Article 7713A Telegram shortlinks knocked offline over sanctioned VPN connection

Telegram shortlinks knocked offline over sanctioned VPN connection

by
from www.theregister.com - Articles on (#7713A)
Story ImageThe operator of the .ME domain registry has confirmed that Telegram's t.me shortlinks stopped working for around a day while the messaging platform verified that links associated with a sanctioned VPN service had been removed. The US Office of Foreign Assets Control (OFAC) designated First VPN Service (1VPNS) on July 13 for selling services to ransomware groups and other cybercriminals. Shortly after, users across the app reported problems with t.me links, which Telegram uses to share links to channels, groups, and profiles. Founder and CEO Pavel Durov publicly asked the .ME domain registry to look into it and Domain.Me confirmed the issues were related to OFAC sanctions. "The .ME Registry works closely with law enforcement to monitor and mitigate issues across the .ME domain in accordance with applicable laws, including sanctions requirements," Domain.Me stated via X. "On 13 July, 1VPNS was included as a sanctioned entity by the US Department of the Treasury. A Telegram channel using the t.me domain was among 1VPNS identified infrastructure. Accordingly, the t.me domain was suspended. "On 14 July, Telegram provided confirmation that it had removed its links and affiliations with 1VPNS. Once the confirmation was reviewed and verified, the suspension was removed from the t.me domain. "We appreciate Telegram's prompt cooperation in resolving this matter." The registrar did not specify which Telegram channel or group was identified as 1VPNS infrastructure. However, given that the service ran its own Telegram channel/account, and that group had its own t.me link that was also included verbatim in OFAC's sanction announcement, it seems likely that this was the reason for the domain-wide disruption. After European law enforcement agencies took 1VPNS's infrastructure offline in May, authorities said the service, whose administrator was based in Dnipro, Ukraine, had been used by at least 25 ransomware groups, including Avaddon, for network reconnaissance and intrusions. Edvardas ileris, head of Europol's European Cybercrime Centre, said at the time: "For years, cybercriminals saw this VPN service as a gateway to anonymity. They believed it would keep them beyond the reach of law enforcement. This operation proves them wrong. "Taking it offline removes a critical layer of protection that criminals depended on to operate, communicate, and evade law enforcement." According to the FBI, which supported the France and Netherlands-led takedown, 1VPNS was advertised almost exclusively on criminal dark web forums and used for activity beyond ransomware. The service allegedly enabled scammers, botnet traffic, denial-of-service attacks, scanning operations, and more since it began operating around 2014. OFAC designated 1VPNS and its administrator, Dmytro Rashevskyi, on Monday. It also sanctioned Yevgeniy Vladimirovich Silayev for selling cryptors - tools designed to disguise ransomware and other malware so they evade detection by security software. The announcement of the sanctions stated that ransomware groups used both services, causing billions of dollars in losses to US businesses and critical infrastructure providers. Gene Lange, senior counselor to the Secretary of the Treasury, who is also performing the duties of the Under Secretary for Terrorism and Financial Intelligence, said: "Under President Trump's leadership, Treasury is using every available tool to disrupt the cybercriminal ecosystem and protect the American people. "We will continue targeting the actors who enable ransomware attacks against Americans and our critical infrastructure." (R)
External Content
Source RSS or Atom Feed
Feed Location http://www.theregister.co.uk/headlines.atom
Feed Title www.theregister.com - Articles
Feed Link https://www.theregister.com/
Reply 0 comments