"Ukrainian Threat Actor Unmasked in Connection With Raccoon Malware"

Mark Sokolovsky, a 26-year-old Ukrainian national, was indicted on October 5, 2022, for his alleged participation in a global cyber operation known as Raccoon Infostealer. This malware has infected millions of computers worldwide for years, compromising at least 50 million credentials. As of late October, Sokolovsky was being held in the Netherlands, waiting for a US extradition request. According to the US Department of Justice (DOJ), Sokolovsky is accused of operating the Raccoon Infostealer Malware-as-a-Service (MaaS) alongside others. Actors subscribed to Raccoon Infostealer for around $200 per month, which is paid in cryptocurrency. The service involved phishing techniques to install malware that steals personal information. According to the FBI, the malware stole login credentials, financial data, and other personal information. The stolen information could then be used to commit financial crimes or be sold on criminal Internet forums. Raccoon Infostealer is considered one of the most prolific information stealers. Cybercriminals' attraction to the stealer is attributed to Raccoon Infostealer's range of capabilities, adaptability, and use. The group behind Raccoon, active since April 2019, ceased operations in March. According to court records, the temporary halt was caused by Sokolovsky's arrest and the destruction of the takedown of the malware's infrastructure. As of June 2022, a second version of Raccoon Stealer written in C/C++ emerged on underground forums. This article continues to discuss the Racoon Infostealer operator, the massive MaaS scam, and some suggested malware mitigation methods. 

Security Intelligence reports "Ukrainian Threat Actor Unmasked in Connection With Raccoon Malware"