CTI Weekly: Indictment of Russian Citizen Linked to Major Ransomware – USD 10M Reward, Cybercrime Challenges & Espionage Revelations

Key Issue:

The US indicts a Russian ransomware operator and a offers USD 10 million reward for information that leads to his arrest

US authorities have indicted Mikhail Matveev, also known as “Wazawaka,” a Russian citizen linked to major ransomware variants. The charges include involvement in ransomware campaigns against US law enforcement and critical infrastructure. A reward of up to USD 10 million has been offered for information leading to his arrest. Matveev is accused of playing a central role in developing and deploying Hive, LockBit, and Babuk ransomware.

This indictment serves as a message to threat actors and aims to generate internal conflicts within criminal networks. However, combating cybercrime faces challenges due to sanctuary countries’ protection of threat actors, emphasizing the need for diplomatic channels and international cooperation.

Other news:

Nation-state

The Chinese cyber espionage unit, Mustang Panda, has been identified as responsible for a series of attacks targeting TP-Link routers to compromise European foreign affairs entities. Additionally, it is estimated that up to half of the funding for North Korea’s missile program comes from cybercriminal activities, as the regime uses cyber operations to finance critical survival programs.

Malware

A recent security campaign has been discovered, utilizing customized Ducktail malware files to target HR and marketing professionals with the aim of stealing their business social media accounts.

Hacktivism

The pro-Russian hacktivist group NoName057(16) has launched Distributed Denial-of-Service (DDoS) attacks against Czechian and German entities. The group recently expressed its commitment to engaging in cyber conflicts with Ukraine and its allies.

Data Breach

A US citizen has admitted guilt in stealing and selling financial data, including credit and debit card numbers, of tens of thousands of individuals. PharMerica, a pharmacy services provider, has revealed a Money Message breach in March 2023 affecting more than five million individuals

Subscribe below for more and to discover other significant cyber criminals, nation-state and hacktivist news.