Starcraft fans use NSA exploits to mine XMR

According to F5 Network analysts, hackers were able to mine over $8000
19 December 2017   2701

Analysts of F5 Networks reported the detection of a malicious campaign for hacking servers running Windows and Linux. It was called Zealot (this term comes from popular videogame Starcraft.).

For attacks, unknown criminals use exploits from the arsenal of the US National Security Agency, published by the hacker group The Shadow Brokers. At the final stage of the infection, PowerShell is used, with the help of which a Monero crypto currency miner is installed on the compromised device. 

Analysts of F5 Networks note that an unknown group can replace Monero's miner at any time for any other malware.

Zealot seems to be the first Struts campaign using the NSA exploits to propagate inside internal networks. There were other malware campaigns like NotPetya and WannaCry ransomware, and also Adylkuzz cryptominer launching attacks by directly4 scanning the Internet for SMBs to exploit with the NSA tools the ShadowBrokers released. The Zealot campaign, however, seems to be opening new attack vector doors, automatically delivering malware on internal networks via web application vulnerabilities. The level of sophistication we are currently observing in the Zealot campaign is leading us to believe that the campaign was developed and is being run by threat actors several levels above common bot herders.

F5 Networks Research

Researchers managed to track several crypto-currency wallets of the group, which are used to output the enigmatic Monero. Currently, they contain about $ 8,500. At the same time, the income of the grouping can be much higher, since the attackers use a lot of wallets and experts admit that for certain not everyone was able to find out.

Billionare's Wife Kidnappers to Demand €9M Worth XMR

Anna-Elizabeth Falkievik Hagen was allegedly abducted from her home, although the law enforcement agencies found no sign of hacking
10 January 2019   423

In late October, the wife of one of the wealthiest entrepreneurs in Norway, Tom Hagen, was kidnapped. The kidnappers are demanding a ransom of € 9 million in Monero, according to Norway Today.

Anna-Elizabeth Falkievik Hagen, 68, was allegedly abducted from her home, although the law enforcement agencies found no sign of hacking. A note with a ransom request was also found there.

Note that Interpol and Europol are involved in the investigation of the case of Falkievik, and the fact of the abduction was kept secret for a long time for security reasons.

Today, January 9, the police confirmed that Falkievik was abducted, and communication with the criminals takes place exclusively through some kind of "electronic platform". In addition, in December, the kidnappers could not provide evidence that she was still alive.

Probably the Falkievik case is the first time in Norway when a ransom is demanded in a cryptocurrency equivalent. Nevertheless, the police recommended that the criminals be denied their claims.

Tom Hagen is the founder of Elkraft AS, a power supply company. His fortune is estimated at 1.7 billion NOK (€ 170 million).

Earlier, employees of the local prosecutor’s office in Kiev and the National Police of Ukraine detained two suspects accused of stealing a miner in March of this year and stealing $ 50,000.

Now they face up to 15 years of imprisonment for robbery committed by a group of individuals in a preliminary conspiracy, infiltration and theft in a particularly large scale.