Cybercrime Exposed Intel 471

The online game Axie Infinity is colorful and eye catching. It resembles Pokemon and is filled with cute digital creatures. To play the game, players use virtual currency to buy and sell these creatures and can earn it by battling each other. In 2021, the company behind Axie Infinity was worth $3 billion and backed by Silicon Valley dollars. But this virtual world and the enormous amount of virtual money in this world came into the sights of an adversary. In a matter of minutes in March 2022, Axie Infinity saw nearly $600 million worth of virtual currency stolen from its
wallets. The hackers weren’t just cybercriminals. They were nation-state hackers from North Korea. But investigators were hot on their heels.

Participants:

Erin Plante, Vice President, Investigations, Chainalysis

Jeremy Kirk, Executive Editor, Cyber Threat Intelligence,
Intel 471

Over many years, a cybercriminal gang likely based in Russia built a huge network of interconnected, hacked computers. They did this one inbox at a time. They sent spam messages with fake documents and malicious links, tricking people into opening malicious software. The network of hacked computers was called Qakbot, or QBot. The botnet was used by cybercriminal gangs to infiltrate computers, steal their data, conduct financial crime and deploy ransomware. But in 2023, law enforcement hacked the hackers. They cut Qakbot off from the cybercriminal group that controlled it. They also removed Qakbot from hundreds of thousands of infected computers, a mission that stretched across the internet. But the battle against this group continues.

Participants:

Selena Larson, Senior Threat Intelligence Analyst, ProofpointJeremy Kirk, Executive Editor, Cyber Threat Intelligence, Intel 471

In the early 2010s, a group of malicious hackers had a goal: to build a Durango, which was the code name for Microsoft’s next-generation gaming console eventually known as the XBox One. They did this by stealing reams of data: authentication keys, personal data, login credentials and proprietary gaming documents. Arman Sadri was on the fringes of the group. He was a gaming hacker who taught himself programming languages such C# and C++ and how to hack games like Call of Duty. He sold gaming cheats, or mods. His eventual goal was a legitimate job in the games industry. Eventually, Microsoft hired him to debug XBox games, which was a dream job. But it was the start of his life unravelling. Microsoft fired him. The FBI wasn’t long behind him. Arman didn’t recognize when he’d gone too deep, and his years-long dalliance on the edge with computers led him to a place from which he’s still recovering.

Participants:

Arman Sadri, Founder, The Good Hackers

Jeremy Kirk, Executive Editor, Cyber Threat Intelligence, Intel 471

Bluma Janowitz is a social engineer and red team agent. She specializes in what are called red-teaming exercises, which are designed to test an organization’s defenses against malicious hackers. She might try to trick employees into giving up sensitive information over the phone or drop USB drives in places where curious people might put them in their computers. She talks her way into buildings and does discreet Wi-Fi scans, taking photos along the way. These techniques are known as social engineering. Threat actors have been using social engineering as a tool to gain access for decades, and in fact, it remains one of the most potent ones today. Bluma does these exercises to help companies get better at security. That’s because access is everything. If access control is compromised, the consequences can be severe. In this episode of Cybercrime Exposed, Bluma describes two of her engagements. Would you fall for the tricks?

Participants:

Bluma Janowitz, Social Engineering and Red Team Agent

Jeremy Kirk, Executive Editor, Cyber Threat Intelligence, Intel 471

In one long weekend in May 2023, a cybercriminal gang called Clop conducted one of the largest data breaches on record. The supply-chain attack affected thousands of organizations and millions of people. The group dumped terabytes of health care data, personal and corporate records on the internet in an effort to extort the victims. CLOP’s attack epitomizes the challenges in fighting professional cybercriminal gangs generating billions of dollars a year in profit. Will Clop, whose members are likely in Russia or Eastern Europe, be held to account?

Participants:

Will Thomas, Cyber Threat Intelligence researcher, Equinix Threat Analysis Centre

Jeremy Kirk, Executive Editor, Cyber Threat Intelligence, Intel 471

Bex Nitert is an incident response and forensics professional in Australia. She describes herself as a digital firefighter who helps organizations after they’ve been hacked. She often investigates phishing, the term for stealing login credentials with the aim of taking over accounts and systems. There’s a threat actor who created a managed phishing service to help other cybercriminals steal usernames and passwords. Bex found him operating in the open. And there are indications his operation may take a darker turn.

Participants:

Bex Nitert, Incident Response and Forensics Professional

Jeremy Kirk, Executive Editor, Cyber Threat Intelligence, Intel 471