Ukraine Cyber Police Crack Hacker Group

Together with law enforcement officers of the Republic of Korea and the United States of America, the Ukraine National Cyber Police have exposed a hacker group though to be responsible for the theft of $500 million from companies in South Korea and the United States.

The Ukraine's specialist police unit have arrested members of the hacker group who carried out ransomware attacks on several foreign companies as well as universities between 2019-21. They have detained six members of Cl0p, a ransomware gang that most recently was associated with attacks on Stanford University Medical School and the University of California.

With the help of the malicious program "Clop", the hackers had encrypted the data on the media of companies in the Republic of Korea and the United States. Later, they demanded ransom-money to restore access. The six arrested individuals have been charged under Ukrainian law with offenses related to unauthorised access to computers, automated systems, and telecommunication networks. The individuals face a maximum of up to eight years in prison if convicted on all charges.

In 2019, four Korean companies were attacked with the Clop encryption virus, as a result of which 810 internal servers and personal computers of employees were blocked. Hackers had sent e-mails with a malicious file to the mailboxes of company employees. 

After opening the infected file, the program sequentially downloaded additional programs from the distribution server and completely infected the victims' computers with a remote managed program "Flawed Ammyy RAT".  Using remote access, the suspects activated malicious software "Cobalt Strike", which provided information about the vulnerabilities of infected servers for further capture. The attackers demanded a "ransom" in crypto currency for decrypting the information. 

Unlike common ransomware attacks, which encrypt a large number of uninstalled PCs and servers, the Advanced Persistent Threat (APT) attack is aimed at a specific victim's computer network and infects the entire system with a ransomware program. Law enforcement has managed to shut down the infrastructure from which the virus spreads and block channels for legalising criminally acquired crypto-currencies. 

Police officers conducted 21 searches in the capital and Kiev region, in the homes of the defendants and in their cars. Computer equipment, cars and about $5m in cash were seized. The property of the perpetrators was alsdo seized.  In 2020, the Ukraine Cyber Police carried out ten international police operations to expose hacker groups, detained 326 online fraudsters and prevented 62 facts of breach of intellectual property rights.

 As noted in a message on the Cyber Police website, members of the exposed hacker groups also caused damage to the countries of the European Union, Great Britain and the United States. 

Ukraine Cyber Police:     Dark Reading:     Republic World:        Interfax:       AIN

You Might Also Read: 

A New Era Of Malware:

 
« Diversity In Cyber Security
Bad Cyber Security Behavior At Home Risks Being Taken Back To Work »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Institute for National Security and Counterterrorism (INSCT)

Institute for National Security and Counterterrorism (INSCT)

INSCT is a center for the study of national security, international security, and counterterrorism. Research programs include New Frontiers in Science, Cyber, & Technology

Centrify

Centrify

Centrify’s Next-Gen Access is an identity & access management solution that uniquely converges Identity-as-a-Service, enterprise mobility management and privileged access management.

Kualitatem

Kualitatem

Kualitatem Inc. is an independent software testing and information systems auditing company

Casaba Security

Casaba Security

Casaba are specialists in software security providing managed Software Development Lifecycle services as well as products for security testing.

Green Hills Software

Green Hills Software

Green Hills Software is the largest independent vendor of embedded secure software solutions for applications including the Internet of Things.

Cambridge Intelligence

Cambridge Intelligence

Cambridge Intelligence are experts in network visualization and finding hidden trends in complex connected data. Applications include cybersecurity.

Celare

Celare

Celare delivers DPI based network perimeter monitoring solutions with integrated Big Data security analytics and threat detection.

Cyberbit

Cyberbit

Cyberbit empowers cybersecurity teams to be fully prepared with a product portfolio ready to detect and respond effectively across both IT and OT networks.

InstaSafe Technologies

InstaSafe Technologies

InstaSafe®, a Software Defined Perimeter based (SDP) one-stop Secure Access Solution for On-Premise and Cloud Applications.

CSIRT GOV - Poland

CSIRT GOV - Poland

Computer Security Incident Response Team CSIRT GOV, run by the Head of the Internal Security Agency, acts as the national CSIRT responsible for coordinating the response to computer incidents.

National Accreditation Agency of Ukraine (NAAU)

National Accreditation Agency of Ukraine (NAAU)

NAAU is the national accreditation body for Ukraine. The directory of members provides details of organisations offering certification services for ISO 27001.

Cranfield University

Cranfield University

Cranfield Defence and Security are at the forefront of their fields, offering capabilities ranging from cyber security and digital warfare to robotics, forensic sciences and simulation and analytics.

CybersCool Defcon

CybersCool Defcon

CybersCool is committed to educate and train, re-skill and up-skill the current workforce of various industries and businesses in the knowledge and know-how of cybersecurity.

Cyviation

Cyviation

Cyviation's mission is to mitigate ever-growing and menacing Cyber Security threats, focusing on aircraft, airlines and airports.

Center for Cyber Security Studies & Research (CFCS2R)

Center for Cyber Security Studies & Research (CFCS2R)

CFCS2R's mission is to empower individuals, organizations, and governments with the knowledge and tools necessary to protect against cyber threats.

Cloudbrink

Cloudbrink

Cloudbrink is purpose-built to deliver the industry’s highest performance connectivity to remote and hybrid workers, anywhere in the world.