AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/07/2023

French Authorities Capture Finland’s Most-Wanted Hacker 

Julius “Zeekill” Kivimäki, a notorious hacker long on the run from Finnish authorities, was arrested this week in France. The capture occurred during a domestic violence call on a residence in France, and Kivimäki likely faces extradition to Finland. The 25-year-old is one of the most wanted cybercriminals in Finland, with a lengthy list of cybercrimes that includes extorting an online psychotherapy practice and leaking sensitive info on more than 22,000 patients. In 2020, an attack against the Vastaamo Psychotherapy Center in Finland exposed the data of thousands of patients. After the incident, a hacker under the moniker “Ransom Man” asked for a six-figure ransom in exchange for not leaking patients’ private information. 


Drugs Labs Busted After Encrypted Chat App Takedown 

An encrypted communications app popular with organized crime groups (OGCs) was taken down late last week by European police following a multi-year investigation. Exclu was used by an estimated 3000 users to hide their comms from law enforcers, according to EurojustA lengthy investigation began in June 2020 in Germany, with Dutch cybercrime experts brought in soon after. They apparently used their tech know-how to track users of the app for five months and subsequently dismantle the service. During an action day last week, 1200 police officers were deployed, two drug laboratories dismantled and €5.5m ($5.9m) in cash, 300,000 ecstasy tablets and 20 firearms seized, alongside 200 phones which will be analyzed for further evidence. 


Clop ransomware flaw allowed Linux victims to recover files for months 

The Clop ransomware gang is now also using a malware variant that explicitly targets Linux servers, but a flaw in the encryption scheme has allowed victims to quietly recover their files for free for months. This new Linux version of Clop was spotted in December 2022 by Antonis Terefos, a researcher at SentinelLabs, after the threat group used it together with the Windows variant in an attack against a university in Colombia. While very similar to the Windows version, as they both use the same encryption method and almost identical process logic, there still are some differences, mainly limited to OS API calls and features still waiting to be implemented in the Linux variant. 


LockBit ransomware gang claims Royal Mail cyberattack 

The LockBit ransomware operation has claimed the cyberattack on UK’s leading mail delivery service Royal Mail that forced the company to halt its international shipping services due to “severe service disruption.” This comes after LockBitSupport, the ransomware gang public-facing representative, previously told BleepingComputer that the LockBit cybercrime group did not attack Royal MailInstead, they blamed the attack on other threat actors using the LockBit 3.0 ransomware builder that was leaked on Twitter in September 2022. 


Eurocops shut down Exclu encrypted messaging app, arrest dozens 

An encrypted messaging service that has been on law enforcement’s radar since a 2019 raid on an old NATO bunker has been shut down after a sweeping series of raids across Europe last week. In a search of 79 properties in German, The Netherlands, Belgium and Poland last Friday, Authorities in those four countries arrested 48 people who were users, operators and administrators of the Exclu crypto communications service. Exclu, which still has an operational website that appears to still accept payments of €500 ($537/£446) or €900 ($966/£804) for three and six month licenses, respectively, was used extensively by organized criminals and drug gangs, Dutch police said. 

Related Posts