One-two punch delivered in global operation disrupts cybercrime "assembly line"
摘要
国际执法机构与多家科技企业联合行动,成功打击了一个网络犯罪“流水线”。该行动同时针对两个广泛用于在线诈骗的工具:Amadey恶意软件即服务平台和StealC信息窃取即服务平台。犯罪分子利用这些工具收集了数百万登录凭证,并通过勒索和其他欺诈手段窃取超过4700万美元。调查发现,这两个独立运行的工具依赖部分相同的基础设施,微软通过AI分析后,促使执法部门同时对其
International authorities and a raft of private technology companies say they have disrupted a cybercrime “assembly line” that allowed crooks to collect millions of login credentials and steal more than $47 million in ransom payments and by other fraudulent means.
The crux of the operation was the simultaneous targeting of two unrelated tools that are widely used in various online scams. The first is Amadey, a malware-as-a-service platform for compromising devices and delivering malicious payloads for ransomware and other scams. Amadey has been observed in the wild since at least 2018 and was seen last year abusing GitHub as it collected system information from infected devices and installed customized payloads. The second tool was StealC, an infostealer-as-a-service platform that collects credentials, authentication cookies, cryptocurrency wallets, browser extensions, and files whose names match customer-defined patterns.
Severing a critical link in the cybercrime chain
Amadey and StealC are separate tools that are run independently of each other. Given their widespread use, however, many customers use both in their individual cybercrime activities. The tools also, it turns out, relied on some of the same underlying infrastructure to run. Microsoft said it made this determination after analyzing the tools using AI. This insight allowed Microsoft attorneys to seek an order disrupting both at the same time.
转载信息
评论 (0)
暂无评论,来留下第一条评论吧