Ukraine Cyber Police Crack Hacker Group

Together with law enforcement officers of the Republic of Korea and the United States of America, the Ukraine National Cyber Police have exposed a hacker group though to be responsible for the theft of $500 million from companies in South Korea and the United States.

The Ukraine's specialist police unit have arrested members of the hacker group who carried out ransomware attacks on several foreign companies as well as universities between 2019-21. They have detained six members of Cl0p, a ransomware gang that most recently was associated with attacks on Stanford University Medical School and the University of California.

With the help of the malicious program "Clop", the hackers had encrypted the data on the media of companies in the Republic of Korea and the United States. Later, they demanded ransom-money to restore access. The six arrested individuals have been charged under Ukrainian law with offenses related to unauthorised access to computers, automated systems, and telecommunication networks. The individuals face a maximum of up to eight years in prison if convicted on all charges.

In 2019, four Korean companies were attacked with the Clop encryption virus, as a result of which 810 internal servers and personal computers of employees were blocked. Hackers had sent e-mails with a malicious file to the mailboxes of company employees. 

After opening the infected file, the program sequentially downloaded additional programs from the distribution server and completely infected the victims' computers with a remote managed program "Flawed Ammyy RAT".  Using remote access, the suspects activated malicious software "Cobalt Strike", which provided information about the vulnerabilities of infected servers for further capture. The attackers demanded a "ransom" in crypto currency for decrypting the information. 

Unlike common ransomware attacks, which encrypt a large number of uninstalled PCs and servers, the Advanced Persistent Threat (APT) attack is aimed at a specific victim's computer network and infects the entire system with a ransomware program. Law enforcement has managed to shut down the infrastructure from which the virus spreads and block channels for legalising criminally acquired crypto-currencies. 

Police officers conducted 21 searches in the capital and Kiev region, in the homes of the defendants and in their cars. Computer equipment, cars and about $5m in cash were seized. The property of the perpetrators was alsdo seized.  In 2020, the Ukraine Cyber Police carried out ten international police operations to expose hacker groups, detained 326 online fraudsters and prevented 62 facts of breach of intellectual property rights.

 As noted in a message on the Cyber Police website, members of the exposed hacker groups also caused damage to the countries of the European Union, Great Britain and the United States. 

Ukraine Cyber Police:     Dark Reading:     Republic World:        Interfax:       AIN

You Might Also Read: 

A New Era Of Malware:

 
« Diversity In Cyber Security
Bad Cyber Security Behavior At Home Risks Being Taken Back To Work »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

AV Test

AV Test

The AV-TEST Institute is a leading international and independent service provider in the fields of anti-virus research and IT security.

Messageware

Messageware

Messageware is the market leader in securing, enhancing, and customizing Microsoft Exchange and Outlook Web App.

Jumpsec

Jumpsec

Jumpsec provides penetration testing, security assessments, social engineering testing, cyber incident response, training and consultancy services.

Veriato

Veriato

Veriato develops intelligent solutions that provide companies with visibility into the human behaviors and activities occurring within their network, making them more secure and productive.

HelseCERT

HelseCERT

HelseCERT is the health and care sector's national information security center for Norway.

Squalio

Squalio

Squalio is an information technology group that delivers solutions and services for secure and effective IT management.

itbox.online

itbox.online

Itbox.online offers IT solutions to ensure that your company's technologies are always available and secure as your business demands.

Celerium

Celerium

Celerium transforms cyber defense for both companies and industry sectors by leveraging cyber threat intelligence to defend against cyber threats and attacks.

Evanston Technology Partners (ETP)

Evanston Technology Partners (ETP)

ETP provides services and solutions to enable and transform businesses in the areas of cybersecurity, data protection, and efficient operations practices.

PeopleSec

PeopleSec

PeopleSec specializes in the human element of cybersecurity with a comprehensive set of services designed to maximize your security by educating your workforce as a whole.

TrueFort

TrueFort

TrueFort take an application-first approach that offers comprehensive protection for real-time visibility and analysis, protection and better communication across business, IT, and security teams.

01 Communique Laboratory

01 Communique Laboratory

01 Communique Laboratory is an innovation leader in the new realm of Post-Quantum Cyber Security.

KSOC Labs

KSOC Labs

KSOC is an event-driven SaaS platform built to automatically remediate Kubernetes security risks.

Borwell

Borwell

Borwell delivers software and IT solutions to the UK MoD and to UK Government departments, which are secure by design.

White Knight Labs

White Knight Labs

White Knight Labs is a cyber security consultancy that specializes in cybersecurity training.

Blue Goat Cyber

Blue Goat Cyber

Blue Goat stands at the forefront of cybersecurity, particularly in medical device security and penetration testing.