banner
mattkapko.com
Matt Kapko
@mattkapko.com
310 followers 640 following 31 posts
Reporter @cyberscoop.bsky.social covering cybercrime and software defects • Grateful lifelong Californian • matt.49 on Signal • [email protected] • mattkapko.com
Posts Media Videos Starter Packs
Reposted by Matt Kapko
cyberscoop.bsky.social
CyberScoop @cyberscoop.bsky.social · 6d
The emails, which are littered with broken English, aim to instill fear, apply pressure, threaten public exposure and seek negotiation for a ransom payment. via @mattkapko.com cyberscoop.com/extortion-em...
Here is the email Clop attackers sent to Oracle customers
The emails, which are littered with broken English, aim to instill fear, apply pressure, threaten public exposure and seek negotiation for a ransom payment.
cyberscoop.com
1 2
Reposted by Matt Kapko
gregotto.bsky.social
Greg Otto @gregotto.bsky.social · 7d
CYBERSCOOP AFTER DARK: Attackers appearing to be aligned with the Clop ransomware group have sent emails to Oracle customers seeking extortion payments, claiming they stole data from the tech giant’s E-Business Suite. Early signs point to it being legit cyberscoop.com/clop-claims-...
Oracle customers being bombarded with emails claiming widespread data theft
Researchers tell CyberScoop that notorious ransomware group Clop may be behind the email barrage.
cyberscoop.com
2 6
mattkapko.com
Matt Kapko @mattkapko.com · 7d
New from me. CyberScoop after dark. cyberscoop.com/clop-claims-...
Oracle customers being bombarded with emails claiming widespread data theft
Researchers tell CyberScoop that notorious ransomware group Clop may be behind the email barrage.
cyberscoop.com
2 3
mattkapko.com
Matt Kapko @mattkapko.com · 7d
Hi, Kevin -- I'd like to learn more about your findings. Can we please chat 1:1? My DMs are open on Bluesky or I can be reached at matt.kapko AT cyberscoop.com
mattkapko.com
Matt Kapko @mattkapko.com · Sep 2
The DOJ recently announced it seized $2.8M from an alleged ransomware operator living in California back in early 2024. The Russian national was arrested and charged a year ago, but released on bail the same day. He's still out, despite multiple run-ins with police. cyberscoop.com/ianis-antrop...
Prolific Russian ransomware operator living in California enjoys rare leniency awaiting trial
Ianis Aleksandrovich Antropenko allegedly committed ransomware attacks from 2018 to 2022. He’s been out on bond since his arrest almost a year ago, despite multiple run-ins with police.
cyberscoop.com
1 7
mattkapko.com
Matt Kapko @mattkapko.com · Aug 27
Likewise, and your story on this is fantastic.
timstarks.bsky.social
Tim Starks @timstarks.bsky.social · Aug 27
I find this push-and-pull over a bunch of things — cyber offense, active defense, hacking back, letters of marque, industry issues, policymaking issues — to be really fascinating. cyberscoop.com/google-cyber...
Google previews cyber ‘disruption unit’ as U.S. government, industry weigh going heavier on offense
Google says it is starting a cyber “disruption unit,” a development that arrives in a potentially shifting U.S. landscape toward more offensive-oriented approaches in cyberspace.
cyberscoop.com
1 1 3
mattkapko.com
Matt Kapko @mattkapko.com · Jul 29
Both?
2 5
mattkapko.com
Matt Kapko @mattkapko.com · Jul 15
21-year-old former Army soldier pleaded guilty Tuesday to charges stemming from a series of attacks and extortion attempts last year on telecommunications companies, including AT&T. tip @techmeme.com cyberscoop.com/cameron-wage...
Former Army soldier pleads guilty to widespread attack spree linked to AT&T, Snowflake and others
Cameron Wagenius faces a maximum of 27 years in prison. A researcher that helped with the investigation called this ‘one of the most significant wins in the fight against cybercrime.'
cyberscoop.com
1
Reposted by Matt Kapko
cyberscoop.bsky.social
CyberScoop @cyberscoop.bsky.social · Jul 7
Scattered Spider weaves web of social-engineered destruction. The cybercrime ring has infiltrated more than 100 businesses since 2022, including more than a dozen since it regrouped earlier this year. via @mattkapko.com cyberscoop.com/scattered-sp...
Scattered Spider weaves web of social-engineered destruction
The cybercrime ring has infiltrated more than 100 businesses since 2022, including more than a dozen since it regrouped earlier this year.
cyberscoop.com
3 2
Reposted by Matt Kapko
gregotto.bsky.social
Greg Otto @gregotto.bsky.social · Jul 2
NEW: The head of the FBI's cyber div told @timstarks.bsky.social that Salt Typhoon is “largely contained” and “dormant” in the networks, “locked into the location they’re in” and “not actively infiltrating information" in an exclusive intv with @cyberscoop.bsky.social cyberscoop.com/top-fbi-cybe...
Top FBI cyber official: Salt Typhoon ‘largely contained’ in telecom networks
Brett Leatherman told CyberScoop in an interview that while the group still poses a threat, the bureau is focused on resilience and victim support, and going on offense could be in the future.
cyberscoop.com
4 11
Reposted by Matt Kapko
timstarks.bsky.social
Tim Starks @timstarks.bsky.social · Jun 28
Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report cyberscoop.com/hacker-helpe...
Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
A cartel affiliate notified an FBI agent about a hacker who infiltrated cameras and phones to track an FBI official’s meetings, the DOJ inspector general said.
cyberscoop.com
7 10
mattkapko.com
Matt Kapko @mattkapko.com · Jun 28
Constant Headache, followed very shortly after by NBTSA.
1 1
mattkapko.com
Matt Kapko @mattkapko.com · Jun 24
Thank you, @colinwood.me
mattkapko.com
Matt Kapko @mattkapko.com · Jun 24
Hat tip to @ransomwaresommelier.com, @kaylintrychon.bsky.social, @chetwisniewski.securitycafe.ca.ap.brid.gy, @christiaanbeek.bsky.social and Rob Lee @sansinstitute.bsky.social
3
mattkapko.com
Matt Kapko @mattkapko.com · Jun 24
Supposed experts and mainstream media have spent the past few days hyperventilating over reports of a colossal data breach that exposed more than 16 billion credentials. There’s just one inconvenient detail: evidence to support its sensational claim is lacking. cyberscoop.com/colossal-dat...
The ‘16 billion password breach’ story is a farce
Experts told CyberScoop the research 'doesn’t pass a sniff test' and detracts from needed conversations around credential abuse and information stealers.
cyberscoop.com
1 13 19
Reposted by Matt Kapko
cyberscoop.bsky.social
CyberScoop @cyberscoop.bsky.social · Jun 16
Cybercrime crackdown disrupts malware, infostealers, marketplaces across the globe. A burst of global law enforcement actions during the past few weeks marked by a flurry of successful takedowns gives cybercrime experts a jolt of hope. via @mattkapko.com cyberscoop.com/cybercrime-c...
Cybercrime crackdown disrupts malware, infostealers, marketplaces across the globe
A burst of global law enforcement actions during the past few weeks marked by a flurry of successful takedowns gives cybercrime experts a jolt of hope.
cyberscoop.com
2 2
mattkapko.com
Matt Kapko @mattkapko.com · Jun 9
The Com’s chaotic, sprawling network, composed of mostly teenagers and young adults, are committing their crimes primarily for notoriety amongst their peers on the internet,
@nixonnixoff.bsky.social said during a presentation @sleuthcon.bsky.social. cyberscoop.com/the-com-subc...
Internet infamy drives The Com's crime sprees
Unit 221B’s Allison Nixon said crackdowns have effectively shown the group that their actions carry real consequences.
cyberscoop.com
1 10 8
Reposted by Matt Kapko
cyberscoop.bsky.social
CyberScoop @cyberscoop.bsky.social · Jun 3
CrowdStrike and Microsoft announced an agreement Monday to formally connect the different names each company uses for the same threat groups in their attribution analysis. via @mattkapko.com cyberscoop.com/crowdstrike-...
CrowdStrike, Microsoft aim to eliminate confusion in threat group attribution
Wild variances in naming taxonomies aren’t going away, but a new initiative from the security vendors aims to more publicly address obvious overlap in threat group attribution.
cyberscoop.com
2 3
Reposted by Matt Kapko
cyberscoop.bsky.social
CyberScoop @cyberscoop.bsky.social · May 30
Treasury sanctions crypto scam facilitator that allegedly stole $200M from US victims. The Philippines-based company Funnull operated a large cybercrime platform encompassing more than 332,000 domains, the FBI said. via @mattkapko.com youtu.be/ytmg-jbyl6o?... | cyberscoop.com/funnull-cryp...
Treasury sanctions crypto scam facilitator that allegedly stole $200M from US victims
YouTube video by CyberScoop
youtu.be
3 2
Reposted by Matt Kapko
ransomwaresommelier.com
Allan “Ransomware Sommelier” Liska @ransomwaresommelier.com · May 29
This is good news!

Just as ransomware has a whole ecosystem built up around it, so do these scam call centers, but at a much larger scale. Taking down one of the bigger ecosystem players will, hopefully, have a disruptive effect.

via @mattkapko.com & @cyberscoop.bsky.social
Treasury sanctions crypto scam facilitator that allegedly stole $200M from US victims
The Treasury Department on Thursday sanctioned Philippines-based Funnull Technology on Thursday for its role in "pig butchering schemes."
cyberscoop.com
3 6
Reposted by Matt Kapko
cyberscoop.bsky.social
CyberScoop @cyberscoop.bsky.social · May 28
Multiple attackers are raiding Ivanti customers’ systems again by exploiting a pair of closely intertwined vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) to achieve unauthenticated remote code execution. via @mattkapko.com cyberscoop.com/ivanti-epmm-...
Questions mount as Ivanti tackles another round of zero-days
The besieged security vendor maintains the latest exploited vulnerabilities in its products are entirely linked to unspecified security issues in open-source libraries. Some researchers aren’t buying ...
cyberscoop.com
1 4 4
Reposted by Matt Kapko
cyberscoop.bsky.social
CyberScoop @cyberscoop.bsky.social · May 28
Laundry Bear, a group recently identified by Dutch intelligence and security services, stole work-related contact details on the Netherlands’ national police force in September 2024, Microsoft researchers said. via @mattkapko.com www.youtube.com/watch?v=b53l... | cyberscoop.com/laundry-bear...
New Russian state-sponsored APT quickly gains global reach, hitting expansive targets
YouTube video by CyberScoop
www.youtube.com
2 1
Reposted by Matt Kapko
cyberscoop.bsky.social
CyberScoop @cyberscoop.bsky.social · May 27
A newly discovered Russian state-sponsored threat group has targeted a large swath of industries, especially in #NATO member states and #Ukraine, part of a global #espionage campaign in support of Moscow’s interests, Microsoft Threat Intelligence said in a Tuesday blog post. via @mattkapko.com
New Russian state-sponsored APT quickly gains global reach, hitting expansive targets
Laundry Bear, a group recently identified by Dutch intelligence and security services, stole work-related contact details on the Netherlands’ national police force in September 2024, Microsoft researc...
cyberscoop.com
3 3
Reposted by Matt Kapko
cyberscoop.bsky.social
CyberScoop @cyberscoop.bsky.social · May 22
The successful break-up of DanaBot marks the second high-profile law enforcement disruption of a widespread malware operation in as many days. via @mattkapko.com cyberscoop.com/danabot-malw...
DanaBot malware operation seized in global takedown
The successful break-up of DanaBot marks the second high-profile law enforcement disruption of a widespread malware operation in as many days.
cyberscoop.com
2 3
Reposted by Matt Kapko
cyberscoop.bsky.social
CyberScoop @cyberscoop.bsky.social · May 21
Lumma Stealer, a widely used infostealer malware linked to cybercrime sprees and multiple high-profile attacks, was dismantled through a coordinated global operation meant to seize its core infrastructure. via @mattkapko.com cyberscoop.com/lumma-steale...
Lumma Stealer toppled by globally coordinated takedown
Global law enforcement authorities and Microsoft seized or disrupted the prolific infostealer’s central command infrastructure, malicious domains and marketplaces where the malware was sold.
cyberscoop.com
2 2