Connect with us

Attack

OFAC Sanctions 7 New Bitcoin Addresses Allegedly Associated With Iran-Related Ransomware Activities

Published

on

OFAC Sanctions 7 New Bitcoin Addresses Allegedly Associated With Iran-Related Ransomware Activities

The Treasury’s Office of Foreign Asset Control (OFAC) has published a specially designated nationals list update (OFAC’s SDN List) that lists a number of individuals accused of being involved with Iran-related ransomware. The list further shows seven bitcoin addresses that are allegedly associated with the Iranian ransomware gang.

Iran Adds 7 New Bitcoin Addresses to the SDN List Following the Tornado Cash Ban

Following the Treasury’s Office watchdog OFAC banning the ethereum mixer Tornado Cash, OFAC published a new SDN List update on September 14, 2022. The SDN List update lists two specific companies and ten people that are accused of participating in and financing Iran-based ransomware schemes.

In the past, OFAC has accused North Korean syndicates like the infamous Lazarus Group of participating in ransomware activities. “This IRGC-affiliated group is known to exploit software vulnerabilities in order to carry out their ransomware activities, as well as engage in unauthorized computer access, data exfiltration, and other malicious cyber activities,” OFAC’s SDN List announcement states on Wednesday.

Advertisement

In addition to the ten individuals and the two companies listed, approximately seven BTC addresses are mentioned as well. Some of the addresses mentioned in the OFAC report have never seen a single BTC deposit. Other addresses have received BTC, like this one, that’s allegedly associated with an Iranian named Ahmad Khatibi Aghada, as the address once held 0.2931 BTC.

The September 14 SDN update is not the only update that lists “cyber-related designations, [and] Iran-related designations during the last two weeks. OFAC published an amendment to cyber-related designations on September 2, and two “Iran-related designations” on September 8 and 9, 2022. The update published on Wednesday is the only “Iran-related designations” update that contains newly added BTC addresses.

Tags in this story

Attack, Bitcoin Addresses, Crypto, Cryptocurrency, Digital Assets, Hackers, Iran, Iran Ransomware, Iran-related designations, Lazarus Group, Mixing Application, north korea, OFAC, OFAC list, ransomware, sdn list, Tornado cash, Tornado Cash mixer, treasury department, Updated SDN List, US Treasury

What do you think about OFAC adding seven new bitcoin addresses to the SDN List? Let us know what you think about this subject in the comments section below.

Jamie Redman

Jamie Redman is the News Lead at Bitcoin.com News and a financial tech journalist living in Florida. Redman has been an active member of the cryptocurrency community since 2011. He has a passion for Bitcoin, open-source code, and decentralized applications. Since September 2015, Redman has written more than 6,000 articles for Bitcoin.com News about the disruptive protocols emerging today.

Advertisement
Advertisement

Image Credits: Shutterstock, Pixabay, Wiki Commons

Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.

Advertisement

Alex Smirnov

Debridge Finance Suspects North Korean Hacking Syndicate Lazarus Group Attacked The Protocol’s Team

Published

on

Debridge Finance Suspects North Korean Hacking Syndicate Lazarus Group Attacked The Protocol’s Team

According to the co-founder of Debridge Finance, Alex Smirnov, the infamous North Korean hacking syndicate Lazarus Group subjected Debridge to an attempted cyberattack. Smirnov has warned Web3 teams that the campaign is likely widespread.

Lazarus Group Suspected of Attacking Debridge Finance Team Members With a Malicious Group Email

There’s been a great number of attacks against decentralized finance (defi) protocols like cross-chain bridges in 2022. While most of the hackers are unknown, it’s been suspected that the North Korean hacking collective Lazarus Group has been behind a number of defi exploits.

In mid-April 2022, the Federal Bureau of Investigation (FBI), the U.S. Treasury Department, and the Cybersecurity and Infrastructure Security Agency (CISA) said Lazarus Group was a threat to the crypto industry and participants. A week after the FBI’s warning, the U.S. Treasury Department’s Office of Foreign Asset Control (OFAC) added three Ethereum-based addresses to the Specially Designated Nationals And Blocked Persons List (SDN).

Advertisement

OFAC alleged that the group of Ethereum addresses are maintained by members of the cybercrime syndicate Lazarus Group. Additionally, OFAC connected the flagged ethereum addresses with the Ronin bridge exploit (the $620M Axie Infinity hack) to the group of North Korean hackers. On Friday, Alex Smirnov, the co-founder of Debridge Finance, alerted the crypto and Web3 community about Lazarus Group allegedly attempting to attack the project.

“[Debridge Finance] has been the subject of an attempted cyberattack, apparently by the Lazarus group. PSA for all teams in Web3, this campaign is likely widespread,” Smirnov stressed in his tweet. “The attack vector was via email, with several of our team receiving a PDF file named “New Salary Adjustments” from an email address spoofing mine. We have strict internal security policies and continuously work on improving them as well as educating the team about possible attack vectors.” Smirnov continued, adding:

Most of the team members immediately reported the suspicious email, but one colleague downloaded and opened the file. This made us investigate the attack vector to understand how exactly it was supposed to work and what the consequences would be.

Smirnov insisted that the attack would not infect macOS users but when Windows users open the password-protected pdf, they are asked to use the system password. “The attack vector is as follows: user opens [the] link from email -> downloads & opens archive -> tries to open PDF, but PDF asks for a password -> user opens password.txt.lnk and infects the whole system,” Smirnov tweeted.

Smirnov said that according to this Twitter thread the files contained in the attack against the Debridge Finance team were the same names and “attributed to Lazarus Group.” The Debridge Finance executive concluded:

Never open email attachments without verifying the sender’s full email address, and have an internal protocol for how your team shares attachments. Please stay SAFU and share this thread to let everyone know about potential attacks.

Lazarus Group and hackers, in general, have made a killing by targeting defi projects and the cryptocurrency industry. Members of the crypto industry are considered targets because a number of firms deal with finances, an assortment of assets, and investments.

Advertisement
Tags in this story

Alex Smirnov, Attack, Crypto, Cryptocurrency, Debridge Finance, DeFi, Digital Assets, exploit infects the system, Hackers, Lazarus Group, Lazarus Group attack, Malicious Email, north korea, North Korea Lazarus Group, north korean hackers, Password, PSA, suspicious email, Team Attack, widespread attack

What do you think about Alex Smirnov’s account of the alleged Lazarus group email attack? Let us know your thoughts about this subject in the comments section below.

Jamie Redman

Jamie Redman is the News Lead at Bitcoin.com News and a financial tech journalist living in Florida. Redman has been an active member of the cryptocurrency community since 2011. He has a passion for Bitcoin, open-source code, and decentralized applications. Since September 2015, Redman has written more than 5,700 articles for Bitcoin.com News about the disruptive protocols emerging today.

Advertisement

Image Credits: Shutterstock, Pixabay, Wiki Commons

Advertisement

Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.

Continue Reading

Anonymous

Anonymous Hacks Major Belarusian Government Websites

Published

on

Anonymous Hacks Major Belarusian Government Websites

The websites of several ministries of Belarus have allegedly been taken down in a new attack, part of the cyberwar Anonymous is waging to help Ukraine. The hacking group declared it’s targeting the Belarusian government for its complicity in the Russian invasion of the neighboring country.

Several Government Sites in Belarus Taken Offline by Anonymous

The websites of the Belarusian ministries of economy, education, and justice, as well as the online platform of the country’s National Center for Legal Information, have been hit by Anonymous, a Twitter account associated with the decentralized hacktivist collective announced.

According to a post recently published by Anonymous TV (@YourAnonTV), the attack is in response to the involvement of Belarus in support of Russia’s ongoing military assault on Ukraine. A few days ago, the authors of the tweet stated that the biggest government websites of Belarus were down. Some of them have already been restored.

Advertisement

JUST IN: Massive attack carried by #Anonymous against the Belarusian government for their complicity in the #Ukraine️ invasion. All their biggest government websites are #Offline. #OpRussia #OpBelarus #FreeUkraine pic.twitter.com/b358jRwPu2

— Anonymous TV 🇺🇦 (@YourAnonTV) May 29, 2022

Belarus has not sent its own forces to Ukraine but has allowed its closest ally, Russia, to use its territory and infrastructure for what Moscow calls a “special military operation” against the government in Kyiv. While this is the first time Belarusian government websites have been targeted, Anonymous has so far carried out numerous attacks against Russian online resources.

Soon after the Russian army crossed the Ukrainian borders in late February, the hacking group declared a cyberwar on Russia, vowing to disrupt the country’s internet space. It has since hit the websites of the Kremlin, the State Duma, and the Ministry of Defense, attacked Russian TV channels, and released millions of leaked emails.

In March, the hacktivist collective announced it had published 28GB of documents belonging to the Central Bank of Russia, including some of its “secret agreements.” In early May, the Anonymous-affiliated hacking group Network Battalion 65 (NB65) said it had targeted the payment processor Qiwi. Later that month, Russia’s largest banking institution, Sberbank, also suffered a blow.

Tags in this story

Anonymous, Attack, Belarus, belarusian, cyberwar, Hack, Hackers, hacking group, hacktivist collective, hit, invasion, Russia, russian, Ukraine, ukrainian, War

Advertisement

Do you expect Anonymous to continue to hit Russian and Belarusian targets? Tell us in the comments section below.

Lubomir Tassev

Lubomir Tassev is a journalist from tech-savvy Eastern Europe who likes Hitchens’s quote: “Being a writer is what I am, rather than what I do.” Besides crypto, blockchain and fintech, international politics and economics are two other sources of inspiration.

Advertisement

Advertisement

Image Credits: Shutterstock, Pixabay, Wiki Commons

Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.

Advertisement
Continue Reading

addresses

Anonymous Allegedly Hacks Sberbank, Russia’s Largest Bank

Published

on

Anonymous Allegedly Hacks Sberbank, Russia’s Largest Bank

Hacktivist collective Anonymous has allegedly breached the systems of one of the largest financial institutions in Russia, Sberbank. The attackers announced on social media they have published thousands of emails, phone numbers, and addresses.

Anonymous Hackers Reportedly Gain Access to Sberbank Database

Decentralized hacking group Anonymous claims to have hacked Sberbank. A Twitter account associated with the collective, @YourAnonOne, announced the attack earlier this week, noting the institution is the largest bank in the Russian Federation and the region of Eastern Europe.

The #Anonymous collective hacked Sberbank, it is the largest bank in Russia and Eastern Europe.

— Anonymous (@YourAnonOne) May 17, 2022

Advertisement

Moscow-headquartered Sberbank, currently called Sber, is a majority state-owned banking and financial services company with a presence in several European nations, mostly in the post-Soviet space. Western sanctions imposed over Russia’s invasion of Ukraine have affected its operations. At the end of February, Sberbank Europe said it was leaving the European market.

A tweet from another account linked to Anonymous detailed that the hackers have acquired and leaked 5,030 emails, addresses, and phone numbers from the compromised database. Sberbank, which reportedly accounts for around a third of all bank assets in Russia, has not yet commented on these claims.

The post redirects to an archive with five Excel files, crypto news outlet Forklog reported on Friday. They contain information about the bank’s free safe deposit boxes as of June 14, 2016, a register of property and partner appraisers, a list of the types of traded futures contracts, and a blank template of a certificate of property status and current obligations.

Shortly after the Russian armed forces crossed the Ukrainian border in late February, Anonymous declared a cyberwar on Russia, vowing to disrupt the country’s internet. It has since targeted the websites of the Kremlin, the State Duma, and the Ministry of Defense, attacked Russian TV channels, and released millions of leaked emails.

In March, the hacktivist collective said it has published 28GB of documents belonging to the Central Bank of Russia, including some of the monetary authority’s “secret agreements.” In early May, the Anonymous-affiliated hacking group Network Battalion 65 (NB65) announced it hit the popular Russian payment processor Qiwi.

Advertisement
Tags in this story

addresses, Anonymous, Attack, attacker, Bank, Banking, Breach, Collective, Database, Documents, emails, Group, Hack, Hackers, Hacking, hacktivist, Russia, russian, Sanctions, Sberbank, targets, Threat, Ukraine, ukrainian, War

Do you think Anonymous will continue to attack Russian targets? Share your expectations in the comments section below.

Lubomir Tassev

Lubomir Tassev is a journalist from tech-savvy Eastern Europe who likes Hitchens’s quote: “Being a writer is what I am, rather than what I do.” Besides crypto, blockchain and fintech, international politics and economics are two other sources of inspiration.

Advertisement

Advertisement

Image Credits: Shutterstock, Pixabay, Wiki Commons

Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.

Advertisement
Continue Reading

Top posts

Billionaire Hedge Fund Founder Ray Dalio Steps Down As Co-CIO Of Bridgewater Associates Billionaire Hedge Fund Founder Ray Dalio Steps Down As Co-CIO Of Bridgewater Associates
ban bitcoin2 hours ago

Billionaire Hedge Fund Founder Ray Dalio Steps Down As Co-CIO Of Bridgewater Associates

Billionaire hedge fund founder Ray Dalio has stepped down as chief executive of Bridgewater Associates, according to a transfer of...

NFT Collection Veefriends Physical Collectibles To Debut At Macy’s And Toys’R’Us NFT Collection Veefriends Physical Collectibles To Debut At Macy’s And Toys’R’Us
Andy Kraniak8 hours ago

NFT Collection Veefriends Physical Collectibles To Debut At Macy’s And Toys’R’Us

In recent times, non-fungible tokens (NFTs) and their physical counterparts have started to debut at well known retail stores and...

This Tether update may finally bear some good results in the weeks to come This Tether update may finally bear some good results in the weeks to come
Altcoins10 hours ago

This Tether update may finally bear some good results in the weeks to come

Tether, the firm behind USDT, the largest stablecoin made some key changes to its asset reserves. On 3 October, Chief...

Pro-Russian Groups Raised $400,000 In Crypto Since Ukraine Invasion, Report Reveals Pro-Russian Groups Raised $400,000 In Crypto Since Ukraine Invasion, Report Reveals
conflict10 hours ago

Pro-Russian Groups Raised $400,000 In Crypto Since Ukraine Invasion, Report Reveals

Groups supporting Russia’s war effort in Ukraine have been actively collecting cryptocurrency to fund paramilitary operations and evade sanctions, researchers...

MATIC – The how and why of this buying opportunity MATIC – The how and why of this buying opportunity
Altcoins11 hours ago

MATIC – The how and why of this buying opportunity

Disclaimer: The findings of the following analysis are the sole opinions of the writer and should not be considered investment advice....

Over $4B laundered through DEXs, coin swaps and cross-chain bridges, Elliptic reports Over $4B laundered through DEXs, coin swaps and cross-chain bridges, Elliptic reports
DEX11 hours ago

Over $4B laundered through DEXs, coin swaps and cross-chain bridges, Elliptic reports

Over $4B laundered through DEXs, coin swaps and cross-chain bridges, Elliptic reports Oluwapelumi Adejumo · 11 mins ago · 2...

Can MakerDAO’s latest development drive MKR towards its next bull rally Can MakerDAO’s latest development drive MKR towards its next bull rally
Altcoins12 hours ago

Can MakerDAO’s latest development drive MKR towards its next bull rally

MKR holders that aped in towards the end of September are pleased with their decision considering the healthy run-up in...

Bankrupt Crypto Lender Celsius’ Asset Sale Is Scheduled, Sources Say FTX CEO May Bid Bankrupt Crypto Lender Celsius’ Asset Sale Is Scheduled, Sources Say FTX CEO May Bid
Bankruptcy12 hours ago

Bankrupt Crypto Lender Celsius’ Asset Sale Is Scheduled, Sources Say FTX CEO May Bid

According to a filing published by the U.S. Bankruptcy Court for the Southern District of New York, the crypto lending...

DOGE up 8% as Elon Musk makes new acquisition offer for Twitter DOGE up 8% as Elon Musk makes new acquisition offer for Twitter
Investments13 hours ago

DOGE up 8% as Elon Musk makes new acquisition offer for Twitter

DOGE up 8% as Elon Musk makes new acquisition offer for Twitter Liam ‘Akiba’ Wright · 16 mins ago ·...

Cardano’s [ADA] price reacts this way as Voltaire hint airs Cardano’s [ADA] price reacts this way as Voltaire hint airs
ada13 hours ago

Cardano’s [ADA] price reacts this way as Voltaire hint airs

Late in September, Cardano [ADA] released the Vasil hardfork. Positive feelings persisted after the fork, as the network continued to...

Sears Home Warranty Review Sears Home Warranty Review
Uncategorized13 hours ago

Sears Home Warranty Review

Sears Home Warranty Ratings at a Glance While you likely already know Sears for the company’s series of department stores,...

Riot Blockchain produced over $7.1M worth of BTC in September Riot Blockchain produced over $7.1M worth of BTC in September
Bitcoin mining13 hours ago

Riot Blockchain produced over $7.1M worth of BTC in September

Riot Blockchain produced over $7.1M worth of BTC in September Andjela Radmilac · 2 hours ago · 1 min read...

Crypto giants criticize Twitter on scam, bot accounts impersonating them Crypto giants criticize Twitter on scam, bot accounts impersonating them
Buterin14 hours ago

Crypto giants criticize Twitter on scam, bot accounts impersonating them

Crypto giants criticize Twitter on scam, bot accounts impersonating them Oluwapelumi Adejumo · 2 hours ago · 2 min read...

Will Litecoin’s new update improve its chances of winning the PoW race Will Litecoin’s new update improve its chances of winning the PoW race
Altcoins14 hours ago

Will Litecoin’s new update improve its chances of winning the PoW race

Litecoin [LTC] has been making improvements to its existing technology for quite some time now. In line with the same,...

Ethereum Marks Three Consecutive Red Weekly Closes, Will Uptober Change Its Trajectory? Ethereum Marks Three Consecutive Red Weekly Closes, Will Uptober Change Its Trajectory?
ETH14 hours ago

Ethereum Marks Three Consecutive Red Weekly Closes, Will Uptober Change Its Trajectory?

Ethereum has been one of the cryptocurrencies that have received major support from the crypto community regardless of how the...

Mastercard Debuts Blockchain Surveillance Tool For Banks And Crypto-Centric Card Issuers Mastercard Debuts Blockchain Surveillance Tool For Banks And Crypto-Centric Card Issuers
Ajay Bhalla14 hours ago

Mastercard Debuts Blockchain Surveillance Tool For Banks And Crypto-Centric Card Issuers

On Tuesday, the multinational financial services corporation Mastercard revealed that it is launching a new crypto monitoring product called Crypto...

Research: Grayscale’s GBTC drops to all-time low of $12.5K; conversion to spot ETF could trigger rebound Research: Grayscale’s GBTC drops to all-time low of $12.5K; conversion to spot ETF could trigger rebound
adoption14 hours ago

Research: Grayscale’s GBTC drops to all-time low of $12.5K; conversion to spot ETF could trigger rebound

Research: Grayscale’s GBTC drops to all-time low of $12.5K; conversion to spot ETF could trigger rebound Christian Nwobodo · 2...

Biggest Movers: MATIC Hits 3-Week High, LINK Up Almost 10% Biggest Movers: MATIC Hits 3-Week High, LINK Up Almost 10%
Analysis15 hours ago

Biggest Movers: MATIC Hits 3-Week High, LINK Up Almost 10%

Polygon raced to a three-week high during today’s session, as bullish sentiment returned to cryptocurrency markets. Chainlink was also in...

Trending

Free Bitcoin MiningEarn from $50 to $75 daily with just your phone