Four people were arrested in Ukraine and Armenia, and over 100 internet servers were disabled or blocked in an internationally coordinated operation targeting cyberinfrastructure used for malware.
Europol arrested cybercriminals from Ukraine
The "Operation "Final" was initiated and carried out by France, Germany and the Netherlands.
The Europol reported about it on May 30.
In addition, Armenia, Bulgaria, Lithuania, Portugal, Romania, Switzerland and Ukraine also supported the operation with various actions such as arrests, questioning of suspects, searches, and seizure or deletion of servers and domains.
Arrests were made in Armenia (one person) and Ukraine (three). Law enforcement agencies currently control over 2,000 domains.
According to the results of the days of actions of persons involved in this criminal activity and wanted by Germany, on May 30, 2024, they will be added to the European list of the most wanted persons. These individuals are wanted for involvement in serious cybercriminal activity.
Malware allows cybercriminals to connect to people's computers for malicious purposes secretly.
According to investigators, one of the main suspects earned at least 69 million euros in cryptocurrency by renting out criminal infrastructure facilities for hosting ransomware. The suspect's operations are continuously monitored, and legal authorization has already been obtained to seize these assets in future actions.
What is known about Russian cyberattacks on the mobile devices of AFU soldiers?
Russian hackers intensified cyber attacks on the mobile phones of the Ukrainian military. Experts talked about the specifics of the attacks and how to protect yourself.
As noted, Russian hackers have increased the number of cyberattacks on mobile devices of the Ukrainian military.
In the second half of 2023, hackers associated with the Russian GRU actively used messengers and social engineering to spread malicious software.
In particular, during attacks, Russian hackers do the following:
Use legitimate products as disguises: Hackers disguised spyware as legitimate software installers, such as the Nettle situational awareness system;
spread malware (software) through Signal and Telegram: attackers used these messengers to distribute malicious files, disguising them as cyber security instructions from CERT-UA;
react and adapt quickly: hackers quickly responded to new protection methods and developed new attack vectors;
targeting software for Windows: most attacks through messengers were aimed at spreading malicious software for Windows because many militaries use desktop versions of messengers;
use decoy files: attackers distributed malicious programs in the form of Zip or Rar archives, disguising them as updating certificates for the Delta situational awareness complex.