How an alleged Russian hacker slipped away
On Jan. 5, 2024, Андрей Владимирович Тарасов (Eng. Andrei Vladimirovich Tarasov), a 33-year-old Russian man, was released from Moabit Prison in Berlin. He’d been held there for about six months. Originally from Russia, he’d been living in Berlin when police arrested him July 18, 2023, related to computer crime charges in the U.S. Tarasov was indicted by a grand jury in New Jersey in June 2023 along with Maksim Silnikau, a Belarusian and Ukrainian dual national, and Volodymyr Kadariya of Belarus. They were charged with conspiracy to commit wire fraud, conspiracy to commit computer fraud and abuse and two counts of wire fraud. The indictment alleges the three men ran an expansive scheme from October 2013 through March 2022 to infect computers with malware via fake advertisements, or malvertisements, and then sell the stolen data and access. The computers were attacked using a potent tool called the Angler exploit kit, which was designed to quickly probe a computer for vulnerabilities and then silently deliver malware. This scheme was believed to have been used to attack millions of computers worldwide.
SEC SIM-swapper who Googled ‘signs that the FBI is after you’ put behind bars
An Alabama man who SIM-swapped his way into the SEC’s official X account, enabling a fake ETF announcement that briefly pumped Bitcoin, has been sentenced to 14 months in prison and three years of supervised release. Prior to his conviction and sentencing on Friday, Eric Council Jr., 26, of Huntsville, Alabama, proved once again that cybercriminals are very bad at internet search hygiene. Council used his personal computer to search “SECGOV hack,” “telegram sim swap,” “how can I know for sure if I am being investigated by the FBI,” “Federal identity theft statute,” and other incriminating phrases, according to court documents [PDF].
Chinese Hackers Deploy MarsSnake Backdoor in Multi-Year Attack on Saudi Organization
Threat hunters have exposed the tactics of a China-aligned threat actor called UnsolicitedBooker that targeted an unnamed international organization in Saudi Arabia with a previously undocumented backdoor dubbed MarsSnake. ESET, which first discovered the hacking group’s intrusions targeting the entity in March 2023 and again a year later, said the activity leverages spear-phishing emails using flight tickets as lures to infiltrate targets of interest. “UnsolicitedBooker sends spear-phishing emails, generally with a flight ticket as the decoy, and its targets include governmental organizations in Asia, Africa, and the Middle East,” the company said in its latest APT Activity Report for the period ranging from October 2024 to March 2025.
Dutch government passes law to criminalize cyber-espionage
The Dutch government has approved a law criminalizing a broader range of espionage activities, including digital espionage, in an effort to protect national security, critical infrastructure and sensitive technologies. The new legislation, passed over the weekend, extends existing espionage laws that already make it a criminal offense to share state secrets. Under the updated law, leaking sensitive information that is not classified as a state secret or engaging in activities on behalf of a foreign government that harm Dutch interests can also result in criminal charges.
AWS Default IAM Roles Found to Enable Lateral Movement and Cross-Service Exploitation
Cybersecurity researchers have discovered risky default identity and access management (IAM) roles impacting Amazon Web Services that could open the door for attackers to escalate privileges, manipulate other AWS services, and, in some cases, even fully compromise AWS accounts. “These roles, often created automatically or recommended during setup, grant overly broad permissions, such as full S3 access,” Aqua researchers Yakir Kadkoda and Ofek Itach said in an analysis. “These default roles silently introduce attack paths that allow privilege escalation, cross-service access, and even potential account compromise.”
