Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
5 résultats taggé bulletproof  ✕
Cybercriminals Are Hiding Malicious Web Traffic in Plain Sight https://www.wired.com/story/cybercriminals-are-hiding-malicious-web-traffic-in-plain-sight/
08/06/2025 10:23:52
QRCode
archive.org
thumbnail

In an effort to evade detection, cybercriminals are increasingly turning to “residential proxy” services that cover their tracks by making it look like everyday online activity.
For years, gray-market services known as “bulletproof” hosts have been a key tool for cybercriminals looking to anonymously maintain web infrastructure with no questions asked. But as global law enforcement scrambles to crack down on digital threats, they have developed strategies for getting customer information from these hosts and have increasingly targeted the people behind the services with indictments. At the cybercrime-focused conference Sleuthcon in in Arlington, Virginia, today, researcher Thibault Seret outlined how this shift has pushed both bulletproof hosting companies and criminal customers toward an alternative approach.

Rather than relying on web hosts to find ways of operating outside law enforcement's reach, some service providers have turned to offering purpose-built VPNs and other proxy services as a way of rotating and masking customer IP addresses and offering infrastructure that either intentionally doesn't log traffic or mixes traffic from many sources together. And while the technology isn't new, Seret and other researchers emphasized to WIRED that the transition to using proxies among cybercrminals over the last couple of years is significant.

wired EN residential-proxy vpn bulletproof
Unveiling Dark Internet Service Providers: Bulletproof Hosting | by team | Dec, 2024 | Medium https://medium.com/@knownsec404team/unveiling-dark-internet-service-providers-bulletproof-hosting-243ddb2b787d
11/12/2024 11:06:24
QRCode
archive.org

Bulletproof hosting services provide the infrastructure for cybercriminal activities, enabling criminals to evade legal constraints and are often used for malware, hacking attacks, fraudulent…

Knownsec404 medium EN 2024 Dark Internet Service Providers Bulletproof hosting
PROSPERO & Proton66: Tracing Uncovering the links between bulletproof networks https://www.intrinsec.com/prospero-proton66-tracing-uncovering-the-links-between-bulletproof-networks/
21/11/2024 17:17:03
QRCode
archive.org
  • The Russian autonomous system PROSPERO (AS200593) could be linked with a high level of confidence to Proton66 (AS198953), another Russian AS, that we believe to be connected to the bulletproof services named ‘SecureHost‘ and ‘BEARHOST‘. We notably observed that both network’s configurations are almost identical in terms of peering agreements and their respective share of loads throughout time.
  • Amongst the activities shared by the two networks, we noticed that both GootLoader and SpyNote malwares recently changed their infrastructure of command-and-control servers and phishing pages from to Proton66. Additionally, the domains hosting the phishing pages deploying SpyNote were hosted on either one of the two AS and had already been used in previous campaigns delivering revoked AnyDesk and LiveChat versions for both Windows and Mac.
  • Regarding the other malicious activities found on PROSPERO’s IPs, we found that throughout September, multiple SMS spam campaigns targeting citizens from various countries were leading to phishing domains hosted on PROSPERO and Proton66. While most phishing templates were usurping bank login pages to steal credit card details, we also noticed that some of them were used to deploy android spywares such as Coper (a.k.a. Octo).
  • SocGholish, another initial access broker (IAB) that we found to be hosting a major part of its infrastructure on Proton66, continues to leverage this autonomous system to host fingerprinting scripts contained on the websites it infects. Along SocGholish, we found out that FakeBat, another loader that infects systems through compromised websites, was using the same IPs to host both screening and redirection script
intrinsec EN 2024 AS200593 AS198953 PROSPERO GootLoader SpyNote Russia bulletproof BEARHOST SocGholish
NoName057(16) | https://www.netscout.com/blog/asert/noname057-16
17/01/2024 11:29:32
QRCode
archive.org
thumbnail

NoName057(16) relies heavily on HTTPS application-layer DDoS attacks, with many attacks repeatedly sourced from the same attack harness, networks, and targeting similar countries and industries.

netscout EN 2024 ddos russia ukraine NoName057 NoName NoName057(16) DDoS hacktivism geopolitics crypto nato russo-ukrainian http https http-attacks https-attacks application-layer-attacks ddosia bobik ddos-for-hire golang bulletproof
Meet Ika & Sal: The Bulletproof Hosting Duo from Hell https://krebsonsecurity.com/2024/01/meet-ika-sal-the-bulletproof-hosting-duo-from-hell/
09/01/2024 09:32:30
QRCode
archive.org

In 2020, the United States brought charges against four men accused of building a bulletproof hosting empire that once dominated the Russian cybercrime industry and supported multiple organized cybercrime groups. All four pleaded guilty to conspiracy and racketeering charges. But…

krebsonsecurity EN 2024 Bulletproof Spamdot hosting Ika Sal crime
4395 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio