in short The US Department of Justice has charged six people with two separate schemes to defraud Uncle Sam out of millions of dollars connected to contracts for IT products and services.

The two caseseach involving three people, was the first time the DoJ issued charges related to an ongoing investigation involving IT manufacturers, distributors and resellers and their agreements with the federal government. The Department of Defense was among the agencies stolen by the two fraud groups, the DoJ noted, as were unspecified parts of the intelligence community.

“This office and our partners will use all available resources to prosecute those who would undermine and distort government purchases of goods and services, particularly those related to our cybersecurity infrastructure,” U.S. Attorney Erek Barron told the District of Maryland.

The first group, led by Maryland resident Victor Marquez, allegedly conspired to rig the bids using inside information “to create artificially priced, non-competitive and non-independent bids, ensuring that Marquez’s company would win the acquisition,” it said DoJ.

Marquez was CHARGED (PDF) in a four-count indictment for conspiracy to commit wire fraud, wire fraud and grand larceny, for which he faces up to 70 years in prison, with his co-conspirators charged with similar crimes.

In the other group, Breal L. Madison Jr. was hit with a 13-count indictment (PDF) and his co-conspirators on lesser charges, “for orchestrating a years-long scheme to defraud his employer and the United States of more than $7 million in connection with the sale of IT products to various government agencies.”

Madison reportedly used the stolen funds to buy luxury items, including a yacht and Lamborghini Huracan, which the government plans to confiscate if convicted. Charged with conspiracy, bribery, mail fraud and money laundering, Madison faces up to 185 years in prison if convicted.

“There is no place for crooks and crooks who conspire to manipulate the government bidding process for personal gain,” said FBI Special Agent in Charge William DelBagno.

Researchers disrupt massive network of long-running e-commerce fraud

Human Security’s Satori threat research team has disrupted an e-commerce fraud ring said to have been operating for five years, infecting more than a thousand websites and collecting tens of millions of dollars from hundreds of thousands of victims in the process.

Doubled “Phish ‘n’ Ships,” according to researchers, the operation used known vulnerabilities to infect legitimate websites to create fake product listings and metadata used to insert too-good-to-be-true offers at the top of search results pages.

Victims who buy products are presented with a legitimate payment processor page, so the transaction is technically real – but there is no product and nothing appears.

Satori said he was able to get the fake listings he discovered out of Google’s SERPs, and the victimized payment processors banned Phish ‘n’ Ships operators from their platforms, but he probably isn’t sure yet.

“Threat actors are unlikely to go about their business without trying to find a new way to perpetuate their fraud,” Satori said.

Rule of thumb: If a deal seems too good to be true, it probably isn’t.

Iranian hackers are superpowered with AI

Threat actors linked to Iran’s Islamic Revolutionary Guard Corps (IRGC) have adopted several new techniques, including the use of artificial intelligence, in some of their latest operations, US cybersecurity officials ADVISED (PDF) this week.

the group, colloquially known as Cotton Sandstormshe was allegedly seen masquerading as a legitimate Iranian business called Aria Sepehr Ayandehsazan (ASA) for financial and HR purposes, as well as to set up her own resale hosting service for her and the activities of other threat actors.

“These cover hosting providers were established by the ASA to centralize and manage the provision of operational infrastructure while providing plausible deniability that the malicious infrastructure was assigned by a legitimate hosting provider,” the FBI said.

ASA was also used to list and spy on IP cameras in Israel in the run-up to the October 7, 2023 attack by Hamas, and has stepped up its use of AI for use in messaging.

The usual mitigation measures apply, the FBI, CISA and Israel’s National Cyber ​​Directorate said in a joint advisory, so make adjustments to avoid your infrastructure being hit by this storm.

German cops hack DDoS site, catch operators

An international law enforcement operation aimed at disrupting DDoS-as-a-service websites has caught another bad actor, this time in Germany, where a pair of unnamed suspects, aged 19 and 28, have were detained on charges of operating not only an online market. for “designer drugs and liquids made from synthetic cannabinoids”, but also a website dedicated to presenting DDoS services for hire.

The Bundeskriminalamt, Germany’s equivalent of the US FBI, said On Friday, it arrested the pair for operating ‘Flight RCS’ and ‘Dstat.cc’, the former a drug market and the latter a DDoS site.

Dstat did not actually offer any DDoSaaS, but rather was a platform for criminals to show off the effectiveness of their particular service and for other criminals to review their experiences using the platforms.

Operation Power Off is an ongoing international law enforcement operation dedicated to disrupting websites and DDoSaaS operators. Earlier this year, the operation also disrupted what Britain’s National Crime Agency said the most prolific DDoSaaS operator in the world. The operation has been going on for several years and it did disturbed dozens operations since 2018.

Here’s another reason to practice good password hygiene

Microsoft said this week that it has detected a Chinese threat actor using a network of botched SOHO routers to pulverize passwords and gain initial access to enterprise networks.

To make matters worse, Microsoft said it is not yet certain what vulnerability the threat actor, tracked as Storm-0940, is abusing to gain access to the routers, and once compromised, the threat actor takes steps to avoid being caught.

The network, called Quad7, uses a rotating set of IPs to launch attacks and hits a specific target only once a day with a fake connection attempt, ensuring its attempts are not noticed.

“Storm-0940 is known to target organizations in North America and Europe, including think tanks, government organizations, non-government organizations, law firms, the defense industrial base, and others,” Microsoft said — and it’s not the only group that it is believed to be using the Quad7 botnet.

In short, this is a dangerous one, so make sure you practice good password hygiene and using MFA. ®