Risky Bulletin: The US sanctions another Russian bulletproof hosting provider - Risky Bulletin

Summary6 min read

Risky Bulletin: The US Sanctions Another Russian Bulletproof Hosting Provider
Hosted by risky.biz | Released on July 2, 2025

1. Introduction

In the latest episode of Risky Bulletin, host Claire Airdrop delivers a comprehensive update on significant cybersecurity events shaping the global landscape. From international sanctions to sophisticated cyberattacks, the episode covers a spectrum of issues pertinent to cybersecurity professionals and enthusiasts alike.

2. US Sanctions on ASA Group: Russian Bulletproof Hosting

At the outset, Claire announces, “[00:04]... the US Treasury Department has sanctioned the Russian bulletproof web hosting provider ASA Group.” This action targets ASA Group and its subsidiaries, including three owners and a fourth executive. The group stands accused of facilitating various cybercrimes, such as hosting infostealers, ransomware operations, disinformation campaigns, and dark web marketplaces.

Key Points:

Sanction Details: The sanctions aim to cripple ASA Group's operations by targeting its leadership and financial networks.
Criminal Activities: ASA Group is implicated in supporting cybercriminal activities, making it a significant target for international law enforcement.
Context: This marks the third Russian bulletproof hosting provider sanctioned in 2025, following Z Service and Stark Industries.

3. International Criminal Court (ICC) Security Breach

Claire updates listeners on a recent security incident at the International Criminal Court (ICC): “[00:04]... the International Criminal Court discloses a security breach.” The breach, detected last week, is described as sophisticated, although specific details remain undisclosed. Notably, the ICC experienced a similar breach in September 2023.

Consequences:

Data Compromised: A ransomware gang named Sacom has stolen over one terabyte of sensitive data related to the Swiss government.
Leakage: Following the refusal to pay a ransom, Sacom leaked the data on the Dark Web, emphasizing the increasing boldness of such groups.

4. Iranian Hackers and the Trump Campaign Emails

A significant threat emerges from Iranian hackers who are threatening to sell emails purportedly stolen from Donald Trump’s election campaign in May [00:04]. The compromised emails reportedly include sensitive communications from key figures such as White House Chief of Staff Susie Wiles, lawyer Lindsay Halligan, and advisor Roger Stone.

Details:

Volume of Data: The hackers claim possession of over 100 gigabytes of emails.
Threat: If a ransom isn't paid, the files may be released publicly.
Legal Action: The US has charged three Iranian intelligence agents in connection with the hack, signaling a robust response to cyber threats targeting political entities.

5. Mobile Device Security: Senator Wyden’s Recommendations

Senator Ron Wyden has called for an urgent update to the FBI's mobile device security guidelines for government officials [00:04]. He critiques the current recommendations as outdated and inadequate for the evolving threat landscape.

Recommendations Include:

Ad Blocking: Enabling ad-blocking features to prevent malicious advertisements from compromising devices.
Disabling Ad Tracking IDs: Reducing the risk of tracking and data leakage.
Enhanced Security Modes: Utilizing advanced security settings available in modern mobile operating systems to bolster defenses against potential attacks.

6. Europol’s Crackdown on Crypto Investment Scam Ring

Europol has successfully arrested five members of a crypto investment scam ring responsible for defrauding over £460 million from approximately 5,000 victims [00:04]. The operation involved a global network of money mules who facilitated the withdrawal of funds from ATMs and the transfer of funds between bank and cryptocurrency accounts.

Operational Insights:

Scope: The arrests were made in Spain last week, indicating the international reach of the scam.
Modus Operandi: The use of money mules highlights the sophisticated methods employed to launder and obscure illicit funds.

7. FBI Dismantles North Korean Laptop Farms

In a significant move against North Korean cyber operations, the FBI has dismantled 29 laptop farms used to host over 200 laptops [00:04]. These farms were part of remote IT worker schemes that allowed North Korean operatives to appear as legitimate employees within the United States.

Implications:

Identity Theft: Workers used stolen identities to secure positions at more than 100 U.S. companies, facilitating espionage and cyber theft.
Legal Actions: The Justice Department has charged eight individuals responsible for operating the laptop farms, along with four North Korean workers involved in stealing cryptocurrency assets from their employers.

8. Chinese Student Jailed for SMS Blasting in the UK

Rui Chen Xeon, a Chinese national, has been sentenced to one year in prison in the UK for deploying an SMS Blaster to send phishing texts [00:04]. Operating from a vehicle, Chen sent tens of thousands of fraudulent messages over the span of a week.

Investigation Highlights:

Detection: The operation was uncovered in March through a joint investigation between UK police forces and mobile operators.
Impact: The phishing texts were designed to deceive recipients into divulging sensitive information, demonstrating the persistent threat of SMS-based cyberattacks.

9. Pakistani Web Developers’ Malware-Infested Network

A group of Pakistani web developers has constructed a network of websites advertising cracked software, which is embedded with malware disseminating infostealers [00:04]. Over four years, hundreds of such websites were developed, likely for a third-party operative.

Security Firm Insights:

Malware Functionality: The infostealers target users to exfiltrate sensitive data, posing significant risks to individuals and organizations alike.
Operational Scale: The extensive number of websites indicates a well-coordinated and sustained effort to distribute malicious software.

10. Chinese Hacking Group and Avanti Zero-Days

France's cybersecurity agency has attributed three Avanti zero-day exploits used last year to a suspected Chinese hacking group [00:04]. This group operates as an initial access broker within a larger Advanced Persistent Threat (APT) network.

Agency Findings:

Linkages: The group, identified as Hukin, is associated with UNC5174, known as a cyber contractor for China’s Ministry of State Security, as described by Google.
Exploitation: The zero-days were actively exploited in the wild, underscoring the sophistication and reach of the attackers.

11. Vulnerabilities in Wind FTP Server and Chrome Zero-Day

Wind FTP Server Vulnerabilities:

Risk: Attackers can bypass authentication on the web interface by appending a null byte to the username, a flaw that can be chained with two others to gain root access [00:04].
Patch Status: Wind has addressed only two of the three identified vulnerabilities, leaving one critical issue unresolved.

Chrome Zero-Day Exploit:

Nature: A type confusion vulnerability in Chrome's V8 JavaScript engine.
Discovery: Identified by Google’s security team.
Resolution: This marks the fourth Chrome zero-day patch in the current year, highlighting ongoing challenges in securing widely used software.

12. AT&T Launches SIM Swapping Prevention Feature

To combat SIM swapping attacks, AT&T has introduced a new wireless account lock feature [00:04]. This feature prevents unauthorized number porting and changes to billing details and can be activated through the AT&T app.

Industry Context:

Adoption: Similar protective measures have been implemented by other major carriers, including T-Mobile, Verizon, and Google Fi.
User Empowerment: By providing users with direct control over account modifications, carriers are enhancing security and reducing the risk of unauthorized access.

13. Advancements in Post-Quantum Cryptography

Apple's Initiative:

Support: Upcoming versions of iOS and macOS will incorporate the MLChem algorithm.
Purpose: To safeguard TLS connections against future quantum computing attacks capable of breaking current encryption standards [00:04].

Microsoft's Commitment:

Announcement: In May, Microsoft revealed its integration of post-quantum cryptographic support for Windows, aligning with industry-wide efforts to future-proof cybersecurity measures.

Ubuntu's Performance Enhancement:

Driver Adjustments: Developers have disabled side-channel attack protections in Intel’s graphics drivers, opting instead for protections at the Linux kernel and GPU driver levels.
Outcome: This modification is expected to boost graphics performance by approximately 20%, balancing security with functionality.

Conclusion

Claire Airdrop wraps up the Risky Bulletin by highlighting the multifaceted nature of current cybersecurity challenges, from state-sponsored cyber threats and sophisticated malware operations to advancements in security technologies. The episode underscores the critical need for continuous vigilance, updated security protocols, and international cooperation in combating ever-evolving cyber threats.

For more detailed insights and updates, subscribe to Risky Bulletin on your preferred podcast platform.

Loading summary

Transcript1 lines

[00:04]
Claire Airdrop
The US sanctions another Russian bulletproof hosting provider, the International Criminal Court discloses a security breach, the US dismantles 29 North Korean laptop farms and a Chinese student gets jailed in the UK for SMS blasting. This is the Risky bulletin prepared by Catalyn Kim Panu and read by me, Claire airdrop. Today is the 2nd of July and this podcast episode is brought to you by Sandfly Security the US Treasury Department has sanctioned the Russian bulletproof web hosting provider ASA Group. Sanctions were levied on the group and its subsidiaries, plus its three owners and a fourth executive. The company is known for hosting infostealers, ransomware disinformation campaigns and dark web marketplaces. Russian police arrested two of the group's owners separately in April and ASA Group is the third Russian bulletproof hosting provider sanctioned this year, following Z Service and Stark Industries. The International Criminal Court says it's detected and contained a security breach. The intrusion was spotted last week. The ICC described it as sophisticated but hasn't provided further details. The ICC suffered a similar breach in September 2023. A ransomware gang has stolen sensitive data belonging to the Swiss government. The files were stolen in mid from the non profit organisation Radix, which works with Swiss federal agencies. The ransomware operation Sacom has taken credit for the attack. The group leaked over one terabyte of files on the Dark Web last week after Radix refused to pay a ransom. Iranian hackers are threatening to sell emails stolen from Donald Trump's election campaign last May. The hackers claim to have more than 100 gigabytes of emails belonging to campaign staff. They include the accounts of White House chief of staff Susie Wiles, lawyer Lindsay Halligan and the president's advisor Roger Stone. The hackers told Reuters if they don't find a buy it, they may still release the files. The US charged three Iranian intelligence agents with the hack. A US senator has urged the FBI to update its mobile device security guidelines for government officials. Senator Ron Wyden says the current advice is obsolete. An official should be advised to enable ad blocking features and disable ad tracking IDs. Officials should also be directed to enable the enhanced security modes available in mobile operating systems. Europol has arrested five members of a crypto investment scam ring. The suspects are accused of stealing more than £460 million from 5,000 victims. They ran a global network of money mules that withdrew cash from ATMs and moved funds between bank and crypto accounts. The five were detained in Spain last week. The FBI has dismantled 29 laptop farms that were used in North Korean remote IT worker schemes. The farms hosted more than 200 total laptops, and these allowed the North Korean workers to appear to be based in the U.S. according to the FBI, the workers used stolen identities to obtain jobs at more than 100 U.S. companies. The Justice Department has charged eight individuals over running the laptop farms for four North Korean workers who stole crypto assets from their employees have also been charged. A Chinese student has been sentenced in the UK to one year in prison for using an SMS Blaster to send phishing texts. Rui Chen Xeon installed the SMS Blaster in a car and drove around London. He sent tens of thousands of messages over a week. In March, he was caught. Following a joint investigation between police and UK mobile operators. A group of Pakistani web developers created a network of websites advertising cracked software. The cracks are laced with malware that infects users with infostealers. Security firm Intrinsic says the group has built hundreds of websites over four years. They were likely built for a third party. A suspected Chinese hacking group is behind three Avanti zero days exploited in the wild last year. France's cybersecurity agency has named the group it believes the hackers work as an initial access broker for a larger APT. The agency has linked Hukin with UNC5174, which Google has described as a cyber contractor for China's Ministry of State Security. Major vulnerabilities have been found in the Wind FTP server RCE security says attackers can bypass authentication on the web interface by appending a null byte to the username. This this issue can be chained together with two other flaws to gain root access to the server. Wind has only patched two of the three reported issues Google has patched and actively exploited Chrome Zero day. The vulnerability is a type confusion issue in the browser's V8 JavaScript engine. It was discovered by Google's security team and is the fourth Chrome Zero Day patch this year. US mobile carrier AT&T has launched a feature to prevent SIM swapping attacks. The wireless account lock feature prevents number porting and changes to billing details. It can be enabled via the AT&T app. Similar features already exist on other carriers, including T Mobile, Verizon and Google fi. Apple is adding post quantum cryptography support to its operating systems. Upcoming versions of iOS and macros will support the MLChem algorithm. MLChem will protect TLS connections against quantum computing attacks with which may break encrypted comms in the future. Microsoft announced its own post quantum crypto support for Windows in May and finally the developers of Ubuntu Linux have disabled side channel attack protection in Intel's graphics drivers for the platform. Its developers said it now uses protections in the Linux kernel and GPU driver level protections are no longer needed. They expect the change to result in a 20% improvement in graphics performance. And that is all for this podcast edition. Today's show show was brought to you by Sandfly Security. Find them at sandflysecurity. Com. Thanks for your company.