Risky Bulletin: Authorities Seize the Cracked and Nulled Cybercrime Forums

Host: Claire Aird
Produced by: Catalyn Kim Panu
Release Date: January 31, 2025

Overview

In this episode of Risky Bulletin, host Claire Aird delves into significant developments in the cybersecurity landscape, highlighting major law enforcement actions against cybercrime forums, the misuse of AI by threat actors, geopolitical information operations, and notable cybersecurity incidents worldwide. The episode provides a comprehensive analysis of the current state of cyber threats and the measures being taken to combat them.

Seizure of Cracked and Nulled Cybercrime Forums

Claire Aird begins by reporting a major crackdown on cybercrime forums:

"Law enforcement agencies from Europe and the US have seized the domains of the Cracked and Nulled cybercrime forums and arrested one of the site's operators." [00:04]

Key Points:

• Cracked and Nulled Forums: Both platforms, with over a decade of operation and approximately one million users each, were taken offline on Wednesday.
• Operations and Arrests: Authorities seized 12 domains and conducted searches across seven EU locations, resulting in two arrests. One of the arrested individuals is Lucas Son, a 29-year-old Argentinian national residing in Spain, alleged to be the Nulled admin.
• Marketplace Activities: Despite claims of being ethical hacking and educational portals, both forums facilitated the exchange of hacking services and tools.

Supporting Actions:

• Additional Seizures: Domains of smaller cybercrime services, Starc, RDP, and Sellics, were also seized.
• Hart Sender Phishing Group: Dutch and US authorities targeted this group, known for selling phishing kits and stolen data, based in Pakistan.

Misuse of Google’s Gemini AI by APTs

The podcast highlights the growing abuse of artificial intelligence by advanced persistent threats (APTs):

"Chinese and Iranian APT and information operations have been using Google's Gemini AI assistant to boost their campaigns." [05:30]

Key Points:

• Usage of Gemini AI: The AI tool is leveraged for target reconnaissance, task automation, content translation, and even malware creation.
• Scope of Abuse: Chinese and Iranian groups are the primary abusers, with Russian and North Korean groups also engaging but to a lesser extent.
• Google’s Response: To counter these abuses, Google has implemented new detections and updates, including banning over 158,000 developer accounts and blocking millions of malicious apps.

Data Exposure and Security Vulnerabilities

Claire discusses significant data breaches and vulnerabilities affecting AI companies and internet infrastructure:

"Chinese AI company Deepseek has exposed an internal database containing sensitive data on the Internet." [10:15]

Key Points:

• Deepseek Breach: The internal database included millions of records, such as user queries and secret keys, secured only after a report from cloud security firm Wiz.
• Amirai Botnet Attacks: Targeting Zyxel CPE routers exploiting an unpatched vulnerability, allowing attackers to execute arbitrary commands and fully compromise devices.

Geopolitical Information Operations

The episode sheds light on information warfare tactics employed by state actors:

"A Chinese social media influence operation has used recent floods in the city of Valencia to urge Spanish citizens to overthrow their government." [15:45]

Key Points:

• Targeted Campaign: Over three months, the operation ran across all major social media platforms, including Blue Sky, impersonating the Spanish nonprofit Safeguard Defenders.
• Objective: The campaign aimed to discredit the nonprofit and foment political instability by exploiting a humanitarian crisis.

Cybersecurity Workforce and Infrastructure Concerns

Addressing internal challenges within government cybersecurity:

"The UK National Audit Office says the risk of a major cyber attack against UK government networks is severe and advancing quickly." [20:20]

Key Points:

• Legacy Systems: An increasing number of outdated systems pose significant security risks.
• Workforce Gaps: One-third of UK government cybersecurity roles are either vacant or held by temporary staff, as reported by NOAA.

Legal and Regulatory Developments

Updates on legal actions and proposed regulations to enhance cybersecurity:

"The Thai government is drafting a law that will hold third parties responsible for online scams." [25:10]

Key Points:

• Accountability Measures: Banks, telecom operators, and social media platforms will be required to compensate victims if they fail to implement adequate security measures.
• Class Action Settlement: MGM faces a $45 million settlement over data breaches and ransomware attacks, with tiered payouts for affected plaintiffs.

Notable Cyber Incidents

Highlights of recent cyber attacks and vulnerabilities:

"A threat actor has stolen over $10 million worth of crypto tokens after a supply chain attack against the crypto dev community." [30:00]

Key Points:

• Crypto Dev Attack: The Dog Whiff Tool compromised developers by injecting a remote access Trojan, enabling the theft of private keys and draining wallets.
• NordVPN Innovation: Introduction of the Nordwhisper protocol, a web tunneling technology designed to bypass VPN blocking mechanisms, akin to the Tor project's anti-censorship efforts.

Conclusion

Claire Aird concludes the episode by reinforcing the dynamic and evolving nature of cyber threats. The coordinated efforts by international law enforcement agencies signify a robust response to cybercrime, yet challenges such as workforce shortages and sophisticated AI misuse continue to pose significant risks. Listeners are encouraged to remain vigilant and informed about the latest developments in cybersecurity.

This summary captures the essence of the January 31, 2025 episode of Risky Bulletin, providing key insights and detailed coverage of major cybersecurity events discussed by Claire Aird.