3 chinese hackers got cut in the US: "Boyusec" exposed

In 2013, APT3 allegedly stole the blueprints for ASIO's new Canberra building using a piece of malware that was uploaded to an ASIO employee's laptop.

According to the indictment, the three Chinese nationals—identified as Wu Yingzhuo, Dong Hao, and Xia Lei—launched "coordinated and unauthorized" cyber attacks between 2011 and 2017, and successfully steal information from a number of organizations by compromising their accounts.

The trio of hackers has alleged to have attacked Moody's Analytics, Siemens, and Trimble by sending spear-phishing emails with malicious attachments or links to malware.

The men also used customized tools collectively known as the 'ups' or 'exeproxy' malware to gain unauthorized, persistent access to the targeted companies' networks, allowing them to search for and steal confidential business information and user credentials.

"The primary goal of the co-conspirators’ unauthorized access to victim computers was to search for, identify, copy, package, and steal data from those computers, including confidential business and commercial information, work product, and sensitive victim employee information, such as usernames and passwords that could be used to extend unauthorized access within the victim systems," the DOJ said.

The most affected one of the three companies was IT giant Siemens. According to the indictment, the defendants:

Stole approximately 407 gigabytes of data from Siemens' energy, technology and transportation businesses in 2014.
Hacked into Trimble's network and stole at least 275 megabytes of data, including trade secrets related to global navigation satellite systems technology the company spent millions of dollars developing, in 2015 and 2016.
Accessed an internal email server at Moody's in 2011 and forwarded the account of an unidentified "prominent employee" to their own accounts, and eventually accessing the confidential messages sent to that account until 2014.

According to the DoJ, both Wu and Dong were co-founders and shareholders of Boyusec, while Lei was an employee. All the three defendants were residents of Guangzhou.

The Chinese men have been charged with a total of eight counts, including one charge of committing computer fraud and abuse, two charges of committing trade secret theft, three counts of wire fraud and four to eight counts of aggravated identity theft.

If found guilty in the court of law, the hackers face a maximum sentence of 42 years in prison.

Comments

‘Infraud’ Cybercrime Forum is Busted, 13 hackers arrested & 36 charged

The U.S. Justice Department announced charges on Wednesday against three dozen individuals thought to be key members of ‘ Infraud ,” a long-running cybercrime forum that federal prosecutors say cost consumers more than a half billion dollars. In conjunction with the forum takedown, 13 alleged Infraud members from the United States and six other countries were arrested. Started in October 2010, Infraud was short for “In Fraud We Trust,” and collectively the forum referred to itself as the “Ministry of Fraudulently [sic] Affairs.” As a mostly English-language fraud forum, Infraud attracted nearly 11,000 members from around the globe who sold, traded and bought everything from stolen identities and credit card accounts to ATM skimmers, botnet hosting and malicious software. “Today’s indictment and arrests mark one of the largest cyberfraud enterprise prosecutions ever undertaken by the Department of Justice,” said John P. Cronan , acting assistant attorne...

Czech Republic announced it had extradited the Russian hacker Yevgeni Nikulin (29) to the United States

Yevgeni Nikulin (29) was requested by the US for alleged cyber attacks on social networks and by the Russian authorities that charged him with frauds. According to US authorities, the man targeted LinkedIn and Formspring and hacked into the file hosting service Dropbox. The Russian criminal was arrested in Prague in October 2016 in an international joint operation with the FBI. The case in the middle of an arm wrestling between Moscow and Washington, the US Government are accusing Russia to have interfered with 2016 Presidential election through hacking . Source: US Defense Watch.com In May, a Czech court ruled that Nikulin can be extradited to either Russia or the United States, leaving the final decision to the Justice Minister Robert Pelikan. “It is true there have been two meetings this year where the president asked me not to extradite a Russian citizen to the United States but to Russia,” the website of the weekly newspaper Res...

North Korean Hidden Cobra APT targets Turkish financial industry with new Bankshot malware

North Korea-linked APT group Hidden Cobra (aka Lazarus Group) is targeting the Turkish financial system. Experts from McAfee observed the hackers using the Bankshot implant in targeted attacks against the financial organizations in Turkey. The attack resembles previous attacks conducted by Hidden Cobra against the global payment network SWIFT. Bankshot was first reported by the US DHS in December, now new variants of the malicious code were observed in the wild The sample analyzed by McAfee is 99% similar to the variants detected in 2017. The hackers used spear-phishing messages with a weaponized Word document containing an embedded Flash exploit that triggers the CVE-2018-4878, Flash vulnerability that was disclosed in late January. Adobe promptly patched the vulnerability with an emergency patch, but many computers are still vulnerable because the owners did not apply the patch. According to McAfee, t...

The Purple Hat - Cyber Gangs & Criminals Naked

Search This Blog