Three young men aged between 18 and 21 were arrested in the Netherlands for their role in an extensive data extortion scheme that victimized thousands of small and large businesses worldwide, including educational institutions, software companies, hospitality businesses, online shops, and organizations connected to critical infrastructure and services. It is estimated that personal data of tens of millions of people were stolen during breaches, causing millions of euros in damages.

The suspects are accused of computer hacks, data theft, extortion and blackmail, as well as money laundering. After breaching a company and stealing its data the cyber thieves threatened the victim to destroy its digital infrastructure or leak the stolen information online if a ransom was not paid. The ransom amount varied between €100,000 and €700,000, depending on the size of the organization the hackers compromised. Oftentimes, the criminals sold the stolen data online for profit, regardless of whether victims paid the ransom.

Two suspects in recent $9M Platipus DeFi hack arrested in France

French police detained two young men, aged 18 and 21, who allegedly carried out a series of flash loan attacks on the US-based DeFi platform Platypus Finance and managed to steal over $9 million in cryptocurrency assets. The police seized 210,000 euros ($222,000) worth of cryptocurrency as part of the arrest.

The hack, which took place on February 17, 2023, exploited a logic error in the USP solvency check mechanism within the collateral-holding contract. Following the attack, Platypus was able to recover $2.4 million worth of USDC.

In related news, Julius Kivimaki, a suspected mastermind behind the 2019-2020 breach of Vastaamo Psychotherapy Center in Finland that exposed exposed the data of thousands of patients, was extradited from France to Finland, where he was remanded into custody over his crimes.

BidenCash darkweb market gives away 2M credit cards for free

A darkweb carding shop named 'BidenCash' has leaked information on two million valid credit cards for free as a birthday anniversary promotion. The data dump includes cardholders’ full names, card numbers, bank details, expiration dates, and card verification value (CVV) numbers, as well as home addresses and emails linked to the cards.

The dataset includes credit card data from various countries across the globe, with the significant number of cards issued in the US, China, Mexico, India, Canada, and the UK.

LastPass says hackers targeted employee’s home computer to access encrypted password vaults

LastPass, a company behind the eponymous password management software, has published an update on a security breach that resulted from the August 2022 hack where a threat actor stole its source code and proprietary technical data by means of a compromised employee account.

The company said that the attacker used the data obtained from the August breach to steal information from its cloud storage resources. The threat actor compromised a personal home computer of one of LastPass’ DevOps engineers who had access to decryption keys via a remote code execution vulnerability in a third-party media software. The attacker then installed a keylogger program on the victim computer, through which they obtained a master password to access corporate vault.

LastPass said the hacker stole sensitive information, including encryption keys for its AWS S3 production backups, and some customers’ encrypted password vaults.

CISA’s Red Team shares guidance on how to improve cyber posture

The Cybersecurity and Infrastructure Security Agency (CISA) has released a set of recommendations to help network defenders to improve their organization’s cybersecurity posture.

The agency detailed key findings, as well as techniques, tactics, and procedures (TTPs) used by its Red Team during the assessment of a large critical infrastructure organization with a mature cyber posture. The advisory highlights the importance of early detection of cyber threats and continual monitoring to ensure that the organization’s environment is well-protected against malicious activity.

What’s next:

Follow ImmuniWeb on Twitter and LinkedIn
Explore 20 use cases how ImmuniWeb can help
Browse open positions to join our great Team
See the benefits of our partner program
Request a demo, quote or special price
Subscribe to our newsletter

Netherlands France

Cybercrime Prosecution Weekly

Cybercrime Prosecution Weekly is a digest of most important events related to cybercrime investigation and prosecution, cyber law, as well as to new data breaches and security incidents that deserve attention of our customers and partners.

Recent Blog Posts:

European Police Dismantle Cybercrime Gang Behind €38M CEO Fraud

Spain's National Police and US Secret Service Take Down an International Cybercrime Phishing Group