SPIXNET C2S

Play ransomware claims attack on German hotel chain H-Hotels

21. December 2022/in E-Mail Security/by SPIXNET

The Play ransomware gang has claimed responsibility for a cyber attack on H-Hotels (h-hotels.com) that has resulted in communication outages for the company.

H-Hotels is a hospitality business with 60 hotels in 50 locations across Germany, Austria, and Switzerland, offering a total capacity of 9,600 rooms.

The hotel chain employs 2,500 people and is one of the largest in the DACH region, operating under ‘H-Hotels’ and the sub-brands Hyperion, H4 Hotels, H2 Hotels, H + Hotels, H.ostels, and H.omes.

H-Hotels disclosed the cyberattack last week and stated that the security incident occurred on Sunday, December 11th, 2022.

“According to the first findings of internal and external IT specialists, cybercriminals managed to break through the extensive technical and organizational protection systems of IT in a professional attack,” explained the H-Hotel’s security incident notice.

“After the cyber attack was found, the IT systems were immediately shut down and disconnected from the Internet in order to ward off further spread.”

Although the attack did not impact guests’ bookings, hotel staff still can’t receive or answer customer requests sent via email, so it is recommended to contact H-Hotels by phone if necessary.

The firm has informed the German investigative authorities of the incident and is working with an IT forensics firm to restore systems as quickly as possible. H-Hotels also states that they are ensuring they will be adequately protected against similar cyberattacks in the future.

Data allegedly stolen in attack

Play ransomware has claimed the attack on H-Hotels and listed the company on its Tor site today, claiming to have stolen an undisclosed amount of data during the cyberattack.

The ransomware gang claims to have stolen private and personal data, including client documents, passports, IDs, and more. However, the threat actors have not released any samples to support these claims.

H-Hotels entry on the Play ransomware Tor site (BleepingComputer)

Furthermore, H-Hotels denied seeing any evidence of data exfiltration in last week’s announcement, and there has been no update on the matter since then.

“As of today, the commissioned IT forensic scientists have no evidence that relevant or personal data could be stolen by the cyber attack,” reads the announcement.

“Should a data outflow of personal data be determined in the course of these investigations, H-Hotels.com will inform the data subjects.”

Being an EU-based company, a large-scale data leak impacting customer data would have GDPR repercussions, making the cyberattack even more damaging.

For hotel guests, the potential exposure of their details and booking data can be a severe case of a privacy breach, providing information about future locations, financial information, and more.

https://www.bleepingcomputer.com/news/security/play-ransomware-claims-attack-on-german-hotel-chain-h-hotels/

Microsoft Details Gatekeeper Bypass Vulnerability in Apple macOS Systems

21. December 2022/in Company Security/by SPIXNET

Microsoft has disclosed details of a now-patched security flaw in Apple macOS that could be exploited by an attacker to get around security protections imposed to prevent the execution of malicious applications.

The shortcoming, dubbed Achilles (CVE-2022-42821, CVSS score: 5.5), was addressed by the iPhone maker in macOS Ventura 13, Monterey 12.6.2, and Big Sur 11.7.2, describing it as a logic issue that could be weaponized by an app to circumvent Gatekeeper checks.

“Gatekeeper bypasses such as this could be leveraged as a vector for initial access by malware and other threats and could help increase the success rate of malicious campaigns and attacks on macOS,” Jonathan Bar Or of the Microsoft 365 Defender Research Team said.

Gatekeeper is a security mechanism designed to ensure that only trusted apps run on the operating system. This is enforced by means of an extended attribute called “com.apple.quarantine” that’s assigned to files downloaded from the internet. It is analogous to the Mark of the Web (MotW) flag in Windows.

Thus when an unsuspecting user downloads a potentially harmful app that impersonates a piece of legitimate software, the Gatekeeper feature prevents the app from being run as it’s not validly signed and notarized by Apple.

Even in instances where an app is approved by Apple, users are displayed a prompt when it’s launched for the first time to seek their explicit consent.

Given the crucial role played by Gatekeeper in macOS, it’s hard not to imagine the consequences of sidestepping the security barrier, which could effectively permit threat actors to deploy malware on the machines.

The Achilles vulnerability identified by Microsoft exploits a permission model called Access Control Lists (ACLs) to add extremely restrictive permissions to a downloaded file (i.e., “everyone deny write,writeattr,writeextattr,writesecurity,chown”), thereby blocking Safari from setting the quarantine extended attribute.

In a hypothetical attack scenario, an adversary could embrace the technique to craft a rogue app and host it on a server, which could then be delivered to a possible target via social engineering, malicious ads, or a watering hole.

The method also circumvents Apple’s newly introduced Lockdown Mode in macOS Ventura – an opt-in restrictive setting to counter zero-click exploits – necessitating that users apply the latest updates to mitigate threats.

“Fake apps remain one of the top entry vectors on macOS, indicating Gatekeeper bypass techniques are an attractive and even a necessary capability for adversaries to leverage in attacks,” Bar Or said.

https://thehackernews.com/2022/12/microsoft-details-gatekeeper-bypass.html

DraftKings warns data of 67K people was exposed in account hacks

21. December 2022/in Hacker News/by SPIXNET

Sports betting company DraftKings revealed last week that more than 67,000 customers had their personal information exposed following a credential attack in November.

In credential stuffing attacks, automated tools are used to make a massive number of attempts (up to millions at a time) to sign into accounts using credentials (user/password pairs) stolen from other online services.

This tactic works exceptionally well against user accounts whose owners have reused the same login information across multiple platforms.

The attackers aim to take over as many accounts as possible to steal personal and financial info, which gets sold on hacking forums or the dark web. However, the stolen information may also be used in identity theft scams to make unauthorized purchases or empty banking accounts linked to compromised accounts.

Almost 68,000 DraftKings customers affected

In a data breach notification filed with the Main Attorney General’s office, DraftKings disclosed that the data of 67,995 people was exposed in last month’s incident.

The company said the attackers obtained the credentials needed to log into the customers’ accounts from a non-DraftKings source.

“In the event an account was accessed, among other things, the attacker could have viewed the account holder’s name, address, phone number, email address, last four digits of payment card, profile photo, information about prior transactions, account balance, and last date of password change,” the breach notification reads.

“At this time, there is currently no evidence that the attackers accessed your Social Security number, driver’s license number or financial account number.

“While bad actors may have viewed the last four digits of your payment card, your full payment card number, expiration date, and your CVV are not stored in your account.”

After detecting the attack, DraftKings reset the affected accounts’ passwords and said it implemented additional fraud alerts.

It also restored the funds withdrawn as a result of the credential attack, refunding up to $300,000 identified as stolen during the incident, as DraftKings President and Cofounder Paul Liberman said in November.

Bank accounts of breached DraftKings users targeted in attack

The common denominator for user accounts that got hijacked seems to be an initial $5 deposit followed by a password change, enabling two-factor authentication (2FA) on a different phone number and then withdrawing as much as possible from the victims’ linked bank accounts.

While DraftKings has not shared additional info on how the attackers stole funds, BleepingComputer has since learned that the attack was conducted by a threat actor selling stolen accounts with deposit balances on an online marketplace for $10 to $35.

The sales included instructions on how the buyers could make $5 deposits and withdraw all of the money from hijacked DraftKings user accounts.

Instructions on how to empty breached DraftKings accounts (BleepingComputer)

After DraftKings announced the credential stuffing attack, they locked down the breached accounts, with the threat actors warning that their campaign was no longer working.

Warning that DraftKings locked the breached accounts (BleepingComputer)

The company is now advising customers never to use the same password for multiple online services, never share their credentials with third-party platforms, turn on 2FA on their accounts immediately, and remove banking details or unlink their bank accounts to block future fraudulent withdrawal requests.

As the FBI warned recently, credential stuffing attacks are quickly growing in volume due to readily available automated tools and aggregated lists of leaked credentials.

In September, identity and access management company Okta also reported that the situation has drastically worsened this year since it recorded over 10 billion credential-stuffing events during the first three months of 2022.

This amounts to roughly 34% of the overall authentication traffic tracked by Okta, which means that one in three sign-in attempts are malicious and fraudulent.

https://www.bleepingcomputer.com/news/security/draftkings-warns-data-of-67k-people-was-exposed-in-account-hacks/

KmsdBot Botnet Suspected of Being Used as DDoS-for-Hire Service

21. December 2022/in Hacker News/by SPIXNET

An ongoing analysis of the KmsdBot botnet has raised the possibility that it’s a DDoS-for-hire service offered to other threat actors.

This is based on the different industries and geographies that were attacked, web infrastructure company Akamai said. Among the notable targets included FiveM and RedM, which are game modifications for Grand Theft Auto V and Red Dead Redemption 2, as well as luxury brands and security firms.

KmsdBot is a Go-based malware that leverages SSH to infect systems and carry out activities like cryptocurrency mining and launch commands using TCP and UDP to mount distributed denial-of-service (DDoS) attacks.

However, a lack of an error-checking mechanism in the malware source code caused the malware operators to inadvertently crash their own botnet last month.

“Based on observed IPs and domains, the majority of the victims are located in Asia, North America, and Europe,” Akamai researchers Larry W. Cashdollar and Allen West said. “The presence of these commands tracks with previous observations of targeted gaming servers and offers a glimpse into the customers of this botnet for hire.”

Akamai, which examined the attack traffic, identified 18 different commands that KmsdBot accepts from a remote server, one of which, dubbed “bigdata,” caters to sending junk packets containing large amounts of data to a target in an attempt to exhaust its bandwidth.

Also included are commands such as “fivem” and “redm” that are designed to target video game mod servers, alongside a “scan” instruction that “appears to target specific paths within the target environment.”

Charting the infection attempts of the botnet signals minimal activity in the Russian territory and neighboring regions, potentially offering a clue as to its origins.

A further breakdown of the attack commands observed over a 30-day time period shows “bigdata” leading with a frequency of more than 70. Calls to “fivem” have occurred 45 times, while “redm” has seen less than 10 calls.

“This tells us that although gaming servers are a specific target offered, it may not be the only industry that is being hit with these attacks,” the researchers said. “Support for multiple types of servers increases the overall usability of this botnet and appears to be effective in driving in customers.”

The findings come a week after Microsoft detailed a cross-platform botnet known as MCCrash that comes with capabilities to carry out DDoS attacks against private Minecraft servers.

https://thehackernews.com/2022/12/kmsdbot-botnet-suspected-of-being-used.html

LinkedIn has massively cut the time it takes to detect security threats. Here’s how it did it

21. December 2022/in Company Security/by SPIXNET

LinkedIn revitalized its cybersecurity operations to be more effective than ever — by working smarter, not harder.

Image: Getty

Protecting against phishing, malware and other cyber threats is a difficult cybersecurity challenge for any organization — but when your business has over 20,000 employees and runs a service used by almost a billion people, the challenge is even tougher.

But that’s precisely the challenge that’s facing LinkedIn: the world’s largest professional network has over 875 million members, ranging from entry-level employees, all the way up to high-level executives, who all use it to network with colleagues and peers, discuss ideas, and find new jobs.

With hundreds of millions of users, LinkedIn needs to ensure its systems are secure against a range of ever-evolving cyber threats, a task that falls to LinkedIn’s Threat Detection and Incident Response team.

Heading up the operation is Jeff Bollinger, the company’s director of incident response and detection engineering, and he’s under no illusions about the significance of the challenge the company faces from cyber threats.

security

It’s well known that highly sophisticated hacking groups have high-profile companies like LinkedIn in their sights, whether that’s trying to trick users into clicking phishing links or installing malware via manipulative social-engineering attacks.

Also: These are the cybersecurity threats of tomorrow that you should be thinking about today

“Well-funded attackers are definitely challenging because they can just keep coming — we have to be right every single time, and they’ve only got to be right once,” says Bollinger.

“That’s one of the challenges — we always have to be watching. We always have to be ready — whether it’s an opportunistic attacker or if it’s a dedicated, persistent attacker, we need to have our sensors and our signals collection in place to do it, no matter who it is.”

Building significant, more mature cybersecurity for the business was no small task, something which Bollinger describes as “akin to shooting for the moon” — so the program was named Moonbase.

Moonbase set out to improve threat detection and incident response, and it aimed to do so while improving quality of life for LinkedIn’s security analysts and engineers with the aid of automation, reducing the need for manually examining files, and server logs.

It was with this goal in mind that, over a period of six months between March 2022 and September 2022, LinkedIn rebuilt its threat-detection and monitoring capabilities, along with its security operations centre (SOC) — and that process started with reevaluating how potential threats are analyzed and detected in the first place

“Every good team and program begins with a proper threat model. We have to understand what are the actual threats that are facing our company,” Bollinger explains.

That awareness begins with analyzing what data most urgently needs protecting; things like intellectual property, customer information, and information regulated by laws or standards — then thinking about the potential risks to that data.

For LinkedIn and Bollinger, a threat is “anything that harms or interferes with the confidentiality, integrity, and availability of a system or data”.

Examining patterns and data of real-world incidents provides information on what a range of cyberattacks look like, what classes as malicious activity, and what type of unusual behavior should set off alerts. But solely relying on people to do this work is a time-consuming challenge.

By using automation as part of this analysis process, Moonbase shifted the SOC towards a new model; a software-defined and cloud-centric security operation. The goal of the software-defined SOC is that much of the initial threat detection is left to automation, which flags potential threats that investigators can examine.

Also: A Winning Strategy for Cybersecurity

But that’s not to say humans aren’t involved in the detection process at all. While many cyberattacks are based around common, tried-and-tested techniques, which malicious hackers rely on throughout the attack chain, the evolving nature of cyber threats means that there’s always new, unknown threats being deployed in efforts to breach the network — and it’s vital that this activity can also be detected.

“When it comes to what we don’t know, it really depends on us just looking for strange signals in our threat hunting. And that’s really the way to get it — by dedicating time to looking for unusual signals that could eventually be rolled into a permanent detection,” says Bollinger.

However, one of the challenges surrounding this effort is that cyber attackers often use legitimate tools and services to conduct malicious activity — so, while it might be possible to detect if malware has been installed on the system, finding malicious behavior that could also realistically be legitimate user behavior is a challenge, and something LinkedIn’s rebuild has been focused around.

“Normal, legitimate administration activity often looks exactly like hacking because attackers are going for the highest level of privileges — they want to be domain admin or they want to obtain root access, so they can have all persistence and do whatever they want to do. But normal administration activities look similar,” Bollinger explains.

However, by using the SOC to analyze unusual behavior detected by automation, it’s possible to either confirm it was legitimate activity, or find potential malicious activity before it becomes a problem.

The SOC also does so without requiring information security personnel to methodically oversee what each user at the company is doing, only getting hands-on with individual accounts if strange or potentially malicious behavior is detected.

And by using this strategy, it means that the threat-hunting team can use time to quickly examine more data in more detail and, if necessary, take action against real threats, rather than having to take time to to manually examine every single alert, especially when many of those alerts are false warnings.

“I think that gives us a lot more people power to work on these problems,” says Bollinger.

privacy

But threat detection is only part of the battle — like any organization when a threat is detected, LinkedIn must be able to act against it as quickly and smoothly as possible to avoid disruption and prevent a full–blown incident.

Also: Google’s hackers: Inside the cybersecurity red team that keeps Google safe

This is where the incident-response team comes in, actively looking for and filtering out threats, based on what’s been detailed by the threat-hunting team.

“We give our people the most context and data upfront, so that they can minimize their time spent gathering data, digging around, looking for things, and they can maximize their time on actually using the critical-thinking capacities of the human brain to understand what’s actually happening,” Bollinger explains.

The operation of incident response hasn’t changed drastically, but the way it’s approached, with the additional context of data and analysis has been revised — and that shift has helped LinkedIn become much more efficient when it comes to detecting and protecting against potential threats. According to Bollinger, investigations are now much faster — all the way from detecting threats to dealing with them.

“The time to detect is the time from when activity first occurs until when you first see it — and speeding that up, it’s been dramatic for us. We went from it being several days to being minutes,” he says.

“We’ve dramatically reduced our time to detect and time to contain as well. Because once we’ve lowered that threshold for time to detect, we also have more time to actually contain the incident itself.

“Now that we’re faster and better at seeing things, that reduces the opportunities for attackers to cause damage — but the quicker that we detect something is happening, the quicker we can shut it down, and that minimizes the window that an attacker has to actually cause damage to employees, members, the platform, or the public,” says Bollinger.

Keeping the company secure is a big part of LinkedIn’s overhaul of threat-detection capabilities, but there’s also another key element to the work — designing the process, so it’s helpful and effective for staff in the SOC, helping them to avoid the stress and burnout that can accompany working in cybersecurity, particularly when responding to live incidents.

“One of the key pieces here was preserving our human capital — we want them to have a fulfilling job here, but we also want them to be effective and not worn out,” says Bollinger.

The approach is also designed to encourage collaboration between detection engineers and incident responders, who — while divided into two different teams — are ultimately working towards the same goal.

This joined-up approach has also trickled down to LinkedIn employees, who have become part of the process of helping to identify and disrupt threats.

Users are informed about potentially suspicious activity around their accounts, with additional context and explanation as to why the threat-hunting team believes something is suspicious — as well as asking the user if they think the thing is suspicious.

Depending on the reply and the context, a workflow is triggered, which could lead to an investigation into the potential incident — and a remediation.

“Instead of having people working harder, we’re having them working smarter — that was really one of the big pieces for us in in all this,” says Bollinger.

“A big part of the job is just staying on top of things. We can’t just hope for the best and hope that our tools will find everything. We need to be constantly researching — that’s a really big part of what keeps us on our toes,” he concludes.

https://www-zdnet-com.cdn.ampproject.org/c/s/www.zdnet.com/google-amp/article/linkedin-has-massively-cut-the-time-it-takes-to-detect-security-threats-heres-how-it-did-it/

Beware: Cybercriminals Launch New BrasDex Android Trojan Targeting Brazilian Banking Users

21. December 2022/in Hacker News/by SPIXNET

The threat actors behind the Windows banking malware known as Casbaneiro has been attributed as behind a novel Android trojan called BrasDex that has been observed targeting Brazilian users as part of an ongoing multi-platform campaign.

BrasDex features a “complex keylogging system designed to abuse Accessibility Services to extract credentials specifically from a set of Brazilian targeted apps, as well as a highly capable Automated Transfer System (ATS) engine,” ThreatFabric said in a report published last week.

The Dutch security firm said that the command-and-control (C2) infrastructure used in conjunction with BrasDex is also being used to control Casbaneiro, which is known to strike banks and cryptocurrency services in Brazil and Mexico.

The hybrid Android and Windows malware campaign is estimated to have resulted in thousands of infections to date.

BrasDex, which masquerades as a banking app for Banco Santander, is also emblematic of a new trend that involves abusing Android’s Accessibility APIs to log keystrokes entered by the victims, moving away from the traditional method of overlay attacks to steal credentials and other personal data.

It’s also engineered to capture account balance information, subsequently using it to take over infected devices and initiate fraudulent transactions in a programmatic manner.

Another notable aspect of BrasDex is its singular focus on the PIX payments platform, which allows banking customers in Brazil to make money transfers simply using their email addresses or phone numbers.

The ATS system in BrasDex is explicitly designed to abuse PIX technology to make fraudulent transfers.

This is not the first time the instant payment ecosystem has been targeted by bad actors. In September 2021, Check Point detailed two Android malware families named PixStealer and MalRhino that tricked users into transferring their entire account balances to an actor-controlled one.

ThreatFabric’s investigation into BrasDex also allowed it to gain access to the C2 panel used by the criminal operators to keep track of the infected devices and retrieve data logs exfiltrated from the Android phones.

The C2 panel, as it happens, is also being utilized to keep tabs on a different malware campaign which compromises Windows machines to deploy Casbaneiro, a Delphi-based financial trojan.

This attack chain employs package delivery-themed phishing lures purporting to be from Correios, a state-owned postal service, to dupe recipients into executing the malware following a multi-staged process.

Casbaneiro’s features run the typical backdoor gamut that allows it to seize control of banking accounts, take screenshots, perform keylogging, hijack clipboard data, and even function as a clipper malware to hijack crypto transactions.

“Being independent and full-fledged malware families, BrasDex and Casbaneiro form a very dangerous pair, allowing the actor behind them to target both Android and Windows users on a large scale,” ThreatFabric said.

“The BrasDex case shows the necessity of fraud detection and prevention mechanisms in place on customers devices: Fraudulent payments made automatically with the help of ATS engines appear legitimate to bank backends and fraud scoring engines, as they are made through the same device that is usually used by customers.”

https://thehackernews.com/2022/12/beware-cybercriminals-launch-new.html

15 Cybersecurity Predictions For 2023

21. December 2022/in Cybersecurity Hacks/by SPIXNET

It is difficult to make accurate trends about cybersecurity predictions for 2023

However, here are a few 15 Cybersecurity predictions potential trends that could shape the security landscape in 2023:

The continued growth of cloud computing and remote work:The COVID-19 pandemic has accelerated the adoption of cloud computing and remote work. These trends will likely continue in the coming years, leading to an increased focus on securing remote access and protecting data in the cloud.
Rise of artificial intelligence and machine learning in cybersecurity:Artificial intelligence and machine learning are increasingly used to detect and prevent cyber threats. In the future, we may see more advanced AI systems that can adapt and learn independently, making them more effective at identifying and responding to Cyber threats.
Increase in nation-state cyber attacks:Nation-state cyber attacks are likely to continue to be a significant threat in the coming years as governments worldwide seek to gain an advantage through cyber espionage and other types of cyber attacks.
The emergence of new technologies:As new technologies such as the Internet of Things (IoT) and 5G become more widespread, they will likely bring new cybersecurity challenges that need to be addressed.
Continued focus on data privacy:With the increasing amount of personal data collected and stored by businesses and governments, there is likely a continued focus on protecting and ensuring that it is used responsibly.
Greater use of biometric authentication:As cyber criminals become more sophisticated, traditional authentication methods, such as passwords, may become less effective. We may see an increase in biometric authentication methods, such as fingerprint scanners and facial recognition, to provide an additional layer of security.
Increased use of encryption:Encryption is important for protecting data and ensuring unauthorized actors cannot access it. We may see increased use of encryption in various contexts, including in the communication of sensitive data and the storage of data in the cloud.
Evolution of ransomware:In this cyber attack, the cyber-criminals encrypt a victim’s data and demand a ransom in exchange for the decryption key. We may see the evolution of more advanced forms of ransomware that are harder to detect and more difficult to mitigate.
The emergence of new cybersecurity regulations:As the importance of cybersecurity becomes more widely recognized, we may see the emergence of new rules and guidelines aimed at improving cybersecurity practices. It could include new requirements for businesses to adopt certain security measures or to report cyber incidents to authorities.
Greater collaboration between industry and government:Companies and governments need to work together to share information and best practices. We may see more collaboration between the private sector and the government to improve cybersecurity efforts.

Here are a few additional potential trends that could shape the cybersecurity landscape in 2023:

Emergence of new cybersecurity threats:As technology advances and new vulnerabilities are discovered, we may see the emergence of new types of cyber threats. For example, the increasing use of artificial intelligence and machine learning could lead to the development of new kinds of cyber attacks that exploit these technologies.
Greater focus on supply chain security:As supply chains become more complex and globalized, there is an increased risk of cyber threats being introduced through third-party vendors and partners. We may see a greater focus on supply chain security as organizations seek to protect themselves from these threats.
Increased use of cybersecurity insurance:As the frequency and severity of cyber attacks continue to rise, organizations may turn to cybersecurity insurance to protect themselves against the financial impact of a breach. This could lead to the growth of the cybersecurity insurancemarket.
The emergence of new cybersecurity tools and technologies:The development of new cybersecurity tools and technologies to detect and prevent cyber threats, use advanced analytics and machine learning to identify unusual activity, and develop new types of security software.
Greater focus on cybersecurity awareness and education:As the number and complexity of cyber threats continue to grow, there will be an increased need for individuals and organizations to be aware of cybersecurity risks and to understand how to protect themselves. We may see a greater focus on cybersecurity awareness and education to help people understand how to stay safe online.

https://hackersonlineclub.com/cybersecurity-predictions-2023/

15 Cybersecurity Predictions For 2023

T-Mobile Carrier Scammer Gets Decade in the Slammer

20. December 2022/in Cyber News/by SPIXNET

A mobile phone store owner stole T-Mobile employee credentials to “unlock” phones for resale, earning him millions in illicit profits.

Phishing emails and social engineering scams were all it took for mobile phone store owner Argishti Khudaverdyan to breach the mobile provisioning systems of T-Mobile, AT&T, and Sprint to “unlock” phones from their network constraints — earning him more than $25 million in the process.

Now Khudaverdyan has been convicted and sentenced to 10 years in federal prison for wire fraud, money laundering, and identity theft, among other counts.

In all, Khudaverdyan stole the credentials of more than 50 T-Mobile employees across the US, allowing him to unblock hundreds of thousands of phones, according to the Department of Justice.

“From August 2014 to June 2019, Khudaverdyan fraudulently unlocked and unblocked cellphones on T-Mobile’s network, as well as the networks of Sprint, AT&T, and other carriers,” the DOJ explained. “Removing the unlock allowed the phones to be sold on the black market and enabled T-Mobile customers to stop using T-Mobile’s services and thereby deprive T-Mobile of revenue generated from customers’ service contracts and equipment installment plans.”

https://www.darkreading.com/attacks-breaches/tmobile-carrier-scammer-gets-decade-slammer

Play ransomware claims attack on German hotel chain H-Hotels By

20. December 2022/in Data Security/by SPIXNET