UK Disrupts Major Booter Service Responsible For Thousands Of DDoS Attacks
Read also: A Scattered Spider member arrested in the UK, LockBit affiliates plead guilty, and more.
Thursday, July 25, 2024
UK police disrupt Digitalstress DDoS-for-Hire service
The UK’s National Crime Agency (NCA) has announced the disruption of a major DDoS-for-hire service called digitalstress.su. The platform was responsible for facilitating tens of thousands of distributed denial of service (DDoS) attacks weekly on a global scale. The action was carried out in collaboration with the Police Service of Northern Ireland (PSNI).
The operation follows the arrest of one of the site's suspected administrators earlier this month. The NCA has since taken control of the website, rendering it non-functional and replacing it with a splash page informing users that their data has been collected by law enforcement agencies.
In addition to seizing the site, the NCA accessed various communication platforms that cybercriminals used to discuss launching DDoS attacks.
The NCA will now analyze the user information gathered from the site for further law enforcement action. Data related to international users will be shared with appropriate overseas law enforcement agencies, the NCA said.
On the same note, the French authorities have announced a major operation aimed at a network of bots that have been infecting computers with data-stealing malware. The operation started on July 18 and is set to last several months.
Three hackers linked to NoName057(16) arrested in Spain
Spanish authorities apprehended three individuals in connection with cyber-attacks by a pro-Russian hacktivist group targeting government institutions and strategic sectors in Spain and other NATO countries. The attacks were directed at nations supporting Ukraine in its struggle against Russian aggression.
Two suspects were apprehended in Huelva and Seville, southern Spain, while a third was detained in the Balearic Islands. They were arrested for “cybercrimes with terrorist intentions” following a series of distributed denial-of-service (DDoS) attacks.
The cyberattacks are said to have been orchestrated by a Russia-linked hacker group called NoName057(16). Authorities have not disclosed specific targets or the impact of the attacks. Police noted that the group's primary activity involved conducting DDoS attacks using a proprietary DDoS attack toolkit named DDoSia.
On the same note, the US authorities imposed sanctions on Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, who are said to be the leader and the primary hacker of the Russian hacktivist group Cyber Army of Russia Reborn (CARR). The group is known for their cyber operations against critical infrastructure in the US and Europe.
Cybersecurity Compliance
Prevent data breaches and meet regulatory requirements
Teen hacker arrested in the UK for involvement in MGM cyber-attack
West Midlands police officers arrested a 17-year-old boy from Walsall in connection with a global cybercrime group known as Scattered Spider, known for its involvement in a series of high-profile ransomware attacks, including a notable breach of MGM Resorts in the US.
The arrest, part of a broader global investigation into the activities of Scattered Spider, was a coordinated effort involving the Regional Organised Crime Unit for the West Midlands (ROCUWM), the National Crime Agency (NCA), and the United States Federal Bureau of Investigation (FBI).
The suspect was taken into custody on suspicion of blackmail and offenses under the Computer Misuse Act.
Authorities have released the teenager on bail as investigations continue. During the arrest, officers recovered several digital devices from the address, which are currently undergoing forensic examination.
Criminals linked to LockBit ransomware attacks plead guilty in the US
Two Russian nationals have pleaded guilty to participating in the notorious LockBit ransomware group, responsible for numerous high-profile ransomware attacks worldwide.
Ruslan Magomedovich Astamirov, 21, from the Chechen Republic, and Mikhail Vasiliev, 34, a dual Canadian and Russian national from Bradford, Ontario, admitted to their roles in deploying LockBit attacks against various victims in the United States and across the globe. As part of LockBit’s affiliate network, Astamirov and Vasiliev compromised computer systems, deployed the ransomware, and stole and encrypted data. They then demanded ransom payments for data decryption and the deletion of the stolen data.
Astamirov, operating under aliases such as "BETTERPAY," "offtitan," and "Eastfarmer," confessed to deploying LockBit against at least 12 victims between 2020 and 2023. As part of his plea agreement, Astamirov agreed to forfeit $350,000 in seized cryptocurrency extorted from a LockBit victim. He was initially charged and arrested in June 2023. Vasiliev, known online as "Ghostrider," "Free," "Digitalocean90," "Digitalocean99," "Digitalwaters99," and "Newwave110," targeted at least 12 victims between 2021 and 2023. He was charged and arrested by Canadian authorities in November 2022 and extradited to the United States in June 2023.
Astamirov pleaded guilty to charges of conspiracy to commit computer fraud and abuse and conspiracy to commit wire fraud, facing a maximum penalty of 25 years in prison. Vasiliev pleaded guilty to conspiracy to commit computer fraud and abuse, intentional damage to a protected computer, transmission of a threat related to damaging a protected computer, and conspiracy to commit wire fraud, facing a maximum penalty of 45 years in prison. Sentencing dates for both individuals have not yet been set.
A Nigerian scammer gets 12 years in prison for hacking, identity theft
Bamidele Omotosho, a 42-year-old Nigerian citizen, has been sentenced to 12 years and 7 months in US prison. Omotosho, who pleaded guilty on November 2, 2022, faced charges of conspiracy to commit wire fraud, conspiracy to commit money laundering, and computer intrusion. Omotosho also has to pay over $2 million in restitution to the victims.
According to court documents, Omotosho and his accomplices bought stolen access credentials and personal identifying information (PII) of US citizens on the now-defunct marketplace xDedic and used it to orchestrate various fraudulent schemes, including the hack of the Employees Retirement System of Texas (ERS) internet portal. The fraudsters created fake accounts and redirected retirement payments meant for legitimate ERS participants into their controlled accounts.
Omotosho's network also compromised multiple accounting firms across the United States, obtaining clients' PII and filing fraudulent tax returns with the IRS. The criminals also engaged in identity theft, applied for credit cards with stolen PII, orchestrated romance fraud and operated a business email compromise scheme, causing a $250,000 loss.
To launder the illicit proceeds, the conspirators deposited the funds onto prepaid debit cards or into bank accounts opened with the stolen personal information. They also purchased used vehicles with the proceeds, which were then shipped to Nigeria for resale.
What’s next:
- Join our upcoming webinars
- Follow ImmuniWeb on Twitter, LinkedIn and Telegram
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law. 
