Darknet Millions and Coinbases New Crisis: Key Cybersecurity Developments This Week

Here is the translated and rephrased version of the provided text:

We’ve compiled the most significant cybersecurity news from the past week.

Law enforcement agencies from ten countries have seized $200 million in cash and cryptocurrencies and arrested 270 individuals allegedly connected to a major drug and arms trafficking network. This was reported by the U.S. Department of Justice.

The authorities confiscated over two tons of illegal drugs, 144 kg of substances mixed with fentanyl, and 180 firearms.

U.S. prosecutors have charged several prominent traffickers, including operators of Nemesis and Incognito Markets, who utilized cryptocurrency for opioid sales and to obscure their earnings.

Security researchers from DomainTools discovered over 100 malicious Chrome browser extensions mimicking legitimate applications, including crypto utilities, YouTube, VPN services, and AI assistants.

The risks associated with installing these extensions include account takeovers, personal data theft, and network activity monitoring. Ultimately, they create a backdoor for attackers within the compromised browser, posing a significant exploitation threat.

Stolen session cookies could potentially allow unauthorized access to legitimate VPN devices or corporate accounts, facilitating more extensive attacks on corporate networks.

Google has removed most of these extensions; however, as of the time of writing, some still remain in the Chrome Web Store.

U.S. intelligence agencies took control of the Lumma stealer control panel, while their counterparts in Europe and Japan dismantled the malware’s infrastructure, and Microsoft secured a court ruling to block approximately 2,300 associated domains.

This well-known threat, which has existed since late 2022, spread through GitHub comments and deepfake generation sites. Subscription costs ranged from $250 to $1,000.

Once the Lumma system was compromised, it was capable of stealing data from browsers and applications, including cryptocurrency wallets, cookies, credentials, passwords, and credit card information. The stealer has extensive evasion capabilities.

In a separate operation, Europol shut down around 300 servers, dismantled 650 domains, and issued arrest warrants for 20 cybercriminals connected to the Bumblebee, Lactrodectus, QakBot, DanaBot, TrickBot, and WARMCOOKIE malware. More than €21.2 million was confiscated, including €3.5 million in cryptocurrency.

In early May, hackers breached a modified Signal client from TeleMessage, intercepting communications from over 60 high-ranking U.S. officials. This was reported by Reuters.

Among the victims were first responders, customs officials, several U.S. diplomatic staff, at least one White House employee, and a member of the Secret Service.

According to reports, on May 4, the attackers infiltrated TeleMessage’s servers, which produces encrypted modifications of well-known messaging apps. They accessed the internal infrastructure and managed to dump 410 GB of user messages in under 20 minutes.

The hackers also gained access to internal communications of employees at the cryptocurrency exchange Coinbase. However, company representatives stated that they did not use the messaging service for sharing critical client information.

The organization DDoSecrets announced access for researchers and journalists to a database containing the chat logs and metadata of TeleMessage users.

The European Council added the web hosting provider Stark Industries and its two executives—CEO Yuri Nekuliti and owner Ivan Nekuliti—to its sanctions list for their involvement in cyberattacks on behalf of Russia.

«They acted as accomplices to various entities sponsored and connected to the Russian state, facilitating destabilizing activities, including interference in information manipulation and cyberattacks against the EU and third countries,» the statement read.

Stark Industries is registered in the United Kingdom and offers VPS/VDS servers in the UK, the Netherlands, Germany, France, Turkey, and the U.S. The provider accepts payments in Bitcoin, Ethereum, Monero, and Dash.

Experts link various disinformation campaigns and DDoS attacks benefitting Russia to Stark Industries’ servers and other services provided by the Nekuliti brothers.

Additionally, the structure of Roskomnadzor—the State Unitary Enterprise «Main Radio Frequencies Center»—has also been sanctioned for its involvement in electronic warfare tactics, including GPS signal jamming and spoofing in the Baltic States, as well as causing disruptions to civil aviation.

Vietnam’s technology ministry accused the messaging app Telegram of refusing to cooperate with law enforcement and ordered it to be blocked in the country until June 2. This was reported by Reuters.

According to authorities, 68% of the 9,600 channels and groups on the messenger in Vietnam violate the law. These reportedly circulate «toxic» content, publish anti-government materials, and facilitate crimes including fraud and drug trafficking.

The statement emphasized that Telegram has not registered its operations in the country, does not remove prohibited content upon police request, and does not provide user data to the government for criminal investigations.