Bumblebee Abuses WebDAV Protocol to Attack Organizations

0
[ad_1]

In recent cybersecurity news, the notorious Bumblebee loader has made a resurgence in a new campaign, posing a significant threat to organizations’ digital security. 

This loader, often used as a stepping stone for ransomware attacks, had taken a pause but reemerged with upgraded techniques.

Intel 471 Malware Intelligence reported that Bumblebee’s operators have returned with updated tactics. 

The malware now employs a Domain Generation Algorithm (DGA) instead of relying on hard-coded command and control servers, making it more resilient.

On September 7, 2023, a fresh campaign utilizing Web Distributed Authoring and Versioning (WebDAV) servers was observed. 

Threat actors used malicious spam emails containing Windows shortcut (.LNK) and compressed archive (.ZIP) files as delivery methods for Bumblebee. Once activated, these files executed commands that downloaded the malware from WebDAV servers.

Document
FREE Demo

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

Bumblebee gained prominence as a loader in September 2021, becoming the preferred choice for threat actors who had previously used BazarLoader. 

Notorious Bumblebee Campaign

It has since been linked to various ransomware payloads, including Cobalt Strike, Metasploit, and Sliver.

This loader’s association with threat actors connected to Conti and Trickbot operations highlights its potency. 

One threat actor aimed to use Bumblebee in a malicious advertising campaign to compromise U.S.-based corporate users, emphasizing its value to cybercriminals.

In this recent campaign, threat actors have leveraged 4shared WebDAV services to distribute the malware. 

The 4shared file-hosting service provides a platform for users to upload and download files via both a web interface and the WebDAV protocol. 

WebDAV enables users to manage and edit files on remote servers, making it a convenient tool.

While the use of WebDAV in malware distribution isn’t new, it played a role in distributing the IcedID (aka Bokbot) malware earlier in the year, as noted by the SANS Internet Storm Center. 

In the Bumblebee campaign, malicious actors sent out spam emails disguised as various documents such as scans, notifications, and invoices. 

These emails contained enticing attachments with filenames like “scan-document_2023(383).lnk” and “invoice-07september_2023(231).lnk.”

Most of the observed samples were distributed as .LNK files. When executed, these .LNK files initiated the Windows command processor, which carried out predefined commands. 

The first command involved mounting a network drive to a WebDAV folder located at “https://webdav.4shared[dot]com” using specific authentication credentials.

Detailed analysis revealed variations in command sets among different samples. After mounting the network drive, subsequent commands differed depending on the specific sample. 

For instance, some used “expand” for file extraction, while others employed “replace.exe” as an alternative method. The approaches to executing these files also varied, utilizing processes like “wmic.exe,” “conhost.exe,” and “schtasks.”

On September 1, 2023, a new version of the Bumblebee loader was detected, featuring significant changes to its architecture. 

It shifted from using the WebSocket protocol to a custom Transmission Control Protocol (TCP) for communication. 

A Domain Generation Algorithm (DGA) was also introduced, replacing the previous hard-coded list of command and control servers. The DGA generated 100 new domains with a “.life” top-level domain (TLD), adding complexity and reducing reliance on static C2 servers.

In the observed WebDAV campaign, four domains were listed, and the fourth domain was successfully resolved and contacted:

  • 3v1n35i5kwx[dot]life
  • cmid1s1zeiu[dot]life
  • Itszko2ot5u[dot]life
  • newdnq1xnl9[dot]life

This evolving Bumblebee loader highlights a coordinated effort by threat actors to enhance evasion tactics and resilience against network scrutiny. The use of 4shared’s WebDAV services as a distribution method represents a novel attack vector. 

Detailed analysis of the .LNK files used in this campaign shows calculated steps to evade detection, including mounting network drives and employing varied command sequences and execution methods.

Intel 471 recommends blocking known malicious domains associated with this campaign and closely monitoring command line event logs for suspicious activity.

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.


[ad_2]
Source link

Amazon’s ‘Eye Gaze’ feature uses your gaze to perform tasks

0
[ad_1]

Amazon has announced a new pair of accessibility features coming to devices with Eye Gaze on Alexa and a new call translation feature. Both are intended to bring accessibility enhancements to the Fire Max 11 tablet and will be rolling out later this year. The new features were announced as part of Amazon’s fall hardware event, where it also announced products like the new Echo Pop for kids, the new Echo Frames, and more.

The call translation feature will do exactly what it sounds like. It’ll transcribe Alexa calls on an Echo show device. Users can place an Alexa call and if the feature is enabled, they’ll see captions on the display so they can read what’s being said. The features multiple languages including English, French, Spanish, and Portuguese. Plus it’s arriving in multiple regions when it launches. Initially Amazon says it’ll be coming to users in the US, UK, Canada, Mexico, and a few countries in Europe. Including Spain, Germany, Italy, and France.

The company doesn’t mention when or if the feature will out to more regions. But the list of supported countries for Alexa is pretty large. So Amazon is probably just starting small here. With plans to roll the call translation out to other regions in the future.

Eye Gaze on Alexa will control your smart home with just a look

The other accessibility feature is Eye Gaze on Alexa. Though it can be used by anyone, it was designed with people that have mobility or speech disabilities in mind. The idea is that the feature will use your device’s camera to track where exactly you’re looking on the screen. Then translate that into an action to be performed.

With Eye Gaze users can do a small number of preset tasks including controlling smart home devices. You’ll also be able to make calls and control the playback of media. The feature is completely free and will be hitting the Fire Max 11 tablet later in 2023. Amazon didn’t mention an exact release date though.

Worth noting is that Amazon said this was “still early days of the technology.” Which suggests that there are likely to be quite a few changes or updates to it as time goes on and users could experience bugs or inconsistencies in how things work. However, Amazon also stated that it’s excited about the feature’s technological potential.


[ad_2]
Source link

Amazon Alexa is getting an update to make it rival Google Assistant

0
[ad_1]

Amazon just held its latest hardware event on Wednesday, and the company announced some new products. During the presentation, the company let us in on the future of Alexa. According to the company, Alexa will be getting a boost from our old friend, generative AI.

As you well know, voice assistants use artificial intelligence. It’s not on the scale of something like ChatGPT, but there’s still some wizardry behind it. However, Amazon has been working on generative AI behind the curtains for about nine years. The company has been using its LLM to help train the user-facing Alexa assistant.

Amazon Alexa will use generative AI in the near future

We use generative AI on our computer screens or our phone screens, but Amazon wants to conquer a new frontier. It wants to focus on bringing generative AI technology to a digital voice assistant.

This is a move to make Alexa much more natural and conversational. Amazon has been working on certain things like latency and Alexa’s tone in order to make it seem like you’re talking to an actual human being. It’s focusing on making Alexa more conversational and natural sounding.

One thing that the company showed off during the presentation is called “Let’s Chat”. It looks like when you summon Alexa and say “Let’s chat”, you’ll gain access to a more conversational Alexa. At that point, just say what you want to look up. When you give your query, Alexa will give you a very human-sounding response.

Since this uses generative AI, you’ll be able to ask Alexa to generate spoken content for you. Just like with ChatGPT or other bots, you can ask it to write a story, poem, etc. It will be just like talking to one of the numerous chatbots that are on the market today.

The company announced that this feature will begin testing for customers in the US. It will be an early preview, and it will work on all Alexa devices, even the original Alexa devices that shipped back in 2014. We’re not sure when the testing will begin.


[ad_2]
Source link

Amazon reveals a bunch of new features and improvements coming to Alexa

0
[ad_1]
Google’s Assistant main competitor, Alexa is getting new features and improvements, Amazon announced earlier today. Judging by what we’ve seen during Amazon’s presentation, future Alexa feels like an assistant on steroids compared with the Alexa from a decade ago.

Thanks to the power of generative AI, Amazon has been able to upgrade many of Alexa’s features. The most important upgrade revealed today is a new large language model that’s been specifically optimized for voice interactions.

Basically, Alexa will be more expressive and will sound a lot more casual when chatting with you. Starting this year, customers in the United States will be able to preview some of the capabilities enabled by generative AI by saying “Alexa, let’s chat” to Echo devices they already own.

As mentioned, in the preview Echo owners should notice that Alexa feels more natural and conversational than before, as well as the digital assistant’s ability to reason and understand complex requests, which has been consistently improved.

Video Thumbnail

Amazon also announced that it’s been able to design new smart home experiences and make Alexa easier to talk and interact with. For example, you’ll soon be able to combine multiple requests into one by saying, “Alexa, close all the blinds, turn off all the lights, and start the vacuum.”

Later this year, Alexa will gain the ability to detect the brightness level and activity in a room, and decide to turn the lights on or off. Customers who specifically want this feature should look for motion and ambient light sensors that have the WWA (Works with Alexa) badge. According to Amazon, select Echo devices with motion and ambient light sensors will also support this feature, including the Echo Dot (5th Gen).

Eye gaze is another interesting new feature announced by Amazon today. It’s meant to support customers with mobility or speech disabilities by allowing them to gaze at their tablet to perform pre-set Alexa actions, such as playing music and shows, controlling home environment, and communicating with friends and family. This feature will start rolling out to customers at no additional cost later this year on Fire Max 11 tablets in the US, UK, Germany, and Japan.

Call Translation does exactly what the name suggests: it captions your Alexa audio and video calls in real time. The feature will launch to Echo Show customers and on the Alexa mobile app in the US, Canada, Mexico, UK, Germany, France, Italy, and Spain later this year, in over 10 languages, including English, Spanish, French, German, and Portuguese.

Another new service announced today by Amazon is Alexa Emergency Assist. It will enable users to get fast access to help, hands free through a supported Echo device. The at-home hands-free safety service includes features like 24/7 Urgent Response, Smart Alerts, and Emergency Contacts and costs $5.99 per month or $59 per year.

 

Customers in the US will soon be able to subscribe to the new Alexa Emergency Assist service, while Guard Plus customers will instead get access to Alexa Emergency Protect for $4.99 per month or $49.99 per year.

Furthermore, Amazon confirmed the upcoming release of Explore with Alexa, a new conversational experience specifically designed for Amazon Kids+ on Echo devices. The new experience combines trivia questions and entertaining facts, and should be available before the holidays, Amazon says.

With Explore with Alexa, kids can ask Alexa a question about animals and nature, and Amazon’s assistant will respond with info adapted from trusted sources.

Last but not least, Amazon announced a new Map View experience, which allows customers to use compatible iOS devices to scan and create a digital map of their home’s floor plan and pin their connected devices to it.

The new Map View feature also allows users to control their devices, like turning all the lights on and off in a single tap or check if the doors are locked after leaving home in a hurry. This will be available in the Alexa app later this year and come to Echo Hub in early 2024.


[ad_2]
Source link

Nagios Monitoring Tool Vulnerabilities Let Attackers SQL Queries

0
[ad_1]
Nagios Monitoring Tool Vulnerabilities

Nagios XI is a prominent and frequently used commercial monitoring system for IT infrastructure and network monitoring. 

Vulnerability Research Engineer Astrid Tedenbrant found four distinct vulnerabilities in Nagios XI (version 5.11.1 and below) while conducting routine research.

By making use of three of these flaws classified as (CVE-2023-40931, CVE-2023-40933, and CVE-2023-40934), users with various levels of access rights can get access to the database field via SQL injection.

Additionally, the vulnerability (CVE-2023-40932) permits Cross-Site Scripting through the Custom Logo component, rendering on all pages, including the login page.

Details of the Vulnerabilities

SQL Injection in Banner acknowledging endpoint (CVE-2023-40931)

“Announcement Banners” are a feature of Nagios XI that users may choose to recognize. This feature’s endpoint is susceptible to a SQL Injection attack.

When a user acknowledges a banner, a POST request is made to ‘/nagiosxi/admin/banner_message-ajaxhelper.php’ with the POST data ‘action=acknowledge banner message&id=3’.

“The ID parameter is assumed to be trusted but comes directly from the client without sanitization”, the researcher explains.

“This leads to a SQL Injection where an authenticated user with low or no privileges can retrieve sensitive data, such as from the `xi_session` and `xi_users` table containing data such as emails, usernames, hashed passwords, API tokens, and backend tickets”.

SQL Injection in Host/Service Escalation in CCM (CVE-2023-40934)

An authorized user with access to control host escalations can run any database query using Nagios XI’s Core Configuration Manager.

The same database access is possible through this vulnerability as through previous SQL Injection vulnerabilities, although it necessitates more privileges than CVE-2023-40931.

SQL Injection in Announcement Banner Settings (CVE-2023-40933)

In this case, while performing the `update_banner_message_settings` action on the affected endpoint, the `id` parameter is assumed to be trusted and is concatenated into a database query with no sanitization. This allows an attacker to modify the query, the researcher said.

Compared to CVE-2023-40931, successful exploitation of this vulnerability needs more privileges but provides the same database access as the other two SQL Injection Vulnerabilities.

Cross-Site Scripting in Custom Logo Component (CVE-2023-40932)

Reports say Nagios XI may be modified to include a unique corporate logo, which will be visible across the entire product. Included in this are the login page, various administration pages, and the landing page.

A cross-site scripting flaw in this functionality allows an attacker to inject arbitrary JavaScript, which any user’s browser will be able to execute.

“This can be used to read and modify page data, as well as perform actions on behalf of the affected user. Plain-text credentials can be stolen from users’ browsers as they enter them.,” reports said.

Fix Available

All of these vulnerabilities have been fixed, and users are encouraged to update to 5.11.2 or later.

The commercial version of the open-source Nagios Core monitoring platform, Nagios XI, offers more functionality that makes managing complicated IT settings easier.

Because of the access that Nagios XI requires, it is frequently used in highly privileged instances, making it an attractive target for attackers.

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.


[ad_2]
Source link

Fake YouTube Android Apps Used to Distribute CapraRAT

0
[ad_1]

KEY FINDINGS

  • APT36, a Pakistani group known for targeting military and diplomatic personnel in Pakistan and India, is exploiting YouTube to infect Android devices with CapraRAT.
  • CapraRAT is a highly invasive RAT that gives attackers control over much of the data on infected devices.
  • The attackers are using fake YouTube Android apps hosted on third-party websites to distribute CapraRAT.
  • The malicious apps request risky permissions during installation and can extract data, record audio/video, serve as potent spyware, and access sensitive communication data.
  • Researchers advise organizations and individuals to evaluate their defences against APT36.
  • The attacker is suspected to be a Pakistani group called Transparent Tribe, known for targeting diplomatic/military personnel in Pakistan and India.
  • The attacker uses malicious Android apps mimicking YouTube for Android to distribute CapraRAT.

SentinelLabs has published research findings about the tactics an advanced persistent threat (APT) actor uses to target individuals and organizations in Pakistani and Indian military and diplomatic sectors and the Indian education sector. 

Report author Alex Delamotte noted that in its recent attack spree, the attacker has used fake YouTube Android apps hosted on third-party websites as the primary lure.

SentinelLabs discovered three APK packages (three Android apps) distributing CapraRAT mobile remote access trojan (RAT). This RAT is linked to a Pakistani actor tracked as Transparent Tribe or APT36

This actor is known for using malicious/compromised Android apps and targets Indian defence/government entities, particularly those linked with Kashmir affairs. It also targets Pakistani military personnel/entities and human rights activists.

The actor’s objective is to gather intelligence info and use a range of tools to infiltrate Windows, Linux, and Android systems.

These apps appear as YouTube for Android but are fake versions launched with malicious intentions. The actor has designed these apps to mimic the genuine YouTube app, but keen observation highlights their inherent flaws. For instance, the apps appear more like web browsers than an app because of the use of WebView to load the service and lack many signature features of the original platform.

CapraRAT is a highly invasive tool that gives the attacker control over much of the data on the Android devices that it infects. During the installation process, the apps ask for risky permissions. The malware can extract data, record audio/video, serve as potent spyware, and access sensitive communication data. It can also make calls, intercept/block SMS messages, and override GPS and Network settings. The extracted information is uploaded to the attacker-controlled server.

The malware is promoted as trojanized secure messaging/calling apps under the names MeetsApp and MeetUp, and distributed through social engineering lures. In this campaign, the malicious YouTube apps are distributed via third-party platforms and not from Google Play or Android Play Store.

In their report, researchers found that the APKs were uploaded to VirusTotal in April, July, and August 2023. Two are titled YouTube whereas the third app is linked to a YouTube channel titled Piya Sharma. This indicates the attacker is using this name as a lure as well.

Fake YouTube Android Apps Used to Distribute CapraRAT

Calling Transparent Tribe a “perennial actor”, Delmotte wrote that the actor displays reliable habits therefore, organizations/individuals should “evaluate defence against this actor and threat.”

It is also important to note that APT36 is a sophisticated threat actor, and organizations + users should be prepared to detect and respond to attacks from this group. Here are some suggestions:

  • Android users should only install apps from the Google Play Store or other trusted sources.
  • Users should be wary of clicking on links in emails or social media posts from unknown senders.
  • Users should keep their devices and apps up to date with the latest security patches.
  • Organizations should implement security best practices, such as multi-factor authentication and employee security awareness training.

KEY FINDINGS

  1. Google Deletes Fake BatteryBot Pro Malware App
  2. Popular Swing VPN Android App Identified as DDoS Botnet
  3. Botnet found using YouTube to illegally mine cryptocurrency
  4. Google details cookie stealer malware campaign hits YouTubers
  5. YouTube scammers impersonated Elon Musk; stole $150k in BTC
  6. New MMRat Android Trojan Uses Fake App Stores for Bank Fraud

[ad_2]
Source link

Amazon’s new eero Max 7 will let you download a 4K movie in seconds

0
[ad_1]

Amazon has announced a slew of new products at its Fall Hardware event today, including a new router from the eero division. That’s the eero Max 7. And no, the number seven doesn’t mean this is supporting WiFi 7, yet. But it is still the fastest eero router yet.

The eero Max 7 does support 2.4GHz, 5GHz and 6GHz bands, giving you great coverage and up to WiFi 6E compatibility here. This is going to allow for up to 4.3Gbps wireless speeds and up to 9.4Gbps wired speeds. eero says that this would allow you to download a 4K movie in as little as 10 seconds.

eero Max 7 is able to cover up to 2,500 square-feet, so most homes would only need a single eero, instead of multiple ones. Which makes sense, since this one is a lot larger than other eero routers in the past. It does also have four ethernet ports on the back, so you can connect to it wired.

eero is a mesh WiFi router

For those that might be unfamiliar with eero, it’s a mesh WiFi router, which allows for better WiFi coverage, and speeds. So you could connect multiple routers, or satellites together to expand your coverage. This is better than a signal repeater, as it is not repeating your signal, and thus losing speed. According to Amazon, the eero Max 7 router can connect to over 200 devices.

It’s not yet available for pre-order, but you can sign up to be notified when pre-orders do begin. A single eero Max 7 will cost you $599. While a two-pack is $1,149, and a three-pack is $1,699. Unless you have a mansion or have a small office building, you won’t need more than a single eero Max 7.

eero Max 7 – Amazon


[ad_2]
Source link

Amazon assembles a team of new kids devices

0
[ad_1]

Amazon this morning has announced a few new kids devices for this Fall, including an Echo Pop Kids Marvel’s Avengers edition. During its fall hardware event the online retailer revealed the updated devices for kids, alongside new features for those devices.

On the hardware side of things, there are two new devices. The new Echo Pop kids smart speaker, which comes in two models, and the new Fire HD 10 Kids. Where things get really exciting for kids are the new features that can be used with these devices. Such as the Explore with Alexa experience coming to the Amazon Kids+ content service. Amazon says this new feature will be a more fun way for kids to interact with Alexa when asking questions.

Instead of getting almost strictly factual responses, kids can ask a question and get an answer back that is more conversational and fun. Here’s what one of those responses might look like. “Orca whales have long, sleek bodies that travel through the ocean kind of like a submarine. These animals can travel up to 35 miles per hour. This helps them to hunt and capture fish, seals, and other sea life! Do you want to keep exploring?” Amazon says that kids already ask Alexa more than 25 million questions a month. So with these new fun responses that number is likely to go higher and the whole experience should be more enjoyable for kids and keep them more engaged.

The new Echo Pop kids comes in Marvel’s Avengers and Disney Princess editions

The kids lineup of devices from Amazon has always tried to be more fun with kid-like styles and themes. This trend continues with the latest Echo Pop kids which comes in two different styles. One that features Marvel’s Avengers and another with Disney princesses. Kids can see their favorite characters right across the front of the speaker. And each one comes with a theme that matches the design too. For example, kids might hear a joke or a fun fact about an Avenger or a Disney princess during a response.

Amazon says there’s also easter eggs to find, which “superfans” might discover if they utter the correct phrase. These are up for pre-order starting today at $49.99 and they officially launch next month.

New Fire HD 10 kids tablets and lighter and faster

In addition to the new speakers, Amazon is also launching the next generation of kids tablets. The Fire HD 10. Amazon interestingly has a model for two different age groups. First there’s the Fire HD 10 for kids that are between the ages of 3 and 7. Then there’s the Fire HD 10 Pro for kids that are between the ages of 6 and 12.

Both tablets come with a 10.1-inch screen with 1080p resolution, and are 25% lighter than the previous version of the tablet. So they’ll be easier for kids to hold and grip. Which is probably important for the younger ones. They also come with 13 hours of battery life so there’s lots of juice in there to keep kids entertained for a while. The new Fire HD 10 kids is also available for pre-order today starting at $189.99. Both models launch officially in October.

Echo Pop Kids

Fire HD 10 Kids


[ad_2]
Source link

Google Meet has just got updated with a nifty productivity feature

0
[ad_1]
Google is adding new features to its apps all the time, and Meet is no exception. Although the app has been recently in the center of a controversy, as Google decided to remove support for Meet and Zoom from the Nest Hub Max, it probably has nothing to do with the latest update.

Early this week, Google announced that Meet will finally allow users to install third-party add-ons directly within the app. It’s a very useful productivity feature that will enable Google Meet users to install whatever third-party apps they need without having to leave the app.

To do that, simply visit the “Featured add-ons” category from the top of the activities panel, and you’ll be able to install and start using various apps like Confluence, Figma, Lucidspark, Miro, Polly and Read.ai in your meetings in just two clicks.

But wait, there’s more! A new “Get add-ons” button is now available in Google Meet, which will send users to the Google Workspace Marketplace where they can browse more add-ons for the app. It’s worth noting though that some add-ons might not appear in the marketplace if admins turned off access to them.

In the same piece of news, Google announced an upgrade to its partnership with Miro revealed back in 2022. Starting this week, Miro will open directly in Meet, whereas until now that app would only open in a separate tab with Google Meet in the sidebar. Make sure to install the Miro add-on in the Google Workspace Marketplace to be able to access the Miro integration with Meet.

According to Google, the new feature is available now for those in the rapid release domains, while the rest should get the feature in the next two weeks. The ability to install third-party apps directly within the app is available to all Google Workspace customers.

[ad_2]
Source link

Finnish Dark Web Marketplace PIILOPUOTI Seized

0
[ad_1]

KEY FINDINGS

  • Finnish Customs, with the support of Europol, Eurojust, and international partners, has successfully taken down the infamous PIILOPUOTI dark web marketplace.
  • PIILOPUOTI was a Finnish-language platform known for selling/smuggling narcotics, paraphernalia, and other illegal commodities in large quantities.
  • The marketplace was operating sneakily via the encrypted TOR network and was used to perform illegal drug trade anonymously.
  • Finnish authorities started an investigation in collaboration with law enforcement agencies from Lithuania and Germany. The criminal investigation against this platform will continue.

Finnish Customs (Tuli), with the support of Europol, Eurojust, and international partners, has successfully taken down the infamous PIILOPUOTI dark web marketplace. This platform was popular among cybercriminals and was involved in illegal drug sales since 18 May 2022. The marketplace’s servers and contents have been seized, but it is unclear whether any arrests were made.

The seizure has taken place just before the annual Dark Web Conference that will take place on 4 and 5 October at Europol headquarters. At this event, more than 180 investigators from all over the world will come together to discuss the latest developments and criminal activity trends on the dark web.

Europol stated in its press release that this is a “significant victory” against dark web platforms. Drugs were smuggled into Finland and other parts of the world from this marketplace. 

It was a Finnish-language platform known for selling/smuggling narcotics, paraphernalia, and other illegal commodities in large quantities. Cybersecurity firm Bitdefender cooperated with the authorities in seizing the marketplace.

“This successful action by the Finnish Customs was supported, among others, by the German Federal Criminal Office (Bundeskriminalamt) and the Lithuanian Criminal Police Bureau (Lietuvos kriminalinės policijos biuras). Europol’s European Cybercrime Centre coordinated the international activity and provided operational support and technical expertise,” Europol informed in its press release.

Finnish authorities stated that the website was operating sneakily via the encrypted TOR network and was used to perform illegal drug trade anonymously. They started an investigation in collaboration with law enforcement agencies from Lithuania and Germany. The marketplace name (PIILOPUOTI) is a Finnish language term, which, in English, means “the hidden shop.” Finnish police said that criminal investigation against this platform will continue.

Finnish Dark Web Marketplace PIILOPUOTI Seized

Bitdefender’s senior director of the Investigation and Forensics Unit, Alexandru Catalin Cosoi, stated that this operation shows that collaborative efforts can help disrupt well-organized illegal platforms like PIILOPUOTI, and the seizure serves as a warning for other criminals who believe they can evade the law by operating anonymously.

It is worth noting that international law enforcement agencies have been hunting down dark web marketplaces for a long time, and the efforts seem to have intensified lately. In 2020, authorities managed to seize the Finnish language market Sipulimarket. At that time, Sipulimarket was the only Finnish language marketplace on the dark web.

In February of this year, Genesis Market’s clear net domain was seized; however, its dark web domain was operational and offered for sale in July 2023. Nevertheless, despite authorities’ efforts to take down dark web markets and their criminal empires, new ones like the Styx market, which specializes in money laundering and identity theft, continue to emerge.

  1. Student Ran Germany’s Largest Dark Web Market DiDW
  2. 8 Online Best Dark Web Search Engines for Tor Browser
  3. 179 Dark Web vendors arrested, 500kg worth of drugs seized
  4. Domain, server of DoubleVPN used by ransomware gangs seized

[ad_2]
Source link