Feed aggregator

Adult Friend Finder Hacked (Reddit)

SANS diary - 1 hour 20 min ago
Categories: security

IC3 Issues Internet Crime Report for 2014

US-Cert alerts and bulletins - Sat, 05/23/2015 - 02:12
Original release date: May 22, 2015

The Internet Crime Complaint Center (IC3) has released its Internet Crime Report for 2014, indicating that scams relating to social media — including doxing, click-jacking, and pharming — have increased substantially over the past five years.

US-CERT encourages users to review the IC3 Alert for details and refer to the US-CERT Tip ST04-014 for information on social engineering and phishing attacks.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: security

Joke or Blunder: Carbanak C&C Leads to Russia Federal Security Service

Trend-Micro - Fri, 05/22/2015 - 11:33

In an interesting turn of events, a C&C used in the Carbanak targeted attack campaign now resolves to an IP linked to the Russian Federal Security Service (FSB).

Yesterday, while checking the indicator of compromise (IOC) data from the Carbanak report, when I noticed that the domain name systemsvc.net (which was identified as a C&C server in the report) now resolves to the IP address 213.24.76.23. When I checked for related information, I found that the said IP is under ASN AS8342 RTCOMM-AS OJSC RTComm.RU and its identified location is Moscow City – Moscow – Federal Security Service Of Russian Federation.



Figure 1. Information on systemsvc.net

For those who are not familiar, Carbanak is a targeted attack campaign that hit banks and financial organizations earlier this year. Based on reports, it employed methods and techniques such as spear phishing email and exploits, commonly seen in targeted attacks. Accordingly, attackers did intelligence gathering about their target networks in order to infiltrate it.

I checked for other interesting details in the other IOCs but didn’t find anything related to this particular anomaly. I still do not know why it happened; I do not really think that FSB Russia would point the Carbanak-related domain name to an IP address which is affiliated with Russian Federal Security Service. It is also possible that the owner of the domain had done this as a prank.

A reverse lookup on the IP addresses revealed that there are several other domains resolving to it apart from systemsvc.net.

Figure 2. Other domains resolving to the FSB Russia

We will monitor this further and post updates when they’re available.

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

Joke or Blunder: Carbanak C&C Leads to Russia Federal Security Service

Categories: security
Syndicate content