Researchers Expose ProxySmart Software Behind Global SIM Farms

Meet ProxySmart, a sneaky software powering "SIM Farm as a Service" operations worldwide, with a massive footprint of 94 phone farms across 17 countries and 19 US states. Its creators, a Belarus-based vendor, have made it easy for operators to run mobile proxy infrastructure at commercial scale.

https://osintsights.com/researchers-expose-proxysmart-software-behind-global-sim-farms?utm_source=mastodon&utm_medium=social

#SimFarm #Proxysmart #MobileProxyInfrastructure #Belarus #EmergingThreats

Europol Dismantles SIM Farm Network Powering 49 Million Fake Accounts Worldwide

Europol announced the disruption of a sophisticated cybercrime-as-a-service (CaaS) platform that operated a SIM farm and enabled its customers to carry out a broad spectrum of crimes ranging from phishing to investment fraud.

#SIMfarm #Europol #CaaS #cybercrime #security #cybersecurity #hackers #hacking

https://thehackernews.com/2025/10/europol-dismantles-sim-farm-network.html

https://youtube.com/shorts/oGOQOUq28nA?si=vILC34YsoIG81dHQ

49 Million Fake Accounts Busted: Inside Europol's Epic Cybercrime Takedown

Linktr.ee/562AlexD

#Europol #OperationSIMCARTEL #Cybercrime #SpanishNationalPolice #SIMFarm #DigitalSecurity #OnlineFraud #Phishing #InvestmentScams #MadridRaid #DeadInternetTheory #BotAccounts

Hey team! 👋 It's been a bit quiet on the news front over the last 24 hours, but we've still got some important updates on a major cybercrime takedown, ongoing infostealer campaigns, and a significant data privacy fine. Let's dive in:

Europol Disrupts Massive SIM Farm Network 🛡️

- Europol, in 'Operation SIMCARTEL', has dismantled a sophisticated cybercrime-as-a-service (CaaS) platform operating SIM farms globally.
- The operation led to seven arrests, seizure of 1,200 SIM box devices containing 40,000 active SIM cards, five servers, and significant financial assets.
- This network enabled the creation of over 49 million fake online accounts, facilitating phishing, smishing, investment fraud, and other crimes across more than 80 countries.

📰 The Hacker News | https://thehackernews.com/2025/10/europol-dismantles-sim-farm-network.html

TikTok Videos Push Infostealers via ClickFix Attacks ⚠️

- Cybercriminals are actively using TikTok videos, disguised as free activation guides for popular software like Windows and Spotify, to spread information-stealing malware.
- The campaign leverages a "ClickFix" social engineering technique, tricking users into executing malicious PowerShell commands as an administrator.
- This script downloads Aura Stealer, which then exfiltrates sensitive data including browser credentials, authentication cookies, and cryptocurrency wallet information.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/tiktok-videos-continue-to-push-infostealers-in-clickfix-attacks/

Experian Fined for Mass Data Collection Violations 🔒

- Experian Netherlands has been hit with a EUR 2.7 million ($3.2 million) fine by the Dutch Data Protection Authority (AP) for multiple GDPR violations.
- The company unlawfully collected personal data from various public and private sources, including the Chamber of Commerce and telecom/energy companies, without informing individuals or obtaining consent.
- This data was used to generate credit scores, which adversely affected individuals' ability to secure services or pay installments, highlighting critical data privacy breaches.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/legal/experian-fined-32-million-for-mass-collecting-personal-data/

#CyberSecurity #ThreatIntelligence #Cybercrime #Europol #SIMFarm #Malware #Infostealer #TikTok #SocialEngineering #DataPrivacy #GDPR #Experian #InfoSec

It's been a busy 24 hours in the cyber world with significant updates on recent breaches, innovative threat actor techniques, critical vulnerabilities, and ongoing legal battles over digital privacy. Let's dive in:

Recent Cyber Attacks & Breaches ⚠️

- Peer-to-peer lender Prosper confirmed a September cyberattack, with HaveIBeenPwned reporting 17.6 million affected victims. Compromised data includes email addresses, personal details, and Social Security numbers, though customer accounts and funds remain safe.
- Dairy Farmers of America (DFA) disclosed a June ransomware attack by the Play gang, which used sophisticated social engineering to steal sensitive personal information, including SSNs and bank account numbers, from 4,546 individuals. This highlights a concerning trend of increasing attacks on the food and agriculture sector.
- Envoy Air, an American Airlines subsidiary, confirmed data theft from its Oracle E-Business Suite by the Clop extortion group. Clop exploited zero-day vulnerabilities (CVE-2025-61882, CVE-2025-61884) in Oracle EBS, a campaign that has affected dozens of organisations, including Harvard University.
- Europol's "SIMCARTEL" operation dismantled a sophisticated cybercrime network responsible for over 3,200 fraud cases and $5.8 million in losses. The network used 1,200 SIM box devices and 40,000 active SIM cards to facilitate phishing, scams, and other crimes across 80+ countries by providing anonymous phone numbers for fake accounts.
- An indictment against former US National Security Adviser John Bolton revealed that suspected Iranian hackers accessed his email account in July 2021, threatening to leak sensitive materials and drawing comparisons to past high-profile email breaches.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/10/17/prosper_breach/
🗞️ The Record | https://therecord.media/dairy-farm-leaked-info-ransomware
🗞️ The Record | https://therecord.media/regional-airline-envoy-oracle
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/american-airlines-subsidiary-envoy-confirms-oracle-data-theft-attack/
🤫 CyberScoop | https://cyberscoop.com/europol-dismantles-cybercime-network-sim-boxes-fraud/
🗞️ The Record | https://therecord.media/europe-sim-farms-raided-latvia-austria-estonia
🤫 CyberScoop | https://cyberscoop.com/john-bolton-indictment-says-suspected-iranian-hackers-accessed-his-emails-issued-threats/

New Threat Research & Tradecraft 🛡️

- North Korean threat groups, including Famous Chollima and UNC5342, are employing advanced evasive techniques. Famous Chollima uses BeaverTail and OtterCookie for keylogging and screenshotting, while UNC5342 leverages EtherHiding, a JavaScript payload that uses a public blockchain as a decentralised, resilient C2 server.
- These groups primarily target job seekers with fake offers and technical assessments to deploy multi-stage malware (JadeSnow, BeaverTail, InvisibleFerret) for espionage, persistent network access, and cryptocurrency theft.
- Microsoft has revoked over 200 fraudulent certificates used by the Vanilla Tempest (aka Vice Society/Vice Spider) ransomware group. These certificates signed fake Microsoft Teams installers that delivered the Oyster backdoor, ultimately leading to Rhysida ransomware deployment, often initiated via SEO poisoning.

🤫 CyberScoop | https://cyberscoop.com/north-korea-attackers-evasive-techniques-malware/
💥 The Hacker News | https://thehackernews.com/2025/10/microsoft-revokes-200-fraudulent.html

Critical Vulnerabilities & Exposure 🚨

- A critical out-of-bounds write vulnerability (CVE-2025-9242, CVSS 9.3) in WatchGuard Fireware OS's IKEv2 process allows unauthenticated remote code execution (RCE). This pre-authentication flaw, affecting internet-exposed VPN services, is highly attractive to ransomware groups and requires immediate patching.
- Over 266,000 F5 BIG-IP instances are exposed online following a nation-state breach (linked to China's UNC5291) that stole source code and undisclosed vulnerabilities. F5 has released patches for 44 flaws, and CISA has mandated federal agencies to update or decommission end-of-life devices by late October.
- Microsoft patched CVE-2025-55315 (CVSS 9.8), the highest-severity ASP.NET Core flaw ever, which is an HTTP request smuggling bug in the Kestrel web server. This vulnerability could allow authenticated attackers to hijack credentials, bypass security controls, or perform injection attacks, necessitating prompt updates for all affected .NET applications.
- ConnectWise addressed two critical vulnerabilities in its Automate RMM platform: CVE-2025-11492 (CVSS 9.6) for cleartext sensitive data transmission and CVE-2025-11493 (CVSS 8.8) for lack of update integrity verification. These flaws, especially when combined, enable adversary-in-the-middle (AiTM) attacks to intercept traffic and push malicious updates, posing a significant supply chain risk.

💥 The Hacker News | https://thehackernews.com/2025/10/researchers-uncover-watchguard-vpn-bug.html
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/over-266-000-f5-big-ip-instances-exposed-to-remote-attacks/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-highest-severity-aspnet-core-flaw-ever/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/connectwise-fixes-automate-bug-allowing-aitm-update-attacks/

Digital Rights & Regulatory Battles ⚖️

- The Electronic Frontier Foundation (EFF) and three US labor unions are suing the Trump administration over its "Catch and Revoke" social media surveillance program. This program uses AI to monitor non-citizen visa holders' online activity for "anti-American" views, raising serious First Amendment and privacy concerns, and has led to union members self-censoring.
- The Computer & Communications Industry Association (CCIA) is challenging Texas's new "App Store Accountability Act," which mandates age verification and parental consent for app downloads for users under 18. The CCIA argues this law is an unconstitutional "censorship regime" that infringes on free speech and user privacy, while being largely ineffective.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/10/17/labor_unions_surveillance_lawsuit/
🗞️ The Record | https://therecord.media/tech-industry-texas-age-gating

#CyberSecurity #ThreatIntelligence #Ransomware #DataBreach #NationState #APT #ZeroDay #Vulnerability #RCE #SupplyChain #SIMFarm #SocialEngineering #AI #DataPrivacy #Regulatory #InfoSec #CyberAttack #Malware #IncidentResponse

Ich glaube, nachdem nun selbst einige Medien aus dem InfoSec-Bereich die stark nach Humbug riechende SIM-Farm-Geschichte des USSS völlig unkritisch übernommen haben, bin ich wohl gezwungen, den Medienkonsum einiger Medien zu überdenken.

Positiv erwähnt sei Seytonic.

#USpol #USSS #UNGA #NYC #NewYork #SIMFarm #Infosec #Security