Talos: Arrested Hackers Could Be Involved in Angler, Lurk and Bedep Attacks

Talos researchers and engineers have found revealing correlations between the banking Trojan malware Lurk and other large-scale attack infrastructure like Angler and Bedep. In May, 50 people were arrested in a series of raids by Russian law enforcement for their connection with the malware operation that hacked a number of Russian financial institutions including Sberbank.

Talos researchers analyzed the infrastructure related to Lurk and discovered a number of C2 domains, 85 percent of which were tied to a single e-mail address used in the WHOIS information for those domains. The e-mail address was also used previously in registering domains for Angler and Bedep, Talos Outreach Engineer Nick Biasini wrote in the blog post.

Following the large arrests, Talos researchers noted a drop off in several high-profile threats, some of which have already come back online.

“There is no way to say for certain that all of these threats are connected,” Biasini wrote. “But there is one single registrant account that owned domains attached to all of them. If this one group was running all of these activities this will likely go down as one of the most significant arrests in the history of cybercrime with a criminal organization that was easily earning hundreds of millions of dollars.”

Read the rest of the Talos blog here.