Warzone RAT Malware Dismantled In An International Police Op
Read also: JFK hackers sentenced, the US offers up to $15M for tips on Hive gang leaders, and more.
Thursday, February 15, 2024
Warzone RAT malware operation dismantled, two suspects arrested
US authorities in assistance with law enforcement agencies from Malta, Nigeria and several European countries, neutralized an international service selling the Warzone RAT (remote access trojan) malware used by cybercriminals to clandestinely access and steal information from victim computers.
US law enforcement seized the main domain (www.warzone.ws) and three related domains offering the Warzone RAT for sale. In addition, two individuals, Daniel Meli and Prince Onyeoziri Odinakachi, were apprehended in Malta and Nigeria, respectively, in connection with their alleged involvement in selling malware.
Meli was charged in the US with unauthorized damage to protected computers, illegal sale of an electronic interception device, and a conspiracy to commit several computer intrusion offenses. According to the court document, the defendant has been selling malware, including the Warzone RAT and the Pegasus RAT, since at least 2012 on various hacking forums. Meli also provided teaching materials to cybercriminals and provided customer support. The US authorities are seeking Meli’s extradition to the US.
Prince Onyeoziri Odinakachi was charged with computer intrusion, including authorized access to protected computers to obtain information and causing unauthorized damage to protected computers. Odinakachi allegedly provided customer support to those who bought and used the Warzone RAT, according to prosecutors.
Request your free demo now and talk to our experts.
NYC cab drivers were sentenced in the JFK dispatch system hacking scheme
Two New York City cab drivers, Daniel Abayev and Peter Leyman, both US citizens, were sentenced to four years and two years in prison, respectively, for their roles in a conspiracy with Russian hackers to hijack the digital line-queuing system for taxis waiting to pick up customers outside of John F. Kennedy International Airport (JFK).
The hacking scheme ran from at least September 2019 through September 2021 and involved two other co-conspirators, Russian nationals Aleksandr Derebenetc, aka “Sasha Novgorod,” and Kirill Shipulin, aka “Kirill Russia.”
The group used various mechanisms to hack into the dispatch system, including bribing someone to insert a malware-ladden flash drive into computers connected to the dispatch system. The hackers used access to the system to move specific taxis to the front of the line, charging the taxi drivers $10 each time they were skipping the line.
In addition to the prison term, Abayev and Leyman were sentenced to three years of supervised release and each ordered to pay $161,858.26 in forfeiture and $3,456,169.50 in restitution.
US government offers up to $15M for information on Hive ransomware gang leaders
The US State Department has announced a reward of up to $10 million for information that will help to identify and locate key figures involved in the Hive ransomware operation.
Additionally, a reward of up to $5 million is offered for tips leading to the arrest or conviction of individuals participating in the Hive ransomware activities. The reward is being offered under the US’ Transnational Organized Crime Rewards Program.
The development comes more than a year after an international law enforcement effort took down the communication servers and infrastructure of Hive, one of the most prolific ransomware operations responsible for attacking over 1,500 victims, across 80 countries, extorting a staggering $100 million.
The FBI infiltrated Hive in July 2022 and provided over 300 decryption keys to Hive victims, preventing them from having to pay $130 million in ransom demands.
A fraudster sentenced for a $2M international identity theft scheme
Tuong Quoc Ho, also known as Robert Parker, has been sentenced to eight and a half years in prison for orchestrating an elaborate international identity theft scheme that defrauded numerous victims across the globe of approximately $2 million.
According to court documents, Ho led a sophisticated fraud operation spanning from 2013 to February 2020, which involved the use of stolen personal information to set up fraudulent PayPal and eBay accounts in the names of unsuspecting victims.
Ho and his accomplices listed high-value items on eBay, despite not possessing them, and utilized stolen credit cards to “drop ship” these items to customers. Despite selling items below market value, the operation yielded profits due to the use of stolen credit cards.
In total, Ho siphoned over $2 million from victims, of which he wired $1.2 million to his family in Vietnam and laundered funds to acquire a residence in Carmel, valued at more than $300,000.
41 people arrested in Singapore crackdown on money mules
Singapore authorities apprehended 41 individuals suspected of being money mules involved in various scam schemes. The arrested individuals, aged between 16 and 56, are under investigation for their alleged roles in a range of fraudulent activities, including romance scams, fraud schemes, and malware operations aimed at stealing money from victims.
Of the 41 suspects, 31 are accused of facilitating criminal operations by either selling or renting out their bank accounts to syndicates, or by actively assisting in fraudulent bank transactions.
Additionally, authorities revealed that 10 of the arrested individuals are suspected of selling their Singpass (Singapore Personal Access) credentials, a government-issued digital identity, to scammers. This allowed perpetrators to exploit the credentials to establish new bank accounts for illicit purposes.
The suspects are set to face charges related to their involvement in money mule activities. If found guilty, they could face up to 10 years in prison.
What’s next:
- Join our upcoming webinars
- Follow ImmuniWeb on Twitter, LinkedIn and Telegram
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law. 
