Login
LastPass says a rogue application impersonating its popular password manager made it past Apple's gatekeepers and was listed in the iOS App Store for unsuspecting folks to download and install.β¦
Researchers suspect the criminals behind the Raspberry Robin malware are now buying exploits for speedier cyberattacks.β¦
A cybersecurity researcher and his pal are facing charges in California after they allegedly defrauded an unnamed company, almost certainly Apple, out of $2.5 million.β¦
Memory-safety flaws represent the majority of high-severity problems for Google and Microsoft, but they're not necessarily associated with the majority of vulnerabilities that actually get exploited.β¦
Organizations that sell IT services to Uncle Sam are peeved at proposed changes to procurement rules that would require them to allow US government agencies full access to their systems in the event of a security incident.β¦
Volt Typhoon isn't the only Chinese spying crew infiltrating computer networks in America's energy sector and other critical organizations with the aim of wrecking equipment and causing other headaches, the US government has said.β¦
Half of infosec professionals polled by Kaspersky said any cybersecurity knowledge they picked up from their higher education is at best somewhat useful for doing their day jobs. On the other hand, half said the know-how was at least very useful. We're a glass half-empty lot.β¦
The US government today confirmed China's Volt Typhoon crew comprised "multiple" critical infrastructure orgs' IT networks in America β and Uncle Sam warned that the Beijing-backed spies are readying "disruptive or destructive cyberattacks" against those targets.β¦
In 2021, the exclusive Russian cybercrime forum Mazafaka was hacked. The leaked user database shows one of the forumβs founders was an attorney who advised Russiaβs top hackers on the legal risks of their work, and what to do if they got caught. A review of this userβs hacker identities shows that during his time on the forums he served as an officer in the special forces of the GRU, the foreign military intelligence agency of the Russian Federation.
Launched in 2001 under the tagline βNetwork terrorism,β Mazafaka would evolve into one of the most guarded Russian-language cybercrime communities. The forumβs member roster included a Whoβs Who of top Russian cybercriminals, and it featured sub-forums for a wide range of cybercrime specialities, including malware, spam, coding and identity theft.
One representation of the leaked Mazafaka database.
In almost any database leak, the first accounts listed are usually the administrators and early core members. But the Mazafaka user information posted online was not a database file per se, and it was clearly edited, redacted and restructured by whoever released it. As a result, it can be difficult to tell which members are the earliest users.
The original Mazafaka is known to have been launched by a hacker using the nickname βStalker.β However, the lowest numbered (non-admin) user ID in the Mazafaka database belongs to another individual who used the handle βDjamix,β and the email address djamix@mazafaka[.]ru.
From the forumβs inception until around 2008, Djamix was one of its most active and eloquent contributors. Djamix told forum members he was a lawyer, and nearly all of his posts included legal analyses of various public cases involving hackers arrested and charged with cybercrimes in Russia and abroad.
βHiding with purely technical parameters will not help in a serious matter,β Djamix advised Maza members in September 2007. βIn order to ESCAPE the law, you need to KNOW the law. This is the most important thing. Technical capabilities cannot overcome intelligence and cunning.β
Stalker himself credited Djamix with keeping Mazafaka online for so many years. In a retrospective post published to Livejournal in 2014 titled, βMazafaka, from conception to the present day,β Stalker said Djamix had become a core member of the community.
βThis guy is everywhere,β Stalker said of Djamix. βThereβs not a thing on [Mazafaka] that he doesnβt take part in. For me, he is a stimulus-irritant and thanks to him, Maza is still alive. Our rallying force!β
Djamix told other forum denizens he was a licensed attorney who could be hired for remote or in-person consultations, and his posts on Mazafaka and other Russian boards show several hackers facing legal jeopardy likely took him up on this offer.
βI have the right to represent your interests in court,β Djamix said on the Russian-language cybercrime forum Verified in Jan. 2011. βRemotely (in the form of constant support and consultations), or in person β this is discussed separately. As well as the cost of my services.β
A search on djamix@mazafaka[.]ru at DomainTools.com reveals this address has been used to register at least 10 domain names since 2008. Those include several websites about life in and around Sochi, Russia, the site of the 2014 Winter Olympics, as well as a nearby coastal town called Adler. All of those sites say they were registered to an Aleksei Safronov from Sochi who also lists Adler as a hometown.
The breach tracking service Constella Intelligence finds that the phone number associated with those domains β +7.9676442212 β is tied to a Facebook account for an Aleksei Valerievich Safronov from Sochi. Mr. Safronovβs Facebook profile, which was last updated in October 2022, says his ICQ instant messenger number is 53765. This is the same ICQ number assigned to Djamix in the Mazafaka user database.
The Facebook account for Aleksey Safronov.
A βDjamixβ account on the forum privetsochi[.]ru (βHello Sochiβ) says this user was born Oct. 2, 1970, and that his website is uposter[.]ru. This Russian language news siteβs tagline is, βWe Create Communication,β and it focuses heavily on news about Sochi, Adler, Russia and the war in Ukraine, with a strong pro-Kremlin bent.
Safronovβs Facebook profile also gives his Skype username as βDjamixadler,β and it includes dozens of photos of him dressed in military fatigues along with a regiment of soldiers deploying in fairly remote areas of Russia. Some of those photos date back to 2008.
In several of the images, we can see a patch on the arm of Safronovβs jacket that bears the logo of the Spetsnaz GRU, a special forces unit of the Russian military. According to a 2020 report from the Congressional Research Service, the GRU operates both as an intelligence agency β collecting human, cyber, and signals intelligence β and as a military organization responsible for battlefield reconnaissance and the operation of Russiaβs Spetsnaz military commando units.
Mr. Safronov posted this image of himself on Facebook in 2016. The insignia of the GRU can be seen on his sleeve.
βIn recent years, reports have linked the GRU to some of Russiaβs most aggressive and public intelligence operations,β the CRS report explains. βReportedly, the GRU played a key role in Russiaβs occupation of Ukraineβs Crimea region and invasion of eastern Ukraine, the attempted assassination of former Russian intelligence officer Sergei Skripal in the United Kingdom, interference in the 2016 U.S. presidential elections, disinformation and propaganda operations, and some of the worldβs most damaging cyberattacks.β
According to the Russia-focused investigative news outlet Meduza, in 2014 the Russian Defense Ministry created its βinformation-operation troopsβ for action in βcyber-confrontations with potential adversaries.β
βLater, sources in the Defense Ministry explained that these new troops were meant to βdisrupt the potential adversaryβs information networks,'β Meduza reported in 2018. βRecruiters reportedly went looking for βhackers who have had problems with the law.'β
Mr. Safronov did not respond to multiple requests for comment. A 2018 treatise written by Aleksei Valerievich Safronov titled βOne Hundred Years of GRU Military Intelligenceβ explains the significance of the bat in the seal of the GRU.
βOne way or another, the bat is an emblem that unites all active and retired intelligence officers; it is a symbol of unity and exclusivity,β Safronov wrote. βAnd, in general, it doesnβt matter who weβre talking about β a secret GRU agent somewhere in the army or a sniper in any of the special forces brigades. They all did and are doing one very important and responsible thing.β
Itβs unclear what role Mr. Safronov plays or played in the GRU, but it seems likely the military intelligence agency would have exploited his considerable technical skills, knowledge and connections on the Russian cybercrime forums.
Searching on Safronovβs domain uposter[.]ru in Constella Intelligence reveals that this domain was used in 2022 to register an account at a popular Spanish-language discussion forum dedicated to helping applicants prepare for a career in the Guardia Civil, one of Spainβs two national police forces. Pivoting on that Russian IP in Constella shows three other accounts were created at the same Spanish user forum around the same date.
Mark Rasch is a former cybercrime prosecutor for the U.S. Department of Justice who now serves as chief legal officer for the New York cybersecurity firm Unit 221B. Rasch said there has always been a close relationship between the GRU and the Russian hacker community, noting that in the early 2000s the GRU was soliciting hackers with the skills necessary to hack US banks in order to procure funds to help finance Russiaβs war in Chechnya.
βThe guy is heavily hooked into the Russian cyber community, and thatβs useful for intelligence services,β Rasch said. βHe could have been infiltrating the community to monitor it for the GRU. Or he could just be a guy wearing a military uniform.β
Iran's anti-Israel cyber operations are providing a window into the techniques the country may deploy in the run-up to the 2024 US Presidential elections, Microsoft says.β¦
We're very familiar with the many projects in which Raspberry Pi hardware is used, from giving old computers a new lease of life through to running the animated displays so beloved by retailers. But cracking BitLocker? We doubt the company will be bragging too much about that particular application.β¦
JetBrains is encouraging all users of TeamCity (on-prem) to upgrade to the latest version following the disclosure of a critical vulnerability in the CI/CD tool.β¦
Updated The commercial spyware economy β despite government and big tech's efforts to crack down β appears to be booming.β¦
It's an annual meme that DEF CON infosec conference has been canceled, but this time it actually happened, ish.β¦
Mozilla on Tuesday expanded its free privacy-monitoring service with a paid-for tier called Mozilla Monitor Plus that will try to get data brokers to delete their copies of subscribers' personal information.β¦
Verizon is notifying more than 63,000 people, mostly current employees, that an insider, accidentally or otherwise, had inappropriate access to their personal data.β¦
Dutch authorities are lifting the curtain on an attempted cyberattack last year at its Ministry of Defense (MoD), blaming Chinese state-sponsored attackers for the espionage-focused intrusion.β¦
Global securities finance tech company EquiLend's systems are now back online after announcing a disruptive ransomware attack nearly two weeks ago.β¦
Updated Fortinet's FortiSIEM product is vulnerable to two maximum-severity security vulnerabilities that allow for remote code execution, or at least according to two freshly published CVEs.*β¦
At least 25 new ransomware gangs emerged in 2023, with Akira and 8Base proving the most "successful," research reveals.β¦
FreshRSS 