PlugX (aka Korplug) is a remote access trojan (RAT) linked to several Chinese nation-state threat actors. Primarily spread through USB drives, it has compromised millions of computers globally, including an estimated 3,000 to 4,000 in France.

The sinkholing effort captured data from 100,000 daily pings and 2.5 million unique connections from 170 countries over six months, effectively disabling the botnet's command capabilities.

The operation, spearheaded by the Center for the Fight Against Digital Crime (C3N) of the National Gendarmerie, started over a week ago and is set to continue over the coming months. According to the reports, the joint disinfection efforts have cleaned the PlugX malware from devices belonging to around a hundred organizations across France, Portugal, Slovakia, Austria, Croatia, and Malta.

The US indicts a North Korean hacker for ransomware attacks on hospitals, NASA, military bases

US authorities indicted Rim Jong Hyok, an alleged member of the North Korean state-backed hacking outfit Andariel responsible for attacking American health care providers, NASA, US military bases, and various international entities. The goal of the attacks was to steal sensitive data and deploy ransomware for financial gain.

Rim Jong Hyok is alleged to have targeted 17 entities spanning 11 US states, as well as defense and energy companies in China, Taiwan, and South Korea. He has also been accused of laundering the illicit proceeds through a Chinese bank. The laundered funds were then used to purchase computer servers and sustain additional cyberattacks on defense, technology, and government sectors worldwide.

The indictment says that Rim, along with other operatives from Andariel, believed to be a unit of North Korea’s Reconnaissance General Bureau, managed to infiltrate NASA’s computer system for over three months. During this period, they extracted more than 17 gigabytes of unclassified data.

Additionally, the US State Department has announced a reward of up to $10 million for information leading to Rim's capture.

Cybersecurity Compliance

Prevent data breaches and meet regulatory requirements

Cybersecurity

Legal Advisory

Learn More

Coinbase hacker jailed for a $900K crypto scam

A British hacker who compromised over 500 Coinbase accounts in 2018 and 2019 via phishing websites has been sentenced to three and a half years in prison. Elliot Gunton, now in his early 20s, pleaded guilty to conspiracy to commit fraud outside the UK and money laundering.

Gunton, along with his accomplices, managed to steal more than $900,000 from over 500 accounts of users of the Coinbase cryptocurrency exchange when he was just 17 and 18 years old.

The criminals accessed the accounts by directing victims to a fake website mimicking the Coinbase login page, where they were prompted to enter their credentials. This allowed the perpetrators to gain access to the victims’ accounts and siphon off substantial amounts of cryptocurrency.

In addition to his latest sentence, Gunton has been ordered to pay back £407,359 (approximately $524,700) after hacking several high-profile Instagram accounts. In 2019, Gunton was sentenced to 20 months in prison for stealing personal data from TalkTalk customers. He exchanged the data for hundreds of thousands of dollars in cryptocurrency. However, he avoided jail time by completing a 12-month rehabilitation order.

A domain linked to fraudulent CAPTCHA bypass services seized by Microsoft

Microsoft has seized a domain operated by a trio of individuals based in Vietnam who were involved in selling fraudulent accounts and services designed to bypass CAPTCHA puzzles.

The targeted domain, rockcaptcha[.]com, was part of a cyber scheme responsible for creating and distributing fake Microsoft accounts. The action comes six months after a federal court allowed Microsoft to take control of other domains and infrastructure linked to the Storm-1152 threat actor.

The group had generated approximately 750 million fraudulent Microsoft accounts and provided CAPTCHA bypass services that facilitated various cybercrimes. Prior to the December 2023 disruption, the operation was generating around one million new Microsoft accounts each week.

The seizure was authorized by a federal judge in the Southern District of New York on July 23, according to the court filing. Microsoft identified three key individuals leading the operation: Duong Dinh Tu, Linh Van Nguyen, and Tai Van Nguyen.

Avaya scammers senteced for a $88M software license piracy scheme

A US court has sentenced Raymond Bradley “Brad” Pearce, Dusti Pearce, and Jason Hines for their involvement in an international scheme that resulted in the sale of tens of thousands of pirated Avaya Direct International (ADI) software licenses valued at over $88 million.

Pearce, who was working as a system administrator at Avaya, received a four-year prison sentence and was ordered to forfeit $4 million. His wife, Dusti Pearce, was sentenced to one year and a day in prison, with a forfeiture of $4 million. Jason Hines was sentenced to one year and six months in prison, followed by an additional 18 months of home confinement, and was ordered to forfeit $2 million.

According to court documents, the Pearces and Hines orchestrated a wire fraud scheme involving unauthorized Avaya Direct International (ADI) software licenses that unlocked features of the "IP Office" telephone system product. Utilizing his position, Brad Pearce generated tens of thousands of unauthorized license keys. He then sold these to Hines and other buyers, who distributed them to resellers and end-users worldwide. The retail value of each license varied from under $100 to several thousand dollars. Pearce also hijacked accounts of former Avaya employees, using his sysadmin privileges to create additional license keys. Dusti Pearce managed the accounting for their illicit operations.

To conceal their illegal earnings, the Pearces used a PayPal account under a false name to funnel money through multiple bank accounts, ultimately transferring it to investment and bank accounts. Hines pleaded guilty to conspiracy to commit wire fraud in July 2023, followed by the Pearces' guilty pleas in September 2023.

United States of America UK France

What’s next:

Join our upcoming webinars
Follow ImmuniWeb on Twitter, LinkedIn and Telegram
Explore 20 use cases how ImmuniWeb can help
Browse open positions to join our great Team
See the benefits of our partner program
Request a demo, quote or special price
Subscribe to our newsletter

Cyber Law and Cybercrime Investigation Weekly Blog by Key Dutch

Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law.

Recent Blog Posts:

UK Disrupts Major Booter Service Responsible For Thousands Of DDoS Attacks

Mastermind Behind Zeus And IcedID Malware Sentenced To 9 Years In Prison

An Online Fraud Gang Arrested In Japan