Sanctions
UK sanctions Xinbi marketplace linked to Asian scam centers
The United Kingdom’s Foreign, Commonwealth and Development Office (FCDO) has sanctioned Xinbi, a Chinese-language online marketplace that sells stolen data and satellite internet equipment to scam networks in Southeast Asia. The Telegram-based marketplace Xinbi is also believed to have helped North Korean threat actors launder cryptocurrency stolen in large heists from companies and individuals worldwide. […]
Europe sanctions Chinese and Iranian firms for cyberattacks
The Council of the European Union has sanctioned three Chinese and Iranian companies and two individuals for cyberattacks targeting devices and critical infrastructure. One of the two sanctioned Chinese companies, identified as Integrity Technology Group, provided “technical and material support” between 2022 and 2023 that led to hacking more than 65,000 devices in six EU […]
US sanctions Russian broker for buying stolen zero-day exploits
The U.S. Treasury Department has sanctioned a Russian exploit broker who bought stolen hacking tools from a former executive of a U.S. defense contractor. The Department’s Office of Foreign Assets Control (OFAC) designated Matrix LLC (doing business as Operation Zero and headquartered in St. Petersburg, Russia) on Tuesday, along with its owner, Sergey Sergeyevich Zelenyuk, and five […]
Russian bulletproof hosting provider sanctioned over ransomware ties
Today, the United States, the United Kingdom, and Australia announced sanctions targeting Russian bulletproof hosting (BPH) providers that have supported ransomware gangs and other cybercrime operations. BPH providers that lease servers to cybercriminals to help them hinder disruption efforts targeting their malicious activities, including phishing attacks, malware delivery, command and control operations, and illicit content […]
US sanctions North Korean bankers linked to cybercrime, IT worker fraud
The U.S. Treasury Department imposed sanctions on two North Korean financial institutions and eight individuals involved in laundering cryptocurrency stolen in cybercrime and fraudulent IT worker schemes. The Treasury’s Office of Foreign Assets Control (OFAC) designated Ryujong Credit Bank, a North Korea-based financial institution linked to sanctions-evasion activities between North Korea and China, including money laundering. OFAC […]
U.S. sanctions cyber scammers who stole billions from Americans
The U.S. Department of the Treasury has sanctioned several large networks of cyber scam operations in Southeast Asia, which stole over $10 billion from Americans last year. These operations, mainly those in Burma and Cambodia, are notorious for using forced labor, human trafficking, and physical violence, essentially operating as modern slavery farms that conduct online fraud. The […]
US targets North Korean IT worker army with new sanctions
The U.S. Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned two individuals and two companies associated with North Korean IT worker schemes that operate at the expense of American organizations. These schemes involve placing in U.S. firms skilled tech workers with stolen or fabricated identities and using so-called “laptop farms” to hide the true location of the […]
US sanctions Grinex crypto-exchange, successor to Garantex
The U.S. Department of the Treasury has announced sanctions against Grinex, the successor to Russian cryptocurrency exchange Garantex, which was previously sanctioned for helping ransomware gangs launder their money. A TRM Labs report, released in April, revealed that Grinex has strong ties to Garantex’s previous operations, but stopped short of providing evidence that it was being used […]
US sanctions North Korean firm, nationals behind IT worker schemes
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned three North Korean nationals and a company for supporting fraudulent IT worker schemes that generated illicit revenue for the Democratic People’s Republic of Korea (DPRK) government. The sanctioned company is named Korea Sobaeksu Trading Company, and the three North Korean individuals […]
UK ties GRU to stealthy Microsoft 365 credential-stealing malware
The UK National Cyber Security Centre (NCSC) has formally attributed ‘Authentic Antics’ espionage malware attacks to APT28 (Fancy Bear), a threat actor already linked to Russia’s military intelligence service (GRU). The NCSC revealed in a detailed technical analysis of the Authentic Antics malware dated May 6th that it is stealing credentials and OAuth 2.0 tokens that […]