Total Tests:
Blog Filters reset x
By Incident
By Jurisdiction
Show More

Cybersecurity
Compliance

Cybersecurity
Legal Advisory
Learn More

Yet Another Encrypted Comms Platform, Ghost, Used By Organized Crime Shut Down By Police

Read also: A massive botnet that infected over 200K devices worldwide disrupted, a Chinese man charged for phishing attacks on NASA, and more.


Thursday, September 19, 2024
Views: 7k Read Time: 4 min.

Yet Another Encrypted Comms Platform, Ghost, Used By Organized Crime Shut Down By Police

Police make multiple arrests after dismantling the Ghost encrypted comms app

Law enforcement agencies have dismantled the Ghost encrypted communications platform, an app allegedly used by organized crime groups in Australia, Ireland, Sweden, and Italy.

The operation, involving police forces across multiple countries, has resulted in dozens of arrests, including 38 suspects in Australia, 11 in Ireland, one in Canada, and one in Italy.

The effort, codenamed ‘Operation Kraken’, involved coordinated police raids in Canada, Ireland, Italy, and Sweden. This is the latest law enforcement action against the apps like EncroChat, Sky Global, Phantom Secure, and AN0M (all the platforms have been taken down by police in recent years) used by transnational criminal syndicates to communicate securely.

The Australian Federal Police (AFP) confirmed the arrest of Jay Je Yoon Jung, a 32-year-old alleged mastermind behind the Ghost app. Jung appeared in a Sydney court, facing charges including supporting a criminal organization and profiting from the proceeds of crime. Jung did not enter pleas and remains in custody until his next court appearance in November.

Law enforcement op disrupts a massive botnet that infected over 200K network devices worldwide

The US authorities have announced that the FBI has taken control of a botnet operated by the Chinese state-backed hacking group known as Flax Typhoon. The botnet, consisting of hundreds of thousands of internet-connected devices, had been used to target critical infrastructure across the US and abroad, including corporations, media organizations, universities, and government agencies.

The botnet was built by infecting a wide range of consumer devices, such as small-office/home-office (SOHO) routers, internet protocol (IP) cameras, digital video recorders (DVRs), and network-attached storage (NAS) devices with malware. This enabled Flax Typhoon to conduct cyber espionage and launch disruptive attacks, including Distributed Denial-of-Service (DDoS) campaigns.

The FBI’s operation, which was carried out with court authorization, involved seizing control of the hackers' computer infrastructure. The operation involved sending disabling commands from the compromised infrastructure to the malware on the infected devices, which neutralized the botnet and prevented further exploitation of the compromised devices by the threat actor.

In other news, German law enforcement has dismantled part of the infrastructure used by the ransomware group known as ‘Vanir Locker,’ which has been active since June 2024. The group steals and encrypts corporate data, demanding a ransom in exchange for decryption and non-disclosure. In August 2024, investigators identified a Tor network site the threat actor intended to use for publishing stolen data. Earlier this week, the Tor site was taken over by the authorities and redirected to a block page.

Cybersecurity Compliance

Prevent data breaches and meet regulatory requirements

Cybersecurity
Legal Advisory
Learn More

A teenage boy arrested in connection to the recent Transport for London cyber-attack

A 17-year-old male has been arrested in Walsall by the National Crime Agency (NCA) as part of an ongoing investigation into a cybersecurity incident affecting Transport for London (TfL). The arrest took place on September 5, with the teenager being detained on suspicion of offenses under the Computer Misuse Act.

The cyberattack, that occurred earlier this month, reportedly compromised sensitive data of approximately 5,000 TfL customers, including bank account numbers, sort codes, names, email addresses, and home addresses. The NCA has confirmed that the teenager was questioned by officers before being bailed as investigations continue.

TfL revealed that the attackers may have accessed the personal data of passengers using Oyster cards and Contactless bank cards to make journeys on London’s public transport system. Information related to refund activity and Oyster card accounts is believed to have been exposed, potentially putting thousands of passengers at risk.

A Chinese man charged with phishing attacks on NASA, US Air Force, FAA

Song Wu, a 39-year-old Chinese national, has been charged in the US with wire fraud and aggravated identity theft for allegedly orchestrating a multi-year spearphishing campaign aimed at stealing proprietary software and source code from NASA, US research universities, and private aerospace companies.

According to the authorities, Wu impersonated US-based researchers and engineers via fake email accounts to deceive his targets into sharing specialized software used for aerospace engineering and computational fluid dynamics. His spearphishing emails appeared to be sent by colleagues or trusted associates.

The targets included employees of key US government agencies such as NASA, the US Air Force, Navy, Army, and the Federal Aviation Administration. In addition to government agencies, Wu targeted major research universities across the United States, as well as private aerospace firms involved in cutting-edge research.

Wu, who at the time of the cyber intrusions was employed as an engineer at the Chinese state-owned aerospace and defense conglomerate Aviation Industry Corporation of China (AVIC), has been charged with 14 counts of wire fraud, each carrying a maximum sentence of 20 years in prison, and 14 counts of aggravated identity theft, which mandates a consecutive two-year prison sentence if convicted.

A former Ticketmaster executive sentenced for hacking a rival company

A US court has sentenced former Ticketmaster executive Stephen Mead to one year of supervised release for his role in hacking competitor CrowdSurge, using illegally obtained credentials. Mead, a British national, had left CrowdSurge in 2012 to join Ticketmaster, but continued to access his former employer's systems using credentials he retained, sharing them with other Ticketmaster employees.

According to court documents, Mead exploited his access to CrowdSurge's sensitive information, including client lists, passwords, marketing strategies, and financial data, despite signing a $52,970 separation agreement promising not to disclose such details. The unauthorized access persisted for three years, from 2012 to 2015.

CrowdSurge initiated an investigation in 2015 after flagging suspicious activity, which led to legal action against Ticketmaster, with the company eventually fined $10 million by the US Department of Justice (DoJ) for its illegal activities.

Mead was arrested in Italy earlier this year and then was extradited to the US, where he pleaded guilty to charges against him. Mead has been ordered to pay $67,970 in forfeiture in addition to his supervised release sentence. Another former Ticketmaster executive, Zeeshan Zaidi, who was also involved in the hacking scheme, has pleaded guilty and is awaiting sentencing.

ImmuniWeb Newsletter

Get exclusive updates and invitations to our events and webinars:


Private and Confidential Your data will stay private and confidential

What’s next:

Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law.
Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a Technical Question?

Our security experts will answer within
one business day. No obligations.

Have a Sales Question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
*
Your data will stay private and confidential