Russian hacker gang goes dark to relocate; may be moving to China
Infamous Russian Business Network 'down, not out,' says researcher
Computerworld - The Russian Business Network (RBN), a notorious hacker and malware hosting organization that operates out of St. Petersburg, Russia, has gone off the air, security researchers said today.
According to a pair of Trend Micro Inc. researchers, RBN went dark around 10 p.m. EST Tuesday. "The routing information for their IP addresses has been withdrawn," said Paul Ferguson, a network architect at Trend Micro. "That's significant because while RBN has had connectivity issues in the past, then the routing [to its IP addresses] was still being advertised. This time, they've been voluntarily withdrawn.
"This is not the result of someone, such as their ISP, blackholing their traffic," Ferguson continued. "This was done voluntarily." Another report, however, on The Washington Post's Web site, claimed that while RBN has severed links to the Internet, its upstream connectivity providers had begun to refuse to route RBN traffic as early as mid-October.
By relinquishing control of the IP blocks it had been allocated, RBN essentially cut ties to the Internet and made it impossible for its domains -- which number in the thousands -- to access the Web or for users to reach those domains. "Where once there might have been 22 feasible paths for data to take to their IP blocks, now there are none," Ferguson said.
He speculated that RBN is simply shifting to new digs, diversifying its considerable back-end infrastructure, trying to lay low or all of the above. "No one knows why they've done this, but I think they're down, not out," he said.
Jamz Yaneza, a Trend Micro research project manager, agreed. "We're seeing signs of RBN-like activity elsewhere, in Turkey, Taiwan and China. RBN may be moving to places even more inaccessible to the law [than Russia]. Everyone knows they were in St. Petersburg, but now they're changing houses, changing addresses."
RBN has been fingered as the source of a multitude of attacks, including last month's rigged-PDF blitz that used a vulnerability in Windows to drop malware on unsuspecting users who opened specially-crafted PDF-formatted documents. In September, security researchers blamed the gang for infecting customers of the Bank of India with a wide variety of malicious code when they visited the bank's hacked site.
But while RBN may be diversifying its assets -- "piecemealing," Ferguson called it -- it's unlikely to be gone long. "I can't believe they'd walk away from the money. Thinking that they're shutting shop is just naive."
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Cybersecurity for Dummies eBook This book provides an in-depth examination of real-world attacks and APTs, the shortcomings of legacy security solutions, the capabilities of next-generation firewalls, and...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different.... All Cybercrime and Hacking White Papers | Webcasts