Spain's National Police and US Secret Service Take Down an International Cybercrime Phishing Group
Read also: Russian cybercriminal convicted in $90M hack-and-trade scheme, US and UK slap sanctions on 7 Russians tied to TrickBot cybercrime gang, and more.
Thursday, February 16, 2023
Spanish police disrupt international phishing gang that defrauded hundreds of victims
A joint law enforcement operation carried out by Spain's National Police together with the US Secret Service has resulted in the takedown of an international cybercrime group that in less than a year stole over 5 million euros from more than 200 victims, including individuals and North American companies.
The group leveraged social engineering, phishing, smishing, and vishing techniques to trick potential victims into providing their confidential information, which was then used to commit financial fraud.
The scammers established more than 100 bank accounts in various Spanish banks and used them to deposit stolen money, withdraw cash from ATMs, transfer funds overseas, or convert it to crypto assets. As part of the operation, nine suspected members of the gang were arrested in Madrid and Miami, including its alleged leader.
ESXiArgs ransomware hits over 500 European orgs
More than 500 organizations in Europe have become fresh targets of the ESXiArgs ransomware that has been infecting VMware ESXi servers worldwide since at least February 2023. It is believed that ESXiArgs is hitting ESXi servers unpatched against the CVE-2021-21974 remote code execution flaw.
According to new stats from Censys, most of the newly targeted servers are located in France (217), Germany (137), the Netherlands (28), the UK (23), and Ukraine (19). Interestingly, it was found that the first infections dated back as far as October 2022, much earlier than the ESXiArgs ransomware campaign began making headlines. This suggests that threat actors behind the attacks were likely testing their methods on a few selected hosts before launching a full-scale campaign.
Microsoft, Apple patch Windows, Webkit zero-days
Microsoft has released security updates spanning a wide range of its software that fix more than 75 security vulnerabilities, including three actively exploited zero-day bugs.
One of the zero-days is a remote code execution (RCE) issue (CVE-2023-21823) in Windows Graphics Component, which allows an attacker to gain SYSTEM privileges. The second vulnerability, tracked as CVE-2023-23376, resides within Windows Common Log File System Driver and also can be used to gain system-level access. The third bug (CVE-2023-21715) is described as a security feature bypass issue in Microsoft Office that enables attackers to bypass Office macro policies for blocking untrusted or malicious files and content.
Apple also rolled out security updates for macOS, iOS and Safari to patch a likely exploited Webkit vulnerability tracked as CVE-2023-23529.
Russian cybercriminal convicted in $90M hack-and-trade scheme
Russian national Vladislav Klyushin, the owner of the Moscow-based cybersecurity firm M-13, was found guilty by the US court for his role in a sophisticated insider trading scheme that involved breaching into US enterprise networks and stealing non-public financial data, which was then used to trade illegally in the shares of hundreds of publicly traded firms.
According to officials, Klyushin and his co-conspirators earned about $90 million through the scheme. Klyushin was convicted of conspiring to obtain unauthorized access to computers, and to commit wire fraud and securities fraud. He is now facing up to 40 years in prison and hundreds of thousands of dollars in fines.
Vladislav Klyushin was arrested in Switzerland in March 2021 and extradited to the United States in December of the same year. His sentencing hearing is scheduled to take place on May 4, 2023.
US, UK sanction seven Russians linked to TrickBot cybercrime gang
In a first-ever coordinated action of its kind the US and UK authorities imposed sanctions on seven Russian nationals believed to have ties with the notorious TrickBot cybercrime group that both countries accuse of targeting critical infrastructure, including hospitals and medical facilities during the global COVID-19 pandemic.
The seven sanctioned individuals are: Vitaly Kovalev (aka “Alex Konor”, “Bentley”, or “Bergen”), Maksim Mikhailov (“Baget”), Valentin Karyagin (“Globus”), Mikhail Iskritskiy (“Tropa”), Dmitry Pleshevskiy (“Iseldor”), Ivan Vakhromeyev (“Mushroom”), and Valery Sedletski (“Strix”). Officials named Kovalev as a “senior figure” within the gang, while Mikhailov, Karyagin, and Pleshevskiy were involved in the development of malware and ransomware projects. Vakhromeyev and Sedletski were managers of the group.
What’s next:
- Follow ImmuniWeb on Twitter and LinkedIn
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Application Security Weekly is a weekly review of the most important news and events in cybersecurity, privacy and compliance. We cover innovative cyber defense technologies, new hacking techniques, data breaches and evolving cyber law. 
