Cyber Intelligence Weekly: The 3 New Stories You Need to Know this Week (Issue 170 – December 8, 2024)

Dear Friends and Colleagues,

Welcome to our weekly newsletter where we share some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!

To receive these and other curated updates to your inbox on a regular basis, please sign up for our email list here: https://echeloncyber.com/ciw-subscribe

Before we get started on this week’s CIW, I’d like to highlight our masterful tabletop exercise practice!

Empower Your Leadership Team with Executive-Level Incident Response Tabletop Exercises In today's threat landscape, preparation is the ultimate defense. Our Executive-Level Tabletop Exercises are designed to equip your leadership team with the tools and strategies to effectively navigate complex cyber incidents.

What we offer:

? Customized Scenarios tailored to your organization’s specific threats.

? Incident Lifecycle Management including detection, containment, and communication.

? Strategic Insights through post-exercise evaluations and actionable recommendations.

Ready to elevate your resilience? Let’s start the conversation today.

Learn more here: https://lnkd.in/eUHgYXG3

Away we go!

?

1.??Operation Destabilize Unravels Crypto Money Laundering Networks

Ekaterina Zhdanova, once celebrated as a glamorous Russian socialite and entrepreneur, has been accused of running a vast cryptocurrency money-laundering network. Zhdanova, who previously graced magazine covers and mingled with celebrities, is now alleged to have played a critical role in laundering billions for Russian oligarchs, ransomware operators, and criminal organizations. Western authorities revealed details of Operation Destabilize, an international effort to dismantle two interconnected Russian-led laundering networks—one allegedly spearheaded by Zhdanova.

The Smart Group, which investigators believe Zhdanova leads, specialized in converting illicit cryptocurrency into cash. This operation often involved trading large sums of crypto from Russian elites or cybercriminals with European drug gangs for physical cash, obscuring the origins of the funds. Zhdanova’s network allegedly coordinated these swaps, often leveraging brokers in the UAE. Meanwhile, a second network, the TGR Group, led by George Rossi, focused on integrating laundered funds into legitimate financial systems. Together, these networks facilitated billions in annual transactions.

The networks' activities extended beyond financial crimes, with ties to organized crime groups and Russian state interests. Authorities traced ransomware payments, including those linked to the notorious Ryuk group, to Zhdanova's operations. The networks also reportedly used Russian cryptocurrency exchange Garantex, which has been sanctioned for its role in enabling cybercrime. Investigators have made significant progress, arresting dozens of individuals, including key operatives, and seizing millions in cash and cryptocurrency. However, parts of the networks remain operational.

Operation Destabilize highlights the evolving threat of crypto-enabled money laundering, with Zhdanova’s case shedding light on how digital currencies are exploited to circumvent sanctions and fund criminal enterprises. While Zhdanova remains in custody in France, her alleged chameleon-like ability to adapt and orchestrate complex financial crimes has drawn international scrutiny. Authorities are continuing to pursue leads to dismantle the remaining facets of these global laundering operations.

?

?

2.??British Telecom Giant BT Group Confirms Cyberattack Attempt by Black Basta Ransomware

BT Group, one of the United Kingdom’s leading telecommunications companies, has confirmed an attempted cyberattack on its conferencing platform by the notorious Black Basta ransomware group. The company stated that the incident, which targeted specific elements of the platform, was swiftly contained, with affected servers taken offline to prevent further compromise. Core services, including BT Conferencing’s live offerings and customer data, were not impacted, and the organization continues to collaborate with law enforcement and regulatory bodies as part of its response.

Black Basta, a ransomware group linked to over 500 attacks globally since its emergence in 2022, claimed responsibility for the breach. The hackers allege they stole approximately 500 GB of sensitive data, including financial records, personal employee information, and internal corporate documents. The group threatened to leak the stolen files unless a ransom is paid, although BT has not disclosed whether negotiations are underway.

The incident highlights Black Basta’s advanced tactics, which often involve social engineering methods such as email bombing and phishing through tools like Microsoft Teams to gain access to target systems. This attack is part of a broader trend of ransomware campaigns targeting critical infrastructure and large enterprises, with the group previously linked to attacks on major organizations like Hyundai Europe and Capita.

BT’s swift containment and ongoing investigation into the breach underscore the importance of robust cybersecurity measures. While the organization has maintained service continuity, the attack serves as a stark reminder of the persistent threat posed by ransomware actors, emphasizing the need for vigilance and proactive defenses in an increasingly interconnected world.

?

3.??Cyber Force Proposal Scaled Back in 2025 Defense Bill

A proposal to explore the creation of a dedicated U.S. Cyber Force has been significantly diluted in the final version of the National Defense Authorization Act (NDAA) for fiscal 2025. While initial drafts called for an independent study by the National Academy of Sciences, Engineering, and Medicine to assess the establishment of a cyber-specific military branch, much of this language has been removed. Instead, the final legislation mandates a broader evaluation of alternative organizational models for cyber forces within the armed services, relegating the feasibility of a separate branch to a secondary consideration.

The compromise reflects pushback from the Department of Defense (DOD) and U.S. Cyber Command, whose leadership, including Air Force Gen. Timothy Haugh, argued against the need for a new service. Advocates for the Cyber Force, however, see this as a missed opportunity, particularly as global adversaries like Russia and China continue to expand their digital warfare capabilities. Proponents contend that a dedicated branch could better address emerging threats in artificial intelligence, cyber espionage, and digital warfare.

One notable change in the NDAA is the absence of a specific deadline for the new study, potentially delaying its execution indefinitely. This aligns with the Pentagon's preference to deprioritize the study amidst its many congressionally mandated tasks. The outcome could embolden the Pentagon to resist further calls for a Cyber Force study in the future, citing ongoing internal reviews and existing cyber organizational frameworks.

As the legislation moves toward final approval, the debate over a U.S. Cyber Force is far from over. Advocates may shift their lobbying efforts to President-elect Donald Trump, recalling his administration’s instrumental role in establishing the U.S. Space Force in 2019. The broader question remains whether the U.S. military will need a dedicated cyber branch to maintain its technological and strategic edge against increasingly sophisticated global adversaries.

Thanks for reading!

About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here: https://echeloncyber.com/about