on holiday in the country.

A number of individuals have also been sanctioned by the US and the UK, including former Russian intelligence official Eduard Benderskiy, the father-in-law of Evil Corp leader Maksim Yakubets.

So What?

Benderskiy is accused of providing political and physical protection for Evil Corp. He is the strongest publicly known link between the Russian state and Russian cyber criminal groups to date. However, the case has been described by Western authorities as an exception rather than the norm.

[Researcher: Lawrence Copson] 


2. Agence France-Presse targeted in cyber attack

Major international news agency Agence France-Presse (AFP) has suffered a significant cyber attack resulting in the disruption of a number of client services. The agency has advised clients to change the passwords to their FTP servers, as it is suspected that credentials were compromised during the hack. However, AFP’s global news coverage remains unaffected.

So what?

Cyber incidents can disrupt important business services. It is important to have an effective business continuity plan in place to ensure services can continue to be delivered.

[Researcher: Adelaide Parker]


3. Three Iranians charged with hacking Trump's presidential campaign

The US Department of Justice has charged three Iranian nationals with hacking Donald Trump’s 2024 presidential campaign. Through successful spear phishing, the threat actors are accused of stealing emails and sensitive documents from people closely involved with the campaign, which they subsequently leaked to media organisations.

So what?

Politically sensitive organisations should train staff to exercise heightened vigilance and not click suspicious links in emails.

[Researcher: Anna Tankovics]


4. Meta, T-Mobile, and Sellafield nuclear power plant fined for cyber security failings

Social media giant Meta has been fined USD 101 million for storing the passwords of its users in plaintext. T-Mobile will pay USD 15.75 million over four data breaches. Separately, UK's nuclear waste unit Sellafield failed to meet its own approved plan for protecting sensitive nuclear information and was fined £332,500.

SO WHAT? 

Organisations must ensure that they follow their own policies and plans for protecting sensitive information. The insufficient implementation could result in significant fines from the regulatory authorities.

[Researcher: Milda Petraityte]


5. US charges British citizen over USD 3.75 million hack-to-trade scheme 

The US Department of Justice (DOJ) is seeking the extradition of British citizen Robert Westbrook over a hack-to-trade scheme that earned him USD 3.75 million. The DOJ said Westbrook hacked the emails of several US executives to obtain non-public information, which he used for stock trading.

SO WHAT? 

This development shows the diverse landscape of cyber crime, where some perpetrators pursue immediate financial gains, others leverage their skills to manipulate financial markets.

[Researcher: Waithera Junghae]


6. Cambodian authorities arrest journalist who uncovered cyber scam compounds

An award-winning journalist has been arrested on alleged politically motivated charges. Mech Dara is known for his research on human trafficking and forced labour on cyber scam compounds in Cambodia . From these compounds, transnational criminal gangs run lucrative online fraud schemes including love scams and crypto investment scams. Last month, the US imposed sanctions on a prominent Cambodian businessman linked to these online scam centres.

So what?

The research highlights the nexus between cyber crime and traditional organised crime, in which criminal gangs use the victims of human trafficking and modern slavery to commit cyber crimes on their behalf.

[Researcher: Milda Petraityte]

 

SUBSCRIBE TO RECEIVE OUR WEEKLY CYBER THREAT INTELLIGENCE BRIEFING VIA EMAIL

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.

To discuss this briefing or other industry developments, please reach out to one of our experts.

Editors

Share this post

Subscribe to our insights

Get industry news and expert insights straight to your inbox.