Skip to main content

The Iceman Group

A few days ago I had the pleasure to interview one of the “The Iceman Group” member. I will publish more details soon.



Halfway through May ‘17, Kaspersky Labs revealed an unprecedented DNS attack on an unnamed Brazilian Bank on October 16’.

The attackers, it seems, took control of every DNS in the bank’s network, and by doing so - were able to reroute all bank related traffic through their own malicious servers. The attack lasted for 6 hours, in which countless records of valuable and private client information were leaked into the attacker’s hands.

Now, an individual reveals that the group standing behind this attack was “The Iceman Group”, a rising group in the world of Financial Hacking.

As for now, this is their only known attack, as most attacks apparently carried out by this group have yet been disclosed to the public. However, one of the member of the group have revealed a few details about their attack.

He revealed that “The Iceman Group” started their attack by aiming at the NIC.BR service - the one from which all Brazilian domains get their redirections. From this point on, finding and infecting the DNS servers of the said bank - now revealed to be Banrisul Bank - was a much easier task.

After the successful redirection of the DNS Records of the bank, Iceman turned their own servers into complete replicas of the Bank’s Services. SSL encryption of the traffic aimed for the replica servers was done by tricking the site “Let’s Encrypt” into believing The Iceman’s control over the servers was legit. The individual of the group claims that the group have used an inside access to several bank’s employees email accounts in order to deceive “Let’s Encrypt” company.

Throughout the 6 hours the attack lasted, every login attempt into the bank was transferred through the Iceman Group.

“Let this be a slight warning for you all finance crooks”, those were his last words.

A full interview will be published soon.

Comments

Popular posts from this blog

‘Infraud’ Cybercrime Forum is Busted, 13 hackers arrested & 36 charged

The U.S. Justice Department announced charges on Wednesday against three dozen individuals thought to be key members of ‘ Infraud ,” a long-running cybercrime forum that federal prosecutors say cost consumers more than a half billion dollars. In conjunction with the forum takedown, 13 alleged Infraud members from the United States and six other countries were arrested. Started in October 2010, Infraud was short for “In Fraud We Trust,” and collectively the forum referred to itself as the “Ministry of Fraudulently [sic] Affairs.” As a mostly English-language fraud forum, Infraud attracted nearly 11,000 members from around the globe who sold, traded and bought everything from stolen identities and credit card accounts to ATM skimmers, botnet hosting and malicious software. “Today’s indictment and arrests mark one of the largest cyberfraud enterprise prosecutions ever undertaken by the Department of Justice,” said John P. Cronan , acting assistant attorne...

North Korean Hidden Cobra APT targets Turkish financial industry with new Bankshot malware

North Korea-linked APT group Hidden Cobra (aka Lazarus Group) is targeting the Turkish financial system. Experts from McAfee observed the hackers using the Bankshot implant in targeted attacks against the financial organizations in Turkey. The attack resembles previous attacks conducted by Hidden Cobra against the global payment network SWIFT. Bankshot was first reported by the US  DHS  in December, now new variants of the malicious code were observed in the wild  The sample analyzed by McAfee is 99% similar to the variants detected in 2017. The hackers used spear-phishing messages with a weaponized Word document containing an embedded Flash exploit that triggers the CVE-2018-4878, Flash vulnerability that was disclosed in late January. Adobe promptly patched the vulnerability with an emergency patch, but many computers are still vulnerable because the owners did not apply the patch. According to McAfee, t...

Czech Republic announced it had extradited the Russian hacker Yevgeni Nikulin (29) to the United States

Yevgeni Nikulin (29) was requested by the US for alleged cyber attacks on social networks and by the Russian authorities that charged him with frauds. According to US authorities, the man targeted LinkedIn and Formspring and hacked into the file hosting service Dropbox. The Russian criminal was arrested in Prague in October 2016 in an international joint operation with the FBI. The case in the middle of an arm wrestling between Moscow and Washington, the US Government are accusing Russia to have interfered with 2016 Presidential election  through hacking . Source: US Defense Watch.com In May, a Czech court ruled that Nikulin can be extradited to either Russia or the United States, leaving the final decision to the Justice Minister Robert Pelikan. “It is true there have been two meetings this year where the president asked me not to extradite a Russian citizen to the United States but to Russia,” the website of the weekly newspaper Res...