A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Date of release | Short description/Defendant | Notes | Contributor (thank you!) | Government Press Release | Full document text | Other links | |||||||||||||||||
2 | 1/27/2009 | Rajendrasinh Babubhai Makwana - "computer intrusion" of Fannie Mae | Insider case with cyber component | Sam (@thecyberintel) | https://www.wired.com/images_blogs/threatlevel/files/fannie_indictment.pdf?intcid=inline_amp&_gl=1*1nkbk57*_ga*SXc4ZEtMb0FiS2x1c2xmd2R5bS1YeGt2ZXRMSXNzRzFsdU43SGJFZXBOMTNld19PN3RmS1lOOXVHYjVSZUxUZQ | |||||||||||||||||||
3 | 6/22/2011 | Op Trident Tribunal/apparent Conficker | Phil Hagen (@philhagen) | https://archives.fbi.gov/archives/news/pressrel/press-releases/department-of-justice-disrupts-international-cybercrime-rings-distributing-scareware | https://krebsonsecurity.com/2011/06/72m-scareware-ring-used-conficker-worm/#more-10417 | |||||||||||||||||||
4 | 12/14/2012 | Trident Tribunal/Sallnert | Phil Hagen (@philhagen) | https://www.justice.gov/opa/pr/payment-processor-scareware-cybercrime-ring-sentenced-48-months-prison | ||||||||||||||||||||
5 | 5/19/2014 | PLA Unit 61398 | Early state-sponsored indictment; worth reading. Tied to APT1 in press (https://www.nytimes.com/2014/05/23/world/asia/us-case-offers-glimpse-into-chinas-hacker-army.html) | https://www.justice.gov/opa/pr/us-charges-five-chinese-military-hackers-cyber-espionage-against-us-corporations-and-labor | ||||||||||||||||||||
6 | 6/2/2014 | Evgeniy Bogachev/Gameover/Cryptolocker | Garrett Hinck (@garretthinck) | https://www.justice.gov/opa/pr/us-leads-multi-national-action-against-gameover-zeus-botnet-and-cryptolocker-ransomware | ||||||||||||||||||||
7 | 11/12/2015 | Rinat Akhmetshin et al: International Mineral Resources hacking | Insider case with cyber component | @sj94356 | http://i2.cdn.turner.com/cnn/2017/images/07/14/imr-complaint.pdf | |||||||||||||||||||
8 | 12/2/2015 | Nima Golestaneh et al.: Arrow Tech IP Theft | Garrett Hinck (@garretthinck) | https://www.justice.gov/opa/pr/man-pleads-guilty-facilitating-computer-hacking-vermont-company | ||||||||||||||||||||
9 | 8/1/2016 | Kun Shan Chun - acting as agent of Chinese government | Insider case with cyber component | @sj94356 | https://www.justice.gov/opa/pr/fbi-employee-pleads-guilty-acting-united-states-agent-chinese-government | https://www.justice.gov/opa/file/881161/download | https://www.justice.gov/opa/file/881166/download | |||||||||||||||||
10 | 3/22/2016 | Syrian Electronic Army | Kyle Ehmke (@kyleehmke) | https://www.justice.gov/opa/pr/computer-hacking-conspiracy-charges-unsealed-against-members-syrian-electronic-army | ||||||||||||||||||||
11 | 3/23/2016 | Su Bin | Garrett Hinck (@garretthinck) | https://www.justice.gov/opa/pr/chinese-national-pleads-guilty-conspiring-hack-us-defense-contractors-systems-steal-sensitive | ||||||||||||||||||||
12 | 3/24/2016 | ITSec/Mersad | Andrew Stanley (@alphastanley) | https://www.justice.gov/usao-sdny/pr/manhattan-us-attorney-announces-charges-against-seven-iranians-conducting-coordinated | ||||||||||||||||||||
13 | 6/14/2016 | Xu Jiaqiang - economic espionage to benefit PRC | Insider case with cyber component | @sj94356 | https://www.justice.gov/opa/pr/chinese-national-charged-stealing-source-code-former-employer-intent-benefit-chinese | https://www.justice.gov/opa/file/866976/download | ||||||||||||||||||
14 | 8/6/2016 | Microsoft STRONTIUM | @sj94356 | https://www.noticeofpleadings.com/strontium/ | ||||||||||||||||||||
15 | 12/19/2016 | Yu Long - sensitive document theft from United Technologies | Insider case with cyber component | @sj94356 | https://www.justice.gov/usao-ct/pr/chinese-national-admits-stealing-sensitive-military-program-documents-united-technologies | |||||||||||||||||||
16 | 12/27/2016 | IAT HONG, BO ZHENG, CHIN HUNG - insider trading with stolen M&A data | theft of law firm M&A data to facilitate insider trading, theft of IP from robotics companies, Defendants reside in Macau and Hong Kong | @sj94356 | https://www.justice.gov/opa/pr/manhattan-us-attorney-announces-arrest-macau-resident-and-unsealing-charges-against-three | https://www.justice.gov/opa/press-release/file/921041/download | ||||||||||||||||||
17 | 1/26/2017 | Trident Tribunal/Mihailovski | Phil Hagen (@philhagen) | https://www.justice.gov/usao-wdwa/pr/belarus-native-involved-credit-card-processing-scareware-scheme-sentenced-4-years | ||||||||||||||||||||
18 | 3/15/2017 | FSB Center 18/Yahoo | https://www.justice.gov/opa/pr/us-charges-russian-fsb-officers-and-their-criminal-conspirators-hacking-yahoo-and-millions | https://www.justice.gov/opa/press-release/file/948201/download | ||||||||||||||||||||
19 | 6/22/2017 | Kevin Mallory - transmitting classified to PRC | Insider case with cyber component | @sj94356 | https://www.justice.gov/opa/pr/virginia-man-arrested-and-charged-espionage | https://www.justice.gov/opa/press-release/file/975671/download | ||||||||||||||||||
20 | 7/17/2017 | Nima Golestaneh et al.: Arrow Tech IP Theft | Garrett Hinck (@garretthinck) | https://www.justice.gov/opa/pr/two-iranian-nationals-charged-hacking-vermont-software-company | ||||||||||||||||||||
21 | 8/21/2017 | Goldsun (Pingan)/Sakurel | Timo Steffens (@Timo_Steffens) | https://www.politico.com/f/?id=0000015e-161b-df04-a5df-963f36840001 | ||||||||||||||||||||
22 | 9/27/2017 | Jian Yang Zhang - hacking/wiretapping of company email server | Insider case with cyber component | @sj94356 | https://www.justice.gov/usao-nj/pr/middlesex-county-new-jersey-man-charged-hacking-and-illegal-wiretapping-scheme | https://www.justice.gov/usao-nj/press-release/file/999891/download | ||||||||||||||||||
23 | 11/21/2017 | Behzad Mesri | Garrett Hinck (@garretthinck) | https://www.justice.gov/usao-sdny/pr/acting-manhattan-us-attorney-announces-charges-against-iranian-national-conducting | ||||||||||||||||||||
24 | 11/27/2017 | Boyusec | https://www.justice.gov/opa/pr/us-charges-three-chinese-hackers-who-work-internet-security-firm-hacking-three-corporations | |||||||||||||||||||||
25 | 12/13/2017 | Mirai botnet | Andrew Stanley (@alphastanley) | https://www.justice.gov/opa/pr/justice-department-announces-charges-and-guilty-pleas-three-computer-crime-cases-involving | ||||||||||||||||||||
26 | 8/1/2018 | Xiaoqing Zheng - stealing trade secrets from GE | Insider case with cyber component | @sj94356 | https://www.justice.gov/opa/pr/new-york-man-charged-theft-trade-secrets | |||||||||||||||||||
27 | 2/26/2018 | Internet Research Agency | Garrett Hinck (@garretthinck) | https://www.justice.gov/opa/pr/grand-jury-indicts-thirteen-russian-individuals-and-three-russian-companies-scheme-interfere | ||||||||||||||||||||
28 | 3/23/2018 | Mabna Institute | Sanctions also issued (https://home.treasury.gov/news/press-releases/sm0332) | https://www.justice.gov/usao-sdny/pr/nine-iranians-charged-conducting-massive-cyber-theft-campaign-behalf-islamic | https://www.justice.gov/usao-sdny/press-release/file/1045781/download | |||||||||||||||||||
29 | 5/17/2018 | Syrian Electronic Army | https://www.justice.gov/usao-edva/pr/two-members-syrian-electronic-army-indicted-conspiracy | |||||||||||||||||||||
30 | 7/6/2018 | Sinovel | Insider case with cyber component | Andrew Stanley (@alphastanley) | https://www.justice.gov/opa/pr/court-imposes-maximum-fine-sinovel-wind-group-theft-trade-secrets | |||||||||||||||||||
31 | 7/13/2018 | GRU/DNC | https://www.justice.gov/opa/pr/grand-jury-indicts-12-russian-intelligence-officers-hacking-offenses-related-2016-election | https://www.justice.gov/file/1080281/download | ||||||||||||||||||||
32 | 8/1/2018 | FIN7 | https://www.justice.gov/opa/pr/three-members-notorious-international-cybercrime-group-fin7-custody-role-attacking-over-100 | https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html | ||||||||||||||||||||
33 | 8/22/2018 | Satori botnet, Kenneth Currin Schuchman | Andrew Stanley (@alphastanley) | https://krebsonsecurity.com/wp-content/uploads/2018/09/Schuchman.pdf | ||||||||||||||||||||
34 | 9/6/2018 | Lazarus Group | Charges included WannaCry 2.0 Ransomware, Destructive Cyberattack on Sony Pictures, Central Bank Cybertheft in Bangladesh | https://www.justice.gov/opa/pr/north-korean-regime-backed-programmer-charged-conspiracy-conduct-multiple-cyber-attacks-and | https://www.justice.gov/usao-cdca/press-release/file/1091951/download | |||||||||||||||||||
35 | 10/4/2018 | GRU/WADA | Full indictment has lots of technical details | https://www.justice.gov/opa/pr/us-charges-russian-gru-officers-international-hacking-and-related-influence-and | https://www.justice.gov/opa/page/file/1098481/download | |||||||||||||||||||
36 | 10/10/2018 | Arrest of Yanjun Xu | Garrett Hinck (@garretthinck) | https://www.justice.gov/opa/pr/chinese-intelligence-officer-charged-economic-espionage-involving-theft-trade-secrets-leading | ||||||||||||||||||||
37 | 10/19/2018 | Elena Khusyaynova – Project Lakhta | Garrett Hinck (@garretthinck) | https://www.justice.gov/usao-edva/pr/russian-national-charged-interfering-us-political-system | ||||||||||||||||||||
38 | 10/30/2018 | JSSD/MSS - Capstone Turbine and other victims | https://www.justice.gov/opa/pr/chinese-intelligence-officers-and-their-recruited-hackers-and-insiders-conspired-steal | https://www.justice.gov/opa/press-release/file/1106491/download | ||||||||||||||||||||
39 | 11/28/2018 | SamSam | Timo Steffens (@Timo_Steffens) | https://www.justice.gov/opa/pr/two-iranian-men-indicted-deploying-ransomware-extort-hospitals-municipalities-and-public | ||||||||||||||||||||
40 | 12/20/2018 | APT10 | Full indictment has lots of technical details | https://www.justice.gov/opa/pr/two-chinese-hackers-associated-ministry-state-security-charged-global-computer-intrusion | ||||||||||||||||||||
41 | 1/17/2019 | DNC Second Amended Complaint/Russia | Not an indictment, but of interest | http://cdn.cnn.com/cnn/2019/images/01/18/dnc.-.second.amended.complaint.-.file.stamped.pdf | ||||||||||||||||||||
42 | 2/13/2019 | Monica Witt/Iran | Garrett Hinck (@garretthinck) | https://www.justice.gov/opa/pr/former-us-counterintelligence-agent-charged-espionage-behalf-iran-four-iranians-charged-cyber | ||||||||||||||||||||
43 | 3/12/2019 | Kim Anh Vo/ISIS | Sam (@thecyberintel) | https://www.justice.gov/opa/pr/georgia-woman-arrested-conspiring-provide-material-support-isis | https://www.justice.gov/usao-sdny/press-release/file/1143076/download | |||||||||||||||||||
44 | 3/20/2019 | Evaldas Rimasauskas/BEC | Sam (@thecyberintel) | https://www.justice.gov/usao-sdny/pr/lithuanian-man-pleads-guilty-wire-fraud-theft-over-100-million-fraudulent-business | https://www.justice.gov/usao-sdny/press-release/file/950556/download | |||||||||||||||||||
45 | 3/21/2019 | Online dating/BEC - Olufolajimi Abegunde/Javier Luis Ramos-Alonso | Sam (@thecyberintel) | https://www.justice.gov/opa/pr/two-men-found-guilty-international-cyber-fraud-scheme-involving-online-dating-and-business | ||||||||||||||||||||
46 | 3/27/2019 | Microsoft PHOSPHOROUS | @sj94356 | https://noticeofpleadings.com/phosphorus/# | ||||||||||||||||||||
47 | 5/9/2019 | Fujie Wang et al/Anthem hack | Neil Jenkins (@nejenkins) | https://www.justice.gov/opa/pr/member-sophisticated-china-based-hacking-group-indicted-series-computer-intrusions-including | https://www.justice.gov/opa/press-release/file/1161466/download | |||||||||||||||||||
48 | 12/5/2019 | Bugat/Dridex | https://www.justice.gov/opa/pr/russian-national-charged-decade-long-series-hacking-and-bank-fraud-offenses-resulting-tens?hootPostID=629d449ac4fd1b12d37f66d6551dbec1 | https://www.justice.gov/opa/press-release/file/1223586/download | ||||||||||||||||||||
49 | 2/10/2020 | PLA 54th Research Institute/Equifax hack | https://www.justice.gov/opa/pr/chinese-military-personnel-charged-computer-fraud-economic-espionage-and-wire-fraud-hacking | https://www.justice.gov/opa/press-release/file/1246891/download | ||||||||||||||||||||
50 | 7/21/2020 | LI Xiaoyu and DONG Jiazhi (MSS COVID-19 compromises) | https://www.justice.gov/opa/pr/two-chinese-hackers-working-ministry-state-security-charged-global-computer-intrusion | https://www.justice.gov/opa/press-release/file/1295981/download | ||||||||||||||||||||
51 | 9/15/2020 | Behzad Mohammadzadeh defacements | https://www.justice.gov/opa/pr/two-alleged-hackers-charged-defacing-websites-following-killing-qasem-soleimani | https://www.documentcloud.org/documents/7208905-Behzad-Mohammadzadeh-Indictment.html | ||||||||||||||||||||
52 | 9/16/2020 | APT41/Barium/Winnti/etc | Three related indictments (mention ransomware) | https://www.justice.gov/opa/pr/seven-international-cyber-defendants-including-apt41-actors-charged-connection-computer | https://www.justice.gov/opa/press-release/file/1317206/download | https://www.fbi.gov/wanted/cyber/behzad-mohammadzadeh | ||||||||||||||||||
53 | 9/16/2020 | APT41/Barium/Winnti/etc | https://www.justice.gov/opa/press-release/file/1317211/download | |||||||||||||||||||||
54 | 9/16/2020 | APT41/Barium/Winnti/etc | https://www.justice.gov/opa/press-release/file/1317216/download | |||||||||||||||||||||
55 | 10/7/2020 | IRGC domain seizure | https://www.justice.gov/opa/pr/united-states-seizes-domain-names-used-iran-s-islamic-revolutionary-guard-corps | |||||||||||||||||||||
56 | 10/12/2020 | Microsoft et al Trickbot | https://noticeofpleadings.com/trickbot/ | |||||||||||||||||||||
57 | 10/14/2020 | FinFisher | German law enforcement complaint | https://freiheitsrechte.org/home/wp-content/uploads/2019/11/2019-07-04-FinFisher-Strafanzeige-EN.pdf | https://netzpolitik.org/2020/our-criminal-complaint-german-state-malware-company-finfisher-raided/ (English), https://netzpolitik.org/2020/unsere-strafanzeige-razzia-bei-staatstrojaner-firma-finfisher-in-muenchen/ (German) | |||||||||||||||||||
58 | 10/19/2020 | GRU | https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and | https://www.justice.gov/opa/press-release/file/1328521/download | https://www.fbi.gov/wanted/cyber/gru-hackers-destructive-malware-and-international-cyber-attacks | |||||||||||||||||||
59 | 2/17/2021 | Three North Korean actors (WannaCry expansion) | https://www.justice.gov/opa/pr/north-korean-regime-backed-programmer-charged-conspiracy-conduct-multiple-cyber-attacks-and | https://www.justice.gov/opa/press-release/file/1367701/download | ||||||||||||||||||||
60 | 4/15/2021 | Treasury sanctions related to SolarWinds and others | https://home.treasury.gov/news/press-releases/jy0127 | |||||||||||||||||||||
61 | 6/4/2021 | TrickBot (Alla Witte) | https://www.justice.gov/opa/pr/latvian-national-charged-alleged-role-transnational-cybercrime-organization | https://www.justice.gov/opa/press-release/file/1401766/download | ||||||||||||||||||||
62 | 6/7/2021 | Colonial Pipeline DarkSide cryptocurrency seizure | @breakersall | https://www.justice.gov/opa/pr/department-justice-seizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside | https://www.justice.gov/opa/press-release/file/1402056/download | https://www.justice.gov/opa/press-release/file/1402001/download | ||||||||||||||||||
63 | 6/16/2021 | Oleg Koshkin - Kelihos botnet | @klrgrz | https://www.justice.gov/opa/pr/russian-national-convicted-charges-relating-kelihos-botnet | ||||||||||||||||||||
64 | 7/19/2021 | APT40 | https://www.justice.gov/opa/pr/four-chinese-nationals-working-ministry-state-security-charged-global-computer-intrusion | https://www.justice.gov/opa/press-release/file/1412916/download | ||||||||||||||||||||
65 | 7/21/2021 | Joseph O'Connor - July 2020 Twitter hack | @klrgrz | https://www.justice.gov/opa/pr/man-arrested-connection-alleged-role-twitter-hack | ||||||||||||||||||||
66 | 10/28/2021 | Vladmir Dunaev, Trickbot, Initial Appearance in US Court | @ImposeCost | https://www.justice.gov/opa/pr/russian-national-extradited-united-states-face-charges-alleged-role-cybercriminal | https://www.justice.gov/opa/press-release/file/1445241/download | |||||||||||||||||||
67 | 9/14/2021 | Project Raven: Three former US IC members charged | @JediMammoth | https://www.justice.gov/opa/pr/three-former-us-intelligence-community-and-military-personnel-agree-pay-more-168-million | ||||||||||||||||||||
68 | 11/3/2021 | JOSEPH JAMES O’CONNOR, a/k/a "PlugwalkJoe", SIM swapping | @rpargman | https://www.justice.gov/usao-sdny/pr/us-attorney-announces-indictment-charging-uk-citizen-conspiracy-commit-computer | https://www.justice.gov/usao-sdny/press-release/file/1446146/download | |||||||||||||||||||
69 | 11/5/2021 | Jury Convicts Chinese Intel Officer of Espionage Crimes | Targeted GE and other companies, related to "Arrest of Yanjun Xu" above | https://www.justice.gov/opa/pr/jury-convicts-chinese-intelligence-officer-espionage-crimes-attempting-steal-trade-secrets | https://www.justice.gov/opa/pr/chinese-intelligence-officer-charged-economic-espionage-involving-theft-trade-secrets-leading | https://www.justice.gov/opa/press-release/file/1099876/download | ||||||||||||||||||
70 | 11/8/2021 | Ukrainian Arrested and Charged with Ransomware Attack on Kaseya | https://www.justice.gov/opa/pr/ukrainian-arrested-and-charged-ransomware-attack-kaseya | |||||||||||||||||||||
71 | 11/18/2021 | Iranian nationals - presidential campaign influence | @Dylanowendylan | https://www.justice.gov/opa/pr/two-iranian-nationals-charged-cyber-enabled-disinformation-and-threat-campaign-designed | https://www.justice.gov/opa/press-release/file/1449226/download | |||||||||||||||||||
72 | 11/4/2021 | Ukraine SBU indicts FSB Center 18 affiliated group Gamaredon hackers | @_John_Doyle | https://ssu.gov.ua/en/novyny/sbu-vstanovyla-khakeriv-fsb-yaki-zdiisnyly-ponad-5-tys-kiberatak-na-derzhavni-orhany-ukrainy | https://ssu.gov.ua/uploads/files/DKIB/Technical%20report%20Armagedon.pdf | |||||||||||||||||||
73 | 3/10/2022 | Canadaian Gov Emploee Extradited for Netwalker Ransomware | Sebastien Vachon-Desjardins, Netwalker | @ImposeCost | https://www.justice.gov/opa/pr/former-canadian-government-employee-extradited-united-states-face-charges-dozens-ransomware | |||||||||||||||||||
74 | 3/24/2022 | DOJ Indicts 3 cyber operators from the FSB Center 16 (Unit 71330) | Group attribution of TEMP.Isotope/Dragonfly to FSB Center 16. Identification of Pavel Aleksandrovich Akulov, Mikhail Mikhailovich Gavrilov, and Marat Valeryevich Tyukov as operators. Attribution of Havex supply chain attack to this group | @_John_Doyle | https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical | https://www.justice.gov/opa/press-release/file/1486836/download | https://www.fbi.gov/wanted/cyber/russian-fsb-center-16-hackers | |||||||||||||||||
75 | 3/24/2022 | DOJ Indicts Evgeny Viktorovich Gladkikh as the TRITON developer, attributes to the State Research Center of the Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics (TsNIIKhM) | Attempted to deploy capabilities on Kansas ICS OT network twice. | @_John_Doyle | https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical | https://www.justice.gov/opa/press-release/file/1486836/download | https://www.fbi.gov/wanted/cyber/evgeny-viktorovich-gladkikh | |||||||||||||||||
76 | 5/6/2022 | Cryptocurrency mixer service Blender.io used to launder more than $20.5 million for DPRK's cyber program. | On March 23, 2022, Lazarus Group, a DPRK state-sponsored cyber hacking group, carried out the largest virtual currency heist to date, worth almost $620 million, from a blockchain project linked to the online game Axie Infinity; Blender was used in processing over $20.5 million of the illicit proceeds. | @_John_Doyle | https://home.treasury.gov/policy-issues/financial-sanctions/recent-actions/20220506 | https://home.treasury.gov/news/press-releases/jy0768 | ||||||||||||||||||
77 | 5/13/2022 | Sandworm Team | The Human Rights Center at UC Berkeley's School of Law sent a formal request to the Office of the Prosecutor for the International Criminal Court (ICC) in the Hague to prosecute Sandworm team on charges of war crimes for its involvement in shutting off power in Ukraine during 2015 and 2016. | @_John_Doyle | https://www.wired.com/story/cyber-war-crimes-sandworm-russia-ukraine/ | |||||||||||||||||||
78 | 5/16/2022 | Venezuelan Charged for Use and Sale of Ransomware associated w/ Iran | Moises Luis Zagala Gonzalez (Zagala), Iran, Jigsaw, Thanos | @klrgrz | https://www.justice.gov/usao-edny/pr/hacker-and-ransomware-designer-charged-use-and-sale-ransomware-and-profit-sharing | https://www.justice.gov/usao-edny/press-release/file/1505981/download | ||||||||||||||||||
79 | 4/12/2022 | US Seizure of RaidForums, site admin arrested | RaidForums’ founder and chief administrator, Diogo Santos Coelho | @klrgrz | https://www.justice.gov/opa/pr/united-states-leads-seizure-one-world-s-largest-hacker-forums-and-arrests-administrator | https://www.justice.gov/opa/press-release/file/1493586/download | ||||||||||||||||||
80 | 9/14/2022 | Three Iranians Charged with Ransomware-Style Extortion | targeted critical infrastructure | @klrgrz | https://www.justice.gov/opa/pr/three-iranian-nationals-charged-engaging-computer-intrusions-and-ransomware-style-extortion | |||||||||||||||||||
81 | 3/17/2023 | BreachForums owner "Pompompurin" Arrested | @klrgrz | https://www.documentcloud.org/documents/23713130-pompourin-affidavit-govuscourts | ||||||||||||||||||||
82 | 4/6/2023 | Microsoft Cobalt Strike takedown | https://www.documentcloud.org/documents/23743311-microsoft-cobalt-strike-complaint-takedown | |||||||||||||||||||||
83 | 5/9/2023 | Operation MEDUSA: FBI disruption and affidavit on Turla, Center 16, and the Uroburos/Snake implant | --Turla is associated with the FSB's Center 16 primarily operating out of Ryazan but has sub-units operating across Russia. (Page 7) --Turla has been operational since at least 2003, developing the original Snake/Uroborous implant. This is the same year that Center 16 stood up after the FSB absorbed the defunct FAPSI's authorities and mission mandate. (Page 6) --Some of the Snake ops were also launched from a FSB-based Moscow location, though Ryazan appears to be the main location for development work. (Page 8) --Turla working hours were usually 7am to 8pm Moscow standard time. (Page 8) --Snake was the basis for two malware families that spun out of it, Chinch and Carbon. (Page 9) --Meta note about the publication: it was released on Russia's Victory Day --It was also paired with a joint-DHS CISA, NSA, UK NCSC, and Canadian SIGINT service advisory, "Hunting Snake" report | @_John_Doyle | https://www.justice.gov/usao-edny/pr/justice-department-announces-court-authorized-disruption-snake-malware-network?s=03 | https://www.documentcloud.org/documents/23808245-23-mj-0428-affidavit | https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-129a | |||||||||||||||||
84 | 8/29/2023 | Qakbot Malware Disrupted in International Cyber Takedown | @klrgrz | https://www.justice.gov/usao-cdca/pr/qakbot-malware-disrupted-international-cyber-takedown | https://www.justice.gov/usao-cdca/divisions/national-security-division/qakbot-resources | |||||||||||||||||||
85 | 11/30/2023 | DPRK group Kimsuky sanctioned by the US | @_John_Doyle | https://home.treasury.gov/news/press-releases/jy1938 | ||||||||||||||||||||
86 | 2/15/2024 | Operation Dying Ember: FBI Disruption of APT28 (GRU) Moobot malware installed on Ubiquiti Edge OS routers | Uninstalled GRU custom scripts and changed firewall rules to prevent future remote administration | @_John_Doyle | https://www.justice.gov/opa/pr/justice-department-conducts-court-authorized-disruption-botnet-controlled-russian | |||||||||||||||||||
87 | 1/31/2024 | FBI Disruption of Volt Typhoon KV Botnet on Cisco and NetGear end of life SOHO routers | @_John_Doyle | https://www.justice.gov/opa/pr/us-government-disrupts-botnet-peoples-republic-china-used-conceal-hacking-critical | ||||||||||||||||||||
88 | 2/9/2024 | Warzone RAT disruption | https://www.justice.gov/usao-ma/pr/international-cybercrime-malware-service-dismantled-federal-authorities | |||||||||||||||||||||
89 | 2/20/2024 | LockBit disruption | https://www.justice.gov/opa/pr/us-and-uk-disrupt-lockbit-ransomware-variant | |||||||||||||||||||||
90 | 3/25/2024 | Seven Hackers Associated with Chinese Government Charged with Computer Intrusions Targeting Perceived Critics of China and U.S. Businesses and Politicians | APT31 | @klrgrz | https://www.justice.gov/opa/pr/seven-hackers-associated-chinese-government-charged-computer-intrusions-targeting-perceived | https://www.justice.gov/opa/media/1345141/dl?inline | ||||||||||||||||||
91 | 12/3/2023 | UK NCA Attributes CASTELLO Group to FSB Center 18 | @_John_Doyle | https://www.nationalcrimeagency.gov.uk/news/nca-cyber-investigation-leads-to-sanctions-for-hostile-actors-linked-to-russia-s-fsb | ||||||||||||||||||||
92 | 9/5/2024 | Operation Toy Soldier: DOJ indictment as part the international effort to combat the malicious cyber activity by Unit 29155 (161st Specialist Training Center) of the GRU | --Back dates GRU Unit 29155 cyber operations to Dec 2020. --Unit 29155 conducted the WhisperGate attack on 13 Jan 2022 to destroy Ukranian government civilian systems and sow discord amongst its citizens. --Beginning in August 2021 and continuing through Oct 2021 the defendants scanned more than 2,400 websites, including diia.gov.ua, UA's State Portal for Digital Services for vulnerabilities. --On 13 Jan 2022, the defendants compromised the DIIA portal, displaying a message in Polish, Russian, and Ukrainian that read "Ukrainians! All information about you has become public, expect the worst. This is for your past, present, and [sic] future." Hours after the deployment, they listed information on 13.5 million users from the site for sale online for $80,000, and patient health data from UA gov systems, criminal records, and motor vehicle registration information for an unspecified amount. | @_John_Doyle | https://www.justice.gov/opa/pr/five-russian-gru-officers-and-one-civilian-charged-conspiring-hack-ukrainian-government | https://www.justice.gov/opa/media/1366441/dl | ||||||||||||||||||
93 | 9/5/2024 | Operation Toy Soldier: CISA/FBI/NSA advisory about GRU Unit 29155 (161st Specialist Training Center) | --The advisory identifies this group as Cadet Blizzard/Ember Bear/Frozenvista/UNC2589/UAC-0056; --Cyber actors may have used Raspberry Robin malware in the role of an access broker --Unit 29155 actors and their cyber-criminal affiliates commonly maintain accounts on dark web forums; this has provided the opportunity to obtain various hacker tools such as malware and malware loaders like Raspberry Robin and SaintBot. --It notes that they obtain CVE exploit scripts from GitHub repositories and use them against victim infrastructure; --The group has compromised IOT devices, mostly IP-connected cameras, using Shodan to exploit and dump creds; | @_John_Doyle | https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-249a | |||||||||||||||||||
94 | 9/5/2024 | Operation Toy Soldier: FBI Wanted Poster | Identifies operations from the unit as current as August 2024 when the case was presented to a court in Maryland. | @_John_Doyle | https://www.fbi.gov/wanted/cyber/gru-29155-cyber-actors | |||||||||||||||||||
95 | 9/5/2024 | Operation Toy Soldier: State Department Rewards for Justice | --GRU malicious cyber activity also targeted U.S. critical infrastructure and included efforts to scan for vulnerabilities, map networks, and identify potential website vulnerabilities in U.S.-based critical infrastructure – particularly the energy, government, and aerospace sectors. --Adds 2 new intrusion groups beyond what the CISA advisory calls out as part of this activity: STORM-0587 and STORM-0711 | @_John_Doyle | https://x.com/RFJ_USA/status/1831739289173885095?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Etweet | https://rewardsforjustice.net/rewards/gru-officers-unit-29155/ | ||||||||||||||||||
96 | ||||||||||||||||||||||||
97 | ||||||||||||||||||||||||
98 | ||||||||||||||||||||||||
99 | ||||||||||||||||||||||||
100 |