IAT HONG, BO ZHENG, CHIN HUNG - insider trading with stolen M&A data

https://www.justice.gov/opa/press-release/file/921041/download

https://www.justice.gov/opa/press-release/file/1106491/download

https://www.justice.gov/opa/pr/georgia-woman-arrested-conspiring-provide-material-support-isis

https://www.justice.gov/usao-sdny/press-release/file/1143076/download

https://www.justice.gov/usao-sdny/pr/lithuanian-man-pleads-guilty-wire-fraud-theft-over-100-million-fraudulent-business

https://www.justice.gov/usao-sdny/press-release/file/950556/download

Online dating/BEC - Olufolajimi Abegunde/Javier Luis Ramos-Alonso

https://www.justice.gov/opa/pr/two-men-found-guilty-international-cyber-fraud-scheme-involving-online-dating-and-business

https://www.justice.gov/opa/pr/member-sophisticated-china-based-hacking-group-indicted-series-computer-intrusions-including

https://www.justice.gov/opa/press-release/file/1161466/download

https://www.justice.gov/opa/pr/russian-national-charged-decade-long-series-hacking-and-bank-fraud-offenses-resulting-tens?hootPostID=629d449ac4fd1b12d37f66d6551dbec1

https://www.justice.gov/opa/press-release/file/1223586/download

https://www.justice.gov/opa/pr/chinese-military-personnel-charged-computer-fraud-economic-espionage-and-wire-fraud-hacking

https://www.justice.gov/opa/press-release/file/1246891/download

https://www.justice.gov/opa/pr/two-chinese-hackers-working-ministry-state-security-charged-global-computer-intrusion

https://www.justice.gov/opa/press-release/file/1295981/download

https://www.justice.gov/opa/pr/two-alleged-hackers-charged-defacing-websites-following-killing-qasem-soleimani

https://www.documentcloud.org/documents/7208905-Behzad-Mohammadzadeh-Indictment.html

https://www.justice.gov/opa/pr/seven-international-cyber-defendants-including-apt41-actors-charged-connection-computer

https://www.justice.gov/opa/press-release/file/1317206/download

https://www.fbi.gov/wanted/cyber/behzad-mohammadzadeh

https://www.justice.gov/opa/press-release/file/1317211/download

https://www.justice.gov/opa/press-release/file/1317216/download

https://www.justice.gov/opa/pr/united-states-seizes-domain-names-used-iran-s-islamic-revolutionary-guard-corps

https://freiheitsrechte.org/home/wp-content/uploads/2019/11/2019-07-04-FinFisher-Strafanzeige-EN.pdf

https://netzpolitik.org/2020/our-criminal-complaint-german-state-malware-company-finfisher-raided/ (English), https://netzpolitik.org/2020/unsere-strafanzeige-razzia-bei-staatstrojaner-firma-finfisher-in-muenchen/ (German)

https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and

https://www.justice.gov/opa/press-release/file/1328521/download

https://www.fbi.gov/wanted/cyber/gru-hackers-destructive-malware-and-international-cyber-attacks

https://www.justice.gov/opa/pr/north-korean-regime-backed-programmer-charged-conspiracy-conduct-multiple-cyber-attacks-and

https://www.justice.gov/opa/press-release/file/1367701/download

https://www.justice.gov/opa/pr/latvian-national-charged-alleged-role-transnational-cybercrime-organization

https://www.justice.gov/opa/press-release/file/1401766/download

https://www.justice.gov/opa/pr/department-justice-seizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside

https://www.justice.gov/opa/press-release/file/1402056/download

https://www.justice.gov/opa/press-release/file/1402001/download

https://www.justice.gov/opa/pr/russian-national-convicted-charges-relating-kelihos-botnet

https://www.justice.gov/opa/pr/four-chinese-nationals-working-ministry-state-security-charged-global-computer-intrusion

https://www.justice.gov/opa/press-release/file/1412916/download

https://www.justice.gov/opa/pr/man-arrested-connection-alleged-role-twitter-hack

https://www.justice.gov/opa/pr/russian-national-extradited-united-states-face-charges-alleged-role-cybercriminal

https://www.justice.gov/opa/press-release/file/1445241/download

https://www.justice.gov/opa/pr/three-former-us-intelligence-community-and-military-personnel-agree-pay-more-168-million

https://www.justice.gov/usao-sdny/pr/us-attorney-announces-indictment-charging-uk-citizen-conspiracy-commit-computer

https://www.justice.gov/usao-sdny/press-release/file/1446146/download

https://www.justice.gov/opa/pr/jury-convicts-chinese-intelligence-officer-espionage-crimes-attempting-steal-trade-secrets

https://www.justice.gov/opa/pr/chinese-intelligence-officer-charged-economic-espionage-involving-theft-trade-secrets-leading

https://www.justice.gov/opa/press-release/file/1099876/download

Ukrainian Arrested and Charged with Ransomware Attack on Kaseya

https://www.justice.gov/opa/pr/ukrainian-arrested-and-charged-ransomware-attack-kaseya

https://www.justice.gov/opa/pr/two-iranian-nationals-charged-cyber-enabled-disinformation-and-threat-campaign-designed

https://www.justice.gov/opa/press-release/file/1449226/download

Ukraine SBU indicts FSB Center 18 affiliated group Gamaredon hackers

https://ssu.gov.ua/en/novyny/sbu-vstanovyla-khakeriv-fsb-yaki-zdiisnyly-ponad-5-tys-kiberatak-na-derzhavni-orhany-ukrainy

https://ssu.gov.ua/uploads/files/DKIB/Technical%20report%20Armagedon.pdf

https://www.justice.gov/opa/pr/former-canadian-government-employee-extradited-united-states-face-charges-dozens-ransomware

DOJ Indicts 3 cyber operators from the FSB Center 16 (Unit 71330)

Group attribution of TEMP.Isotope/Dragonfly to FSB Center 16. Identification of Pavel Aleksandrovich Akulov, Mikhail Mikhailovich Gavrilov, and Marat Valeryevich Tyukov as operators. Attribution of Havex supply chain attack to this group

https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical

https://www.justice.gov/opa/press-release/file/1486836/download

https://www.fbi.gov/wanted/cyber/russian-fsb-center-16-hackers

DOJ Indicts Evgeny Viktorovich Gladkikh as the TRITON developer, attributes to the State Research Center of the Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics (TsNIIKhM)

https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical

https://www.justice.gov/opa/press-release/file/1486836/download

https://www.fbi.gov/wanted/cyber/evgeny-viktorovich-gladkikh

Cryptocurrency mixer service Blender.io used to launder more than $20.5 million for DPRK's cyber program.

On March 23, 2022, Lazarus Group, a DPRK state-sponsored cyber hacking group, carried out the largest virtual currency heist to date, worth almost $620 million, from a blockchain project linked to the online game Axie Infinity; Blender was used in processing over $20.5 million of the illicit proceeds.

https://home.treasury.gov/policy-issues/financial-sanctions/recent-actions/20220506

https://home.treasury.gov/news/press-releases/jy0768

The Human Rights Center at UC Berkeley's School of Law sent a formal request to the Office of the Prosecutor for the International Criminal Court (ICC) in the Hague to prosecute Sandworm team on charges of war crimes for its involvement in shutting off power in Ukraine during 2015 and 2016.

https://www.wired.com/story/cyber-war-crimes-sandworm-russia-ukraine/

Venezuelan Charged for Use and Sale of Ransomware associated w/ Iran

https://www.justice.gov/usao-edny/pr/hacker-and-ransomware-designer-charged-use-and-sale-ransomware-and-profit-sharing

https://www.justice.gov/usao-edny/press-release/file/1505981/download

https://www.justice.gov/opa/pr/united-states-leads-seizure-one-world-s-largest-hacker-forums-and-arrests-administrator

https://www.justice.gov/opa/press-release/file/1493586/download

https://www.justice.gov/opa/pr/three-iranian-nationals-charged-engaging-computer-intrusions-and-ransomware-style-extortion

https://www.documentcloud.org/documents/23713130-pompourin-affidavit-govuscourts

https://www.documentcloud.org/documents/23743311-microsoft-cobalt-strike-complaint-takedown

Operation MEDUSA: FBI disruption and affidavit on Turla, Center 16, and the Uroburos/Snake implant

--Turla is associated with the FSB's Center 16 primarily operating out of Ryazan but has sub-units operating across Russia. (Page 7)
--Turla has been operational since at least 2003, developing the original Snake/Uroborous implant. This is the same year that Center 16 stood up after the FSB absorbed the defunct FAPSI's authorities and mission mandate. (Page 6)
--Some of the Snake ops were also launched from a FSB-based Moscow location, though Ryazan appears to be the main location for development work. (Page 8)
--Turla working hours were usually 7am to 8pm Moscow standard time. (Page 8)
--Snake was the basis for two malware families that spun out of it, Chinch and Carbon. (Page 9)
--Meta note about the publication: it was released on Russia's Victory Day
--It was also paired with a joint-DHS CISA, NSA, UK NCSC, and Canadian SIGINT service advisory, "Hunting Snake" report

https://www.justice.gov/usao-edny/pr/justice-department-announces-court-authorized-disruption-snake-malware-network?s=03

https://www.documentcloud.org/documents/23808245-23-mj-0428-affidavit

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-129a

https://www.justice.gov/usao-cdca/pr/qakbot-malware-disrupted-international-cyber-takedown

https://www.justice.gov/usao-cdca/divisions/national-security-division/qakbot-resources

Operation Dying Ember: FBI Disruption of APT28 (GRU) Moobot malware installed on Ubiquiti Edge OS routers

Uninstalled GRU custom scripts and changed firewall rules to prevent future remote administration

https://www.justice.gov/opa/pr/justice-department-conducts-court-authorized-disruption-botnet-controlled-russian

FBI Disruption of Volt Typhoon KV Botnet on Cisco and NetGear end of life SOHO routers

https://www.justice.gov/opa/pr/us-government-disrupts-botnet-peoples-republic-china-used-conceal-hacking-critical

https://www.justice.gov/usao-ma/pr/international-cybercrime-malware-service-dismantled-federal-authorities

https://www.justice.gov/opa/pr/us-and-uk-disrupt-lockbit-ransomware-variant

Seven Hackers Associated with Chinese Government Charged with Computer Intrusions Targeting Perceived Critics of China and U.S. Businesses and Politicians

https://www.justice.gov/opa/pr/seven-hackers-associated-chinese-government-charged-computer-intrusions-targeting-perceived

https://www.justice.gov/opa/media/1345141/dl?inline

https://www.nationalcrimeagency.gov.uk/news/nca-cyber-investigation-leads-to-sanctions-for-hostile-actors-linked-to-russia-s-fsb

Operation Toy Soldier: DOJ indictment as part the international effort to combat the malicious cyber activity by Unit 29155 (161st Specialist Training Center) of the GRU

--Back dates GRU Unit 29155 cyber operations to Dec 2020.
--Unit 29155 conducted the WhisperGate attack on 13 Jan 2022 to destroy Ukranian government civilian systems and sow discord amongst its citizens.
--Beginning in August 2021 and continuing through Oct 2021 the defendants scanned more than 2,400 websites, including diia.gov.ua, UA's State Portal for Digital Services for vulnerabilities.
--On 13 Jan 2022, the defendants compromised the DIIA portal, displaying a message in Polish, Russian, and Ukrainian that read "Ukrainians! All information about you has become public, expect the worst. This is for your past, present, and [sic] future." Hours after the deployment, they listed information on 13.5 million users from the site for sale online for $80,000, and patient health data from UA gov systems, criminal records, and motor vehicle registration information for an unspecified amount.

https://www.justice.gov/opa/pr/five-russian-gru-officers-and-one-civilian-charged-conspiring-hack-ukrainian-government

https://www.justice.gov/opa/media/1366441/dl

Operation Toy Soldier: CISA/FBI/NSA advisory about GRU Unit 29155 (161st Specialist Training Center)

--The advisory identifies this group as Cadet Blizzard/Ember Bear/Frozenvista/UNC2589/UAC-0056;
--Cyber actors may have used Raspberry Robin malware in the role of an access broker
--Unit 29155 actors and their cyber-criminal affiliates commonly maintain accounts on dark web forums; this has provided the opportunity to obtain various hacker tools such as malware and malware loaders like Raspberry Robin and SaintBot.
--It notes that they obtain CVE exploit scripts from GitHub repositories and use them against victim infrastructure;
--The group has compromised IOT devices, mostly IP-connected cameras, using Shodan to exploit and dump creds;

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-249a

Identifies operations from the unit as current as August 2024 when the case was presented to a court in Maryland.

--GRU malicious cyber activity also targeted U.S. critical infrastructure and included efforts to scan for vulnerabilities, map networks, and identify potential website vulnerabilities in U.S.-based critical infrastructure – particularly the energy, government, and aerospace sectors.
--Adds 2 new intrusion groups beyond what the CISA advisory calls out as part of this activity: STORM-0587 and STORM-0711

https://x.com/RFJ_USA/status/1831739289173885095?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Etweet

https://rewardsforjustice.net/rewards/gru-officers-unit-29155/