The EU takes on the challenge of regulating AI. The benefits of the SEC’s proposed incident disclosure rules. Senior EU official urges member states to ban Huawei and ZTE. Read More
The CyberWire
The all in one place for non-profit security aid.
The EU takes on the challenge of regulating AI. The benefits of the SEC’s proposed incident disclosure rules. Senior EU official urges member states to ban Huawei and ZTE. Read More
The CyberWire
INTERPOL Taken Down West African Organized Crime Groups
Operation Jackal III has successfully targeted West African organized crime groups, including the notorious Black Axe syndicate. From April 10 to July 3, the operation spanned 21 countries across five continents.
The coordinated effort led to the arrest of approximately 300 suspects, the identification of over 400 additional individuals, and the blocking of more than 720 bank accounts.
Assets worth USD 3 million were seized, and multiple criminal networks were dismantled. Isaac Oginni, Director of INTERPOL’s Financial Crime and Anti-Corruption Centre (IFCACC), emphasized the operation’s significance: “The volume of financial fraud stemming from West Africa is alarming and increasing.”
The results of this operation underscore the critical need for international law enforcement collaboration to combat these extensive criminal networks.
In Argentina, Operation Jackal III culminated in the dismantling of a significant Nigerian-led transnational criminal network following a five-year investigation.
The Argentinian Federal Police seized USD 1.2 million in high-quality counterfeit banknotes, known as ‘supernotes,’ arrested 72 suspects, and froze approximately 100 bank accounts.
The network, which used money mules to open bank accounts globally, is now under investigation in over 40 countries for related money laundering activities.
Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo
The suspects include citizens from Argentina, Colombia, Nigeria, and Venezuela. Over 160 fraud victims suffered significant financial losses, with some forced to sell their homes or take out large loans.
In Switzerland, law enforcement officials seized over a kilogram of cocaine and approximately EUR 45,000 in cash. Multiple suspects believed to be part of a West African organized crime syndicate were arrested.
INTERPOL supported the operation by providing real-time access to its databases, facilitating the identification of criminals and their activities.
In Portugal, criminal police dismantled a Nigerian network involved in recruiting money mules and laundering funds from online financial fraud victims across Europe.
More than 25 syndicate members were identified, and data from seized computers and phones revealed large transfers to Nigerian bank accounts, cryptocurrency transactions, and sophisticated money laundering operations.
Diego Verdun, Head of Argentina’s National Central Bureau, highlighted the operation’s importance, stating, “Operation Jackal is a crucial step forward in combating West African online financial fraud and demonstrates that cybercriminals cannot escape the watchful eye of INTERPOL’s 196 member countries—especially in Argentina.”
Operation Jackal III mobilized police forces, financial intelligence units, asset recovery offices, and private sector partners in Argentina, Australia, Brazil, Canada, Cote D’Ivoire, France, Germany, Indonesia, Ireland, Italy, Japan, Malaysia, Netherlands, Nigeria, Portugal, South Africa, Spain, Sweden, Switzerland, the United Kingdom, and the United States.
By tracing illegal money trails worldwide, INTERPOL and the global police community ensured that no matter where these criminals tried to hide, they would be relentlessly pursued and brought to justice.
Join our free webinar to learn about combating slow DDoS attacks, a major threat today.
The post INTERPOL Taken Down West African Organized Crime Groups appeared first on Cyber Security News.
ChatGPT-4o can be used for autonomous voice-based scams
Researchers have shown that it’s possible to abuse OpenAI’s real-time voice API for ChatGPT-4o, an advanced LLM chatbot, to conduct financial scams with low to moderate success rates. […] Read More
Black Basta Ransomware Operators Using Microsoft Teams To Breach Organizations
The notorious ransomware group known as “Black Basta” has escalated its social engineering tactics to gain unauthorized access to organizations’ sensitive systems and data.
ReliaQuest, a leading cybersecurity firm, recently uncovered a sophisticated campaign involving the use of Microsoft Teams chat messages and malicious QR codes to facilitate initial access.
Black Basta, previously known for overwhelming users with email spam and posing as legitimate help-desk staff, has now advanced their techniques.
In recent incidents, the attackers have been using Microsoft Teams chat messages to communicate with targeted users, adding them to chats with external users operating from fraudulent Entra ID tenants.
Free Webinar on Protecting Websites & APIs From Cyber Attacks -> Join Here
These external users, masquerading as support, admin, or help-desk staff, use display names designed to deceive targeted users into believing they are communicating with genuine help-desk accounts.
ReliaQuest’s investigation revealed that the attackers’ actions often originated from Russia, with time zone data logged by Teams regularly featuring Moscow.
In addition to the use of Microsoft Teams, Black Basta has introduced QR codes into their phishing arsenal. Targeted users receive QR codes within these chats, disguised as legitimately branded company QR code images.
The domains used for this QR code phishing activity are tailored to match the targeted organization, with subdomains following a specific naming convention.
While the exact purpose of these QR codes remains unclear, it is suspected that they direct users to further malicious infrastructure, laying the groundwork for follow-up social engineering techniques and the deployment of remote monitoring and management of RMM tools.
The Black Basta campaign poses a significant threat to organizations across diverse sectors and geographies.
ReliaQuest has observed an alarming intensity in the group’s activities, with one incident involving approximately 1,000 emails bombarding a single user within just 50 minutes.
Successful execution of malicious files downloaded through RMM tools has led to Cobalt Strike beaconing and the use of Impacket modules for lateral movement within compromised networks.
The ultimate goal of these attacks is almost certainly the deployment of ransomware.
To combat this evolving threat, ReliaQuest recommends several measures:
Blocking identified malicious domains and subdomains
Disabling communication from external users within Microsoft Teams or allowing specific trusted domains
Setting up aggressive anti-spam policies within email security tools
Enabling logging for Microsoft Teams, particularly the ChatCreated event, to facilitate detection and investigation
Furthermore, organizations should ensure that employees remain vigilant against current social engineering tactics by providing ongoing training and awareness programs.
This vigilance should be paired with a robust defense-in-depth strategy, incorporating multiple layers of security measures such as firewalls, intrusion detection systems, and regular security audits.
As Black Basta continues to adapt their tactics, organizations must remain proactive in their cybersecurity efforts. By staying informed about the latest threats, implementing comprehensive security protocols, and fostering a culture of cybersecurity awareness, organizations can significantly reduce the risk of falling victim to these sophisticated ransomware attacks.
Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Watch Here
The post Black Basta Ransomware Operators Using Microsoft Teams To Breach Organizations appeared first on Cyber Security News.