Skip to main content

The Iceman Group

A few days ago I had the pleasure to interview one of the “The Iceman Group” member. I will publish more details soon.

Halfway through May ‘17, Kaspersky Labs revealed an unprecedented DNS attack on an unnamed Brazilian Bank on October 16’.

The attackers, it seems, took control of every DNS in the bank’s network, and by doing so - were able to reroute all bank related traffic through their own malicious servers. The attack lasted for 6 hours, in which countless records of valuable and private client information were leaked into the attacker’s hands.

Now, an individual reveals that the group standing behind this attack was “The Iceman Group”, a rising group in the world of Financial Hacking.

As for now, this is their only known attack, as most attacks apparently carried out by this group have yet been disclosed to the public. However, one of the member of the group have revealed a few details about their attack.

He revealed that “The Iceman Group” started their attack by aiming at the NIC.BR service - the one from which all Brazilian domains get their redirections. From this point on, finding and infecting the DNS servers of the said bank - now revealed to be Banrisul Bank - was a much easier task.

After the successful redirection of the DNS Records of the bank, Iceman turned their own servers into complete replicas of the Bank’s Services. SSL encryption of the traffic aimed for the replica servers was done by tricking the site “Let’s Encrypt” into believing The Iceman’s control over the servers was legit. The individual of the group claims that the group have used an inside access to several bank’s employees email accounts in order to deceive “Let’s Encrypt” company.

Throughout the 6 hours the attack lasted, every login attempt into the bank was transferred through the Iceman Group.

“Let this be a slight warning for you all finance crooks”, those were his last words.

A full interview will be published soon.


Popular posts from this blog

NanoCore developper busted and senteced for 33 months

A hacker who was arrested and pleaded guilty last year—not because he hacked someone, but for creating and selling a remote access trojan that helped cyber criminals—has finally been sentenced to serve almost three years in prison.

Taylor Huddleston, 26, of Hot Springs, Arkansas, pleaded guilty in July 2017 to one charge of aiding and abetting computer intrusions by building and intentionally selling a remote access trojan (RAT), called NanoCore, to hackers for $25.

Huddleston was arrested in March, almost two months before the FBI raided his house in Hot Springs, Arkansas and left with his computers after 90 minutes, only to return eight weeks later with handcuffs.
This case is a rare example of the US Department of Justice (DOJ) charging someone not for actively using malware to hack victims' computers, but for developing and selling it to other cybercriminals.
Huddleston admitted to the court that he created his software knowing it would be used by other cybercrimina…

ICEMAN : Infecting Crystal Finance Millennium

Iceman gang member confirms that they are behind the introduction and spreading of malwares that have affected Crystal Finance Millennium, a Ukraine-based accounting software firm. Was this a political based attack? Read more to find out.
I’ve had a chance to speak to one of the gang member on XMMP and he confirmed that the Iceman group is behind this attack. They started by a simple web attack (SQLI which lead to web shell upload, no privilege escalation was needed) in order to gain access to the web servers of the company. He confirmed that the math was simple, the Ukrainian company had many clients in the financial and medical sector which facilitated the propagation of their malware. From the archived web page, it becomes apparent they provide accounting software, personalization of medical records, blood service and "full automation of the doctor's office" - contrary to what their company name suggests, it appears they are (mostly) focused on medical software.

KillaMuvz: Undercovered british hacker

The Briton Goncalo Esteves (24), also known as KillaMuvz, has pleaded guilty to charges related to creating and running malware services. The Briton Goncalo Esteves (24) has pleaded guilty to charges related to creating and running malware services.
Such kind of platforms allows crooks to improve the development of their malicious codes. The malware created with the Esteves’ malware services would not be detected by antivirus software.
Esteves that was used the moniker ‘KillaMuvz’ is the creator of Cryptex tool commonly used by vxers to encrypt their files in an effort to avoid the detection. The first version of Cryptex was released in October 2011 and was continuously improved.
According to the NCA, Esteves has pleaded guilty to two computer misuse charges and one count of money laundering, the sentence is planned for February 12. “A cyber criminal has admitted running a product-testing service for hackers following a joint investigation by the National Crime Agency (NCA) a…