Ukrainian Raccoon Infostealer Operator Extradited to US

A Ukrainian national charged with operating the Raccoon Infostealer malware-as-a-service has made an appearance in a US court after being extradited from the Netherlands.
The man, Mark Sokolovsky, 28, was arrested in March 2022, after the FBI and law enforcement agencies in Italy and the Netherlands dismantled the Raccoon Infostealer infrastructure.
In October 2022, Sokolovsky was indicted in the US for his involvement in the distribution of the Raccoon Infostealer malware to millions of computers worldwide.
Distributed using phishing and other social engineering tactics, the malware was used to steal login credentials, financial data, and other personal information.
According to court documents, in addition to stealing information from victim systems, the Raccoon Infostealer operators also leased access to the malware, charging a fee of approximately $200 per month, payable in cryptocurrency.
In 2022, the FBI announced that it had collected various types of data exfiltrated from the Raccoon Infostealer-infected computers, including over 50 million unique credentials and forms of identification.
The FBI has created a website where victims can enter their email addresses to check whether their personal information is included in the dataset in the US government's repository.
Sokolovsky is charged with conspiracy to commit computer fraud, conspiracy to commit wire fraud, conspiracy to commit money laundering, and aggravated identity theft.
He made an appearance in court on February 9 and is currently awaiting trial.


This Cyber News was published on www.securityweek.com. Publication date: Mon, 19 Feb 2024 15:43:04 +0000


Cyber News related to Ukrainian Raccoon Infostealer Operator Extradited to US

Ukrainian Raccoon Infostealer Operator Extradited to US - A Ukrainian national charged with operating the Raccoon Infostealer malware-as-a-service has made an appearance in a US court after being extradited from the Netherlands. The man, Mark Sokolovsky, 28, was arrested in March 2022, after the FBI and law ...
10 months ago Securityweek.com
FSB arrests Russian hackers working for Ukrainian cyber forces - The Russian Federal Security Service arrested two individuals believed to have helped Ukrainian forces carry out cyberattacks to disrupt Russian critical infrastructure targets. Both suspects were taken into custody one same day in two different ...
1 year ago Bleepingcomputer.com
Ukrainian activists hack Trigona ransomware gang, wipe servers - A group of cyber activists under the Ukrainian Cyber Alliance banner has hacked the servers of the Trigona ransomware gang and wiped them clean after copying all the information available. The Ukrainian Cyber Alliance fighters say they exfiltrated ...
1 year ago Bleepingcomputer.com
Sandworm Hackers Caused Another Blackout in Ukraine-During a Missile Strike - The notorious unit of Russia's GRU military intelligence agency known as Sandworm remains the only team of hackers to have ever triggered blackouts with their cyberattacks, turning off the lights for hundreds of thousands of Ukrainian civilians not ...
1 year ago Wired.com
WinRAR Flaw: LONEPAGE Malware Strikes Ukrainian Firms - In the realm of cybersecurity, vigilance is paramount, and recent developments reveal a persistent threat facing Ukrainian entities. In this blog post, we'll look into the intricate details of the persistent cybersecurity threat posed by LONEPAGE ...
11 months ago Securityboulevard.com
Who Is Behind Pro-Ukrainian Cyberattacks on Iran? - COMMENTARY. Ukrainian cyber forces have attacked Russian infrastructure and assets almost since the first day of the Russian invasion of Ukraine on Feb. 24, 2022. While its mainstay is denial-of-service attacks that have knocked out the Russian ...
11 months ago Darkreading.com
Hackers use new Agent Raccoon malware to backdoor US targets - A novel malware named 'Agent Raccoon' is being used in cyberattacks against organizations in the United States, the Middle East, and Africa. The attackers are believed to be nation-state threat actors discovered by Palo Alto Network's Unit 42, which ...
1 year ago Bleepingcomputer.com
Russian Cyberattackers Launch Multiphase PsyOps Campaign - Russia-linked threat actors employed both PysOps and spear-phishing to target users over several months at the end of 2023 in a multiwave campaign aimed at spreading misinformation in Ukraine and stealing Microsoft 365 credentials across Europe. The ...
9 months ago Darkreading.com
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies - After Sandworm and APT28, another state-sponsored Russian hacker group, APT29, is leveraging the CVE-2023-38831 vulnerability in WinRAR for cyberattacks. APT29 is tracked under different names and has been targeting embassy entities with a BMW car ...
1 year ago Bleepingcomputer.com
Ukrainian military says it hacked Russia's federal tax agency - The Ukrainian government's military intelligence service says it hacked the Russian Federal Taxation Service, wiping the agency's database and backup copies. Following this operation, carried out by cyber units within Ukraine's Defense Intelligence, ...
1 year ago Bleepingcomputer.com
Ukrainian hackers disrupt internet providers in Russia-occupied territories - Ukrainian hackers have temporarily disabled internet services in parts of the country's territories that have been occupied by Russia. The group of cyber activists known as the IT Army said on Telegram that their distributed denial-of-service attack ...
1 year ago Therecord.media
CVE-2024-31391 - Insertion of Sensitive Information into Log File vulnerability in the Apache Solr Operator. This issue affects all versions of the Apache Solr Operator from 0.3.0 through 0.8.0. When asked to bootstrap Solr security, the operator will enable basic ...
8 months ago Tenable.com
Sophisticated Booking.com Scam Targeting Guests with Vidar Infostealer - The 'How To' guide for targeting Booking.com customers is being offered for sale on the dark web, as well as on underground cybercrime forums, including Russian-speaking platforms such as XSS.IS. Cybersecurity firm Secureworks is alerting Booking.com ...
1 year ago Hackread.com
Weak password and infostealer blamed for Orange Spain outage The Register - A weak password exposed by infostealer malware is being blamed after a massive outage at Orange Spain disrupted around half of its network's traffic. The network provider is Spain's second most popular and on Wednesday evening confirmed its RIPE ...
11 months ago Go.theregister.com
- Appearing flattered by the dogged analysis of Chaes malware over the years, the infostealer's developer dropped secret messages in the latest version of the code praising threat hunter efforts and thanking them for the interest. Analysis of ...
11 months ago Darkreading.com
Investigation of xDedic cybercrime site reaches 'culmination,' US says - The U.S. Department of Justice said that it has charged nearly 20 individuals for their involvement in the xDedic cybercrime marketplace operation, with more than a dozen already sentenced to prison. Since its takedown in 2019, international law ...
11 months ago Therecord.media
Ukraine security services involved in hack of Russia's largest private bank - Ukrainian hackers collaborated with the country's security services, the SBU, to breach Russia's largest private bank, a source within the department confirmed to Recorded Future News. Last week, two groups of pro-Ukrainian hackers, KibOrg and NLB, ...
1 year ago Therecord.media
State-Sponsored APT Groups Use Ransomware Tactics for Intelligence Gathering and Sabotage - State-sponsored threat groups are increasingly using ransomware-like tactics to hide more insidious activities. Russian APT group Sandworm has used ransomware programs to destroy data multiple times in the past six months, while North Korea's Lazarus ...
1 year ago Csoonline.com
Ukraine Arrests Hacker for Assisting Russian Missile Strikes - Ukrainian security services have arrested a hacker for allegedly targeting government websites and providing intelligence to Russia to carry out missile strikes on the city of Kharkiv. Security Service of Ukraine revealed that its cyber unit has ...
10 months ago Infosecurity-magazine.com
Russian hackers hijack Ukrainian TV to broadcast Victory Day parade - Russia-aligned hackers hijacked several Ukrainian television channels on Thursday to broadcast a Victory Day parade in Moscow, commemorating the defeat of Nazi Germany in World War II. According to the Ukrainian agency responsible for television and ...
7 months ago Therecord.media
Zeus, IcedID malware gangs leader pleads guilty, faces 40 years in prison - Ukrainian national Vyacheslav Igorevich Penchukov, one of the heads of the notorious JabberZeus cybercrime gang, has pleaded guilty to charges related to his leadership roles in the Zeus and IcedID malware groups. Penchukov was arrested in ...
10 months ago Bleepingcomputer.com
Google links WinRAR exploitation to Russian, Chinese state hackers - Google says that several state-backed hacking groups have joined ongoing attacks exploiting a high-severity vulnerability in WinRAR, a compression software used by over 500 million users, aiming to gain arbitrary code execution on targets' systems. ...
1 year ago Bleepingcomputer.com
ShinyHunters Suspect Extradited to United States - The notorious hacking group, ShinyHunters, has been suspected of being extradited to the United States to face criminal charges. The news comes after a string of high-profile breaches attributed to the hacker collective. ShinyHunters are believed to ...
1 year ago Tripwire.com
A Ukrainian Raccoon Infostealer operator is awaiting trial in the US - We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience ...
10 months ago Securityaffairs.com
CVE-2020-7922 - X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances. Customers who do not use X.509 authentication, and those who do not use the ...
3 months ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)