British police say that they are investigating reports that a girl under the age of 16 was sexually assaulted… in an online virtual reality game.

Read More

AI and major elections, deepfakes and the Olympics — they all feature prominently in our cybersecurity predictions for 2024.

That’s quite the mix. And that mix reflects the nature of cybersecurity. Just as changing technology shapes cybersecurity, it gets further shaped by the changing world we live in. The bad actors out there exploit new and emerging technologies — just as they exploit events and trends. It’s a potent formula that bad actors turn to again and again. With it, they concoct a mix of ever-evolving attacks.

For a pointed example of the interplay between technology and culture, look no further than Barbie. More specifically, the scams that cropped up around the release of the “Barbie” movie. Using AI tools, scammers generated videos that promoted bogus ticket giveaways. They combined the new technology of AI with the hype surrounding the film and duped thousands of victims as a result.

We expect to see more of the same in 2024, and we have several other predictions as well. With that, let’s look ahead so you can stay ahead of the hacks and attacks we expect to see in 2024.

1) Election cycles will see further disruption with AI tools.

2024 has plenty on the slate in terms of pivotal elections. Across the globe, we have the United States presidential election, general elections in India, and the European Union parliamentary elections, to name a few. While every election comes with its fair share of disinformation, the continued evolution of generative AI tools such as ChatGPT, DALL-E, and Stable Diffusion add an extra level of complication.

So, if a picture is worth a thousand words, what’s an AI-generated photo, video, or voice clone worth? For disinformation, plenty.

Already, many voters raise a skeptical brow when politicians sling statements aimed at discrediting their opponents. Yet when those words are backed by visual evidence, such as a photo or video, it lends them the appearance of credibility. With AI tools, a few keywords can give a false statement or accusation life in the form of a (bogus) photo or video, which now go by the common name of “deepfakes.”

Certainly, 2024 won’t be the first election where bad actors or unscrupulous individuals try to shape public opinion through the manipulation of photos and videos. However, it will be the first election where generative AI tools are significantly more accessible and easier than ever to use. As a result, voters can expect to see a glut of deepfakes and disinformation as the election cycle gears up.

Likewise, the advent of AI voice-cloning tools complicates matters yet more. Consider what that means for the pre-recorded “robocalls” that campaigns use to reach voters en masse. Now, with only a small sample of a candidate’s voice, bad actors can create AI voice clones with striking fidelity. They read from any script a bad actor bangs out and effectively put words in someone else’s mouth — potentially damaging the reputation and credibility of candidates.

As we reported earlier this year, AI voice cloning is easier and more accessible than ever. It stands to reason that bad actors will turn it to political ends in 2024.

How to spot disinformation.

Disinformation has several goals, depending on who’s serving it up. Most broadly, it involves gain for one group at the expense of others. It aims to confuse, misdirect, and manipulate its audience — often by needling strong emotional triggers. That calls on us to carefully consider the media and messages we see, particularly in the heat of the moment.

That can present challenges at a time when massive amounts of content scroll by our eyes in our subscriptions and feeds. Bad actors count on people taking content at immediate face value. Yet asking a few questions can help you spot disinformation when you see it.

The International Federation of Library Associations and Institutions offers this checklist:

Consider the Source – Click away from the story to investigate the site, its mission, and its contact info. 
Read Beyond – Headlines can be outrageous to get clicks. What’s the whole story? 
Check the Author – Do a quick search on the author. Are they credible? Are they real? 
Supporting Sources? – Determine if the info given supports the story.  
Check the Date – Reposting old news stories doesn’t mean they’re relevant to current events. 
Is it a Joke? – If it is too outlandish, it might be satire. Research the site and author to be sure.  
Check your Biases – Consider if your own beliefs could affect your judgment.  
Ask the Experts – Ask a librarian or consult a fact-checking site. 

That last piece of advice is particularly strong. De-bunking disinformation takes time and effort. Professional fact-checkers at news and media organizations do this work daily. Posted for all to see, they provide a quick way to get your answers. Some fact-checking groups include:

Politifact.com 
Snopes.com 
FactCheck.org 
Reuters.com/fact-check 

Put plainly, bad actors use disinformation to sow discord and divide people. While not every piece of controversial or upsetting piece of content is disinformation, those are surefire signs to follow up on what you’ve seen with several credible sources. Also, keep in mind that those bad actors out there want you to do their dirty work for them. They want you to share their content without a second thought. By taking a moment to check the facts before you react, curb the dissent they want to see spread.

2) AI scams will be the new sneaky stars of social media.

In the ever-evolving landscape of cybercrime, the emergence of AI has introduced a new level of sophistication and danger. With the help of AI, cybercriminals now possess the ability to manipulate social media platforms and shape public opinion in ways that were previously unimaginable.

One of the most concerning aspects of this development is the power of AI tools to fabricate photos, videos, and audio. These tools enable bad actors to create highly convincing and realistic content, making it increasingly difficult for users to discern between what is real and what is manipulated. This opens up a whole new realm of possibilities for cybercriminals to exploit unsuspecting individuals and organizations.

One alarming consequence of this is the potential for celebrity and influencer names and images to be misused by cybercrooks. With the ability to generate highly convincing content, these bad actors can create fake endorsements that appear to come from well-known personalities. This can lead to an increase in scams and fraudulent activities, as unsuspecting consumers may be more likely to trust and engage with content that appears to be endorsed by their favorite celebrities or influencers.

Local online marketplaces are also at risk of being targeted by cybercriminals utilizing AI. By leveraging fabricated content, these bad actors can create fake listings and advertisements that appear legitimate. This can deceive consumers into making purchases or engaging in transactions that ultimately result in financial loss or other negative consequences.

How to avoid AI social media scams

As AI continues to advance, it is crucial for consumers to be aware of the potential risks and take necessary precautions. This includes being vigilant and skeptical of content encountered on social media platforms, verifying the authenticity of endorsements or advertisements, and utilizing secure online marketplaces with robust verification processes.

3) Cyberbullying among kids will soar

One of the most troubling trends on the horizon for 2024 is the alarming rise of cyberbullying, which is expected to be further exacerbated by the increasing use of deepfake technology. This advanced and remotely accessible tool has become readily available to young adults, enabling them to create exceptionally realistic fake content with ease.

In the past, cyberbullies primarily relied on spreading rumors and engaging in online harassment. However, with the emergence of deepfake technology, the scope and impact of cyberbullying have reached new heights. Cyberbullies can now manipulate images that are readily available in the public domain, altering them to create fabricated and explicit versions. These manipulated images are then reposted online, intensifying the harm inflicted on their victims.

The consequences of this escalating trend are far-reaching and deeply concerning. The false images and accompanying words can have significant and lasting effects on the targeted individuals and their families. Privacy becomes compromised as personal images are distorted and shared without consent, leaving victims feeling violated and exposed. Moreover, the fabricated content can tarnish one’s identity, leading to confusion, mistrust, and damage to personal and professional relationships.

The psychological and emotional well-being of those affected by deepfake cyberbullying is also at stake. The relentless onslaught of false and explicit content can cause severe distress, anxiety, and depression. Victims may experience a loss of self-esteem, as they struggle to differentiate between reality and the manipulated content that is being circulated online. The impact on their mental health can be long-lasting, requiring extensive support and intervention.

The ripple effects of deepfake cyberbullying extend beyond the immediate victims. Families are also deeply affected, as they witness the distress and suffering of their loved ones. Parents may feel helpless and overwhelmed, struggling to protect their children from the relentless onslaught of cyberbullying. The emotional toll on families can be immense, as they navigate the challenges of supporting their children through such traumatic experiences.

How to prevent online cyberbullying.

Education and Awareness: Promote digital literacy and educate individuals about the consequences and impact of cyberbullying. Teach them how to recognize and respond to cyberbullying incidents, and encourage them to report any instances they encounter. 
Strong Policies and Regulations: Implement and enforce strict policies and regulations against cyberbullying on online platforms. Collaborate with social media companies, schools, and organizations to establish guidelines and procedures for handling cyberbullying cases promptly and effectively. 
Support and Empowerment: Provide support systems and resources for victims of cyberbullying. Encourage open communication and create safe spaces where individuals can seek help and share their experiences. Empower bystanders to intervene and support victims, fostering a culture of empathy and kindness online. 

4) Conflicts across the globe will ramp up charity fraud.

Scammers exploit emotions – such as the excitement of the Olympics. Darkly, they also tap into fear and grief.

A particularly heartless method of doing this is through charity fraud. While this takes many forms, it usually involves a criminal setting up a fake charity site or page to trick well-meaning contributors into thinking they are supporting legitimate causes or contributing money to help fight real issues.

2024 will see this continue. We further see potential for this to increase given the conflicts in Ukraine and the Middle East. Scammers might also increase the emotional pull of the messaging by tapping into the same AI technology we predict will be used in the 2024 election cycle. Overall, expect their attacks to look and feel far more sophisticated than in years past.

How to donate safely online.

As with so many scams out there, any time an email, text, direct message, or site urges you into immediate action — take pause. Research the charity. See how long they’ve been in operation, how they put their funds to work, and who truly benefits from them.  
Likewise, note that there are some charities that pass along more money to their beneficiaries than others. Generally, the most reputable organizations only keep 25% or less of their funds for operations. Some less-than-reputable organizations keep up to 95% of funds, leaving only 5% for advancing the cause they advocate.  
In the U.S., the Federal Trade Commission (FTC) has a site full of resources so that you can make your donation truly count. Resources like Charity Watch and Charity Navigator, along with the BBB’s Wise Giving Alliance can also help you identify the best charities. 

5) New strains of malware, voice, visual cloning and QR code scams will accelerate

Aside from its ability to write love poems, answer homework questions, and create art with a few keyword prompts, AI can do something else. It can code. In the hands of hackers, that means AI can churn out new strains of malware and even spin up entire malicious websites. And quickly at that. 

Already, we’ve seen hackers use AI tools to create malware. This will continue apace, and we can expect them to create smarter malware too. AI can spawn malware that analyzes and adapts to a device’s defenses. This helps particularly malicious attacks like spyware and ransomware to infect a device by allowing it to slip by undetected. It also makes the creation and dissemination of convincing phishing emails and QR code scams, faster and easier. This extends to the creation of deepfake video, photo, and audio content aimed at deceiving unsuspecting targets and scamming them out of money. The rise of QR code scams, also known as quishing, is an additional concern. Scammers use AI to generate malicious QR codes that, when scanned, lead to phishing websites or trigger malware downloads. As the barrier to entry for these threats lowers, these scams will spread to all platforms with an increased focus on mobile devices. 

However, like any technology, AI is a tool. It works both ways. AI is on your side. In fact, it’s kept you safer online for some time now. Meanwhile, at McAfee, we’ve used AI as a core component of our protection for years now. As such, it’s done plenty for you over the years. AI has sniffed out viruses, malicious websites, and sketchy content online. It’s helped steer you clear of malicious websites too. 

As such, you can expect an increasing number of AI-powered tools that combat AI-powered threats. 

How to stay safe from AI-powered threats.

Use AI-powered online protection software. Use good AI to stop bad AI. This year, we made improvements to our AI-powered security, making it faster and stronger. It scans 3x faster than before and offers 100% protection against entirely new threats, like the ones generated by AI. It also offers 100% protection against threats released in the past month (AV-TEST results, June 2023). You’ll find it across all our products that include antivirus. 

Protect yourself from scams with AI. Our McAfee Scam Protection uses patented and powerful AI technology helps you stay safer amid the rise in phishing scams. Including phishing scams generated by AI. It detects suspicious URLs in texts before they’re opened or clicked on. No more guessing if that text you just got is real or fake. And if you accidentally click or tap on a suspicious link in a text, email, social media, or browser search, it blocks the scam site from loading. You’ll find McAfee Scam Protection across our McAfee+ plans. 

6) Olympic-sized scams will kick into high stride.

With big events come big scams. Look for plenty of them with the 2024 Summer Olympics.

An event with this level of global appeal attracts scammers looking to capitalize on the excitement. They promise tickets, merch, and exclusive streams to events, among other things. Yet they take a chunk out of your wallet and steal personal info instead.

You can expect to see a glut of email-based phishing and message-based smishing attacks. Now, with the introduction of generative AI, these scams are getting harder and harder to identify. AI writes cleaner emails and messages, so fewer scams feature the traditional hallmarks of misspelled words and poor grammar. Combine that with the excitement generated around the Olympic games, and we can easily see how people might be tempted by bogus sweepstakes and offers for the Olympics trip of a lifetime. If they only click or tap that link. Which of course leads to a scam website.

You can expect these messages to crop up across a variety of channels, including email, text messages, and other messaging channels like WhatsApp and Telegram. They might slide into social media DMs as well.

If you’re planning to catch the Olympic action in person, scammers have a plan in mind for you — ticket fraud. As we’ve seen at the FIFA World Cup and several other major sporting events over the years, scammers spin up scam ticket sites with tickets to all kinds of matches and events. Again, these sites don’t deliver. These sites can look rather professional, yet if the site only accepts cryptocurrency or wire transfers, you can be certain it’s fraud. Neither form of payment offers a way to challenge charges or recoup losses.

How to enjoy the 2024 Olympics safely.

Phishing and smishing attacks can take a little effort to spot. As we’ve seen, the scammers behind them have grown far more sophisticated in their approach. However, know that if a deal or offer seems a little too good to be true, avoid it. For more on how to spot these scams, check out our blog dedicated to phishing and similar attacks. 
As for tickets, they’re only available through the official Paris 2024 ticketing website. Anyone else online is either a broker or an outright scammer. Stick with the official website for the best protection. 
The same holds true for watching the Olympics at home or on the go. A quick search online will show you the official broadcasters and streamers in your region. Stick with them. Unofficial streams can hit your devices with malware or bombard you with sketchy ads. 
Overall, use comprehensive online protection software like ours when you go online, which can help steer you clear of phishing, smishing, and other attacks. 

The post 6 Cybersecurity Predictions for 2024 – Staying Ahead of the Latest Hacks and Attacks appeared first on McAfee Blog.

Read More

In 2020, the United States brought charges against four men accused of building a bulletproof hosting empire that once dominated the Russian cybercrime industry and supported multiple organized cybercrime groups. All four pleaded guilty to conspiracy and racketeering charges. But there is a fascinating and untold backstory behind the two Russian men involved, who co-ran the world’s top spam forum and worked closely with Russia’s most dangerous cybercriminals.

From January 2005 to April 2013, there were two primary administrators of the cybercrime forum Spamdot (a.k.a Spamit), an invite-only community for Russian-speaking people in the businesses of sending spam and building botnets of infected computers to relay said spam. The Spamdot admins went by the nicknames Icamis (a.k.a. Ika), and Salomon (a.k.a. Sal).

As detailed in my 2014 book, Spam Nation, Spamdot was home to crooks controlling some of the world’s nastiest botnets, global malware contagions that went by exotic names like Rustock, Cutwail, Mega-D, Festi, Waledac, and Grum.

Icamis and Sal were in daily communications with these botmasters, via the Spamdot forum and private messages. Collectively in control over millions of spam-spewing zombies, those botmasters also continuously harvested passwords and other data from infected machines.

As we’ll see in a moment, Salomon is now behind bars, in part because he helped to rob dozens of small businesses in the United States using some of those same harvested passwords. He is currently housed in a federal prison in Michigan, serving the final stretch of a 60-month sentence.

But the identity and whereabouts of Icamis have remained a mystery to this author until recently. For years, security experts — and indeed, many top cybercriminals in the Spamit affiliate program — have expressed the belief that Sal and Icamis were likely the same person using two different identities. And there were many good reasons to support this conclusion.

For example, in 2010 Spamdot and its spam affiliate program Spamit were hacked, and its user database shows Sal and Icamis often accessed the forum from the same Internet address — usually from Cherepovets, an industrial town situated approximately 230 miles north of Moscow. Also, it was common for Icamis to reply when Spamdot members communicated a request or complaint to Sal, and vice versa.

Still, other clues suggested Icamis and Sal were two separate individuals. For starters, they frequently changed the status on their instant messenger clients at different times. Also, they each privately discussed with others having attended different universities.

KrebsOnSecurity began researching Icamis’s real-life identity in 2012, but failed to revisit any of that research until recently. In December 2023, KrebsOnSecurity published new details about the identity of “Rescator,” a Russian cybercriminal who is thought to be closely connected to the 2013 data breach at Target.

That story mentioned Rescator’s real-life identity was exposed by Icamis in April 2013, as part of a lengthy farewell letter Ika wrote to Spamdot members wherein Ika said he was closing the forum and quitting the cybercrime business entirely.

To no one’s shock, Icamis didn’t quit the business: He simply became more quiet and circumspect about his work, which increasingly was focused on helping crime groups siphon funds from U.S. bank accounts. But the Rescator story was a reminder that 10 years worth of research on who Ika/Icamis is in real life had been completely set aside. This post is an attempt to remedy that omission.

GENTLEMEN SCAMMERS

Icamis and Sal offered a comprehensive package of goods and services that any aspiring or accomplished spammer would need on a day-to-day basis: Virtually unlimited bulletproof domain registration and hosting services, as well as services that helped botmasters evade spam block lists generated by anti-spam groups like Spamhaus.org. Here’s snippet of Icamis’s ad on Spamdot from Aug. 2008, wherein he addresses forum members with the salutation, “Hello Gentlemen Scammers.”

We are glad to present you our services!
Many are already aware (and are our clients), but publicity is never superfluous.

Domains.
– all major gtlds (com, net, org, info, biz)
– many interesting and uninteresting cctlds
– options for any topic
– processing of any quantities
– guarantees
– exceptionally low prices for domains for white and gray schemes (including any SEO and affiliate spam )
– control panel with balances and auto-registration
– all services under the Ikamis brand, proven over the years;)

Servers.
– long-term partnerships with several [data centers] in several parts of the world for any topic
– your own data center (no longer in Russia ;)) for gray and white topics
– any configuration and any hardware
– your own IP networks (PI, not PA) and full legal support
– realtime backups to neutral sites
– guarantees and full responsibility for the services provided
– non-standard equipment on request
– our own admins to resolve any technical issues (services are free for clients)
– hosting (shared and vps) is also possible

Non-standard and related services.
– ssl certificates signed by geotrust and thawte
– old domains (any year, any quantity)
– beautiful domains (keyword, short, etc.)
– domains with indicators (any, for SEO, etc.)
– making unstable gtld domains stable
– interception and hijacking of custom domains (expensive)
– full domain posting via web.archive.org with restoration of native content (preliminary applications)
– any updates to our panels to suit your needs upon request (our own coders)

All orders for the “Domains” sections and “Servers” are carried out during the day (depending on our workload).
For non-standard and related services, a preliminary application is required 30 days in advance (except for ssl certificates – within 24 hours).

Icamis and Sal frequently claimed that their service kept Spamhaus and other anti-spam groups several steps behind their operations. But it’s clear that those anti-spam operations had a real and painful impact on spam revenues, and Salomon was obsessed with striking back at anti-spam groups, particularly Spamhaus.

In 2007, Salomon collected more than $3,000 from botmasters affiliated with competing spam affiliate programs that wanted to see Spamhaus suffer, and the money was used to fund a week-long distributed denial-of-service (DDoS) attack against Spamhaus and its online infrastructure. But rather than divert their spam botnets from their normal activity and thereby decrease sales, the botmasters voted to create a new DDoS botnet by purchasing installations of DDoS malware on thousands of already-hacked PCs (at a rate of $25 per 1,000 installs).

SALOMON

As an affiliate of Spamdot, Salomon used the email address ad1@safe-mail.net, and the password 19871987gr. The breach tracking service Constella Intelligence found the password 19871987gr was used by the email address grichishkin@gmail.com. Multiple accounts are registered to that email address under the name Alexander Valerievich Grichishkin, from Cherepovets.

In 2020, Grichishkin was arrested outside of Russia on a warrant for providing bulletproof hosting services to cybercriminal gangs. The U.S. government said Grichishkin and three others set up the infrastructure used by cybercriminals between 2009 to 2015 to distribute malware and attack financial institutions and victims throughout the United States.

Those clients included crooks using malware like Zeus, SpyEye, Citadel and the Blackhole exploit kit to build botnets and steal banking credentials.

“The Organization and its members helped their clients to access computers without authorization, steal financial information (including banking credentials), and initiate unauthorized wire transfers from victims’ financial accounts,” the government’s complaint stated.

Grichishkin pleaded guilty to conspiracy charges and was sentenced to four years in prison. He is 36 years old, has a wife and kids in Thailand, and is slated for release on February 8, 2024.

ICAMIS, THE PHANTOM GRADUATE

The identity of Icamis came into view when KrebsOnSecurity began focusing on clues that might connect Icamis to Cherepovets (Ika’s apparent hometown based on the Internet addresses he regularly used to access Spamdot).

Historic domain ownership records from DomainTools.com reveal that many of the email addresses and domains connected to Icamis invoke the name “Andrew Artz,” including icamis[.]ws, icamis[.]ru, and icamis[.]biz. Icamis promoted his services in 2003 — such as bulk-domains[.]info — using the email address icamis@4host.info. From one of his ads in 2005:

Domains For Projects Advertised By Spam

I can register bulletproof domains for sites and projects advertised by spam(of course they must be legal). I can not provide DNS for u, only domains. The price will be:

65$ for domain[if u will buy less than 5 domains]

50$ for domain[more than 5 domains]

45$ for domain[more than 10 domains]

These prices are for domains in the .net & .com zones.

If u want to order domains write me to: icamis@4host.info

In 2009, an “Andrew Artz” registered at the hosting service FirstVDS.com using the email address icamis@4host.info, with a notation saying the company name attached to the account was “WMPay.” Likewise, the bulletproof domain service icamis[.]ws was registered to an Andrew Artz.

The domain wmpay.ru is registered to the phonetically similar name “Andrew Hertz,” at andrew@wmpay.ru. A search on “icamis.ru” in Google brings up a 2003 post by him on a discussion forum designed by and for students of Amtek, a secondary school in Cherepovets (Icamis was commenting from an Internet address in Cherepovets).

The website amtek-foreva-narod.ru is still online, and it links to several yearbooks for Amtek graduates. It states that the yearbook for the Amtek class of 2004 is hosted at 41.wmpay[.]com.

The yearbook photos for the Amtek class of 2004 are not indexed in the Wayback Machine at archive.org, but the names and nicknames of 16 students remain. However, it appears that the entry for one student — the Wmpay[.]com site administrator — was removed at some point.

In 2004, the administrator of the Amtek discussion forum — a 2003 graduate who used the handle “Grand” — observed that there were three people named Andrey who graduated from Amtek in 2004, but one them was conspicuously absent from the yearbook at wmpay[.]ru: Andrey Skvortsov.

To bring this full circle, Icamis was Andrey Skvortsov, the other Russian man charged alongside Grichiskin (the two others who pleaded guilty to conspiracy charges were from Estonia and Lithuania). All of the defendants in that case pleaded guilty to conspiracy to engage in a Racketeer Influenced Corrupt Organization (RICO).

[Author’s note: No doubt government prosecutors had their own reasons for omitting the nicknames of the defendants in their press releases, but that information sure would have saved me a lot of time and effort].

SKVORTSOV AND THE JABBERZEUS CREW

Skvortsov was sentenced to time served, and presumably deported. His current whereabouts are unknown and he was not reachable for comment via his known contact addresses.

The government says Ika and Sal’s bulletproof hosting empire provided extensive support for a highly damaging cybercrime group known as the JabberZeus Crew, which worked closely with the author of the Zeus Trojan — Evgeniy Mikhailovich Bogachev — to develop a then-advanced strain of the Zeus malware that was designed to defeat one-time codes for authentication. Bogachev is a top Russian cybercriminal with a standing $3 million bounty on his head from the FBI.

The JabberZeus Crew stole money by constantly recruiting money mules, people in the United States and in Europe who could be enticed or tricked into forwarding money stolen from cybercrime victims. Interestingly, Icamis’s various email addresses are connected to websites for a vast network of phony technology companies that claimed they needed people with bank accounts to help pay their overseas employees.

Icamis used the email address tech@safe-mail.net on Spamdot, and this email address is tied to the registration records for multiple phony technology companies that were set up to recruit money mules.

One such site — sun-technology[.]net — advertised itself as a Hong Kong-based electronics firm that was looking for “honest, responsible and motivated people in UK, USA, AU and NZ to be Sales Representatives in your particular region and receive payments from our clients. Agent commission is 5 percent of total amount received to the personal bank account. You may use your existing bank account or open a new one for these purposes.”

In January 2010, KrebsOnSecurity broke the news that the JabberZeus crew had just used money mules to steal $500,000 from tiny Duanesburg Central School District in upstate New York. As part of his sentence, Skvortsov was ordered to pay $497,200 in restitution to the Duanesburg Central School District.

The JabberZeus Crew operated mainly out of the eastern Ukraine city of Donetsk, which was always pro-Russia and is now occupied by Russian forces. But when Russia invaded Ukraine in February 2022, the alleged leader of the notorious cybercrime gang — Vyacheslav Igoravich Andreev (a.ka. Penchukov) — fled his mandatory military service orders and was arrested in Geneva, Switzerland. He is currently in federal custody awaiting trial, and is slated to be arraigned in U.S. federal court tomorrow (Jan. 9, 2024). A copy of the indictment against Andreev is here (PDF).

Read More