Hurricane Ian Leads to Predictable FEMA Fraud Threat Actors (TAs) are ready to take advantage of vulnerabilities as disasters strike and populations become more susceptible to potential fraud. A wave of actors was ready to take advantage of the FEMA disaster assistance program that was released 28SEP2022 after Hurricane Ian hit Florida. Not only have…
Read More
17MAY2022 – Gary Warner This week the US Attorney’s Office in the Middle District of Florida announced that Glib Oleksandr Ivanov-Tolpintsev, a 28 year old hacker from Chernivtsi, Ukraine, would be sentenced to four years in prison for his role as a vendor on the xDedic Marketplace. The court documents don’t actually name xDedic regarding…
Read More
INTRODUCTION DarkTower recently identified and has been monitoring the use of OTP bots, available forpurchase in high-traffic Telegram fraud Group Chats. FINDINGS DarkTower identified several OTP bots circulating. The bots can be used to circumvent Two-Factor Authentication by sending false requestsdisguised as legitimate requests. The bots are primarily sold and operated through Telegram. INVESTIGATION OTP…
Read More
INTRODUCTION A list of RedLine Stealer configurations was found on 19SEP2021 on Twitter, showing hashes, C2_proxy, and the encryption key. RedLine Stealer is a MaaS (Malware as a Service) found in forums and markets for sale. FINDINGS RedLine Stealer was first seen in 2020 and currently has active subscribers. RedLine Stealer is being sold as…
Read More
INTRODUCTION AND RECOMMENDATION On 14MAY2021, Abidemi Rufai, a pandemic unemployment scammer from Lekki, Nigeria, was arrested at JFK airport as he attempted to leave the country. In the DOJ press release about the event we learned that he had “used variations of a single e-mail address in a manner intended to evade automatic detection by…
Read More
