40552
The largest collection of malware source, samples, and papers on the internet. Password: infected https://vx-underground.org/
Updated United States government vs ALPHV ransomware group
The FBI has re-seized ALPHV's old website, ALPHV would then take it back. It has been seized and then 'unseized' roughly 4 times today.
Lockbit ransomware group is now trying to poach ALPHV developers and affiliates
ALPHV has ... unseized their domain?
They claim the FBI compromised one of their domain controllers. Additionally, they state they are removing all rules from their affiliate program (omit the rule on targetting the CIS) - allowing affiliates to target critical infrastructure
The FBI ALPHV search warrant states that a confidential informant got access to the ALPHV panel.
Then the FBI did an ... 'investigation' on the ALPHV panel, managed to get visibility into the ALPHV network, got 946 private/public keys and access to other affiliate panels (???)
ALPHV ransomware group administrative group has contacted us to inform us they have moved their servers and blogs.
*Image translated from Russian to English
ALPHV ransomware groups website has been seized
Information via AlvieriD
POV: Cybersecurity companies seeing a small to medium sized business being hit by ransomware after declining to pay $150,000/month for their product
Читать полностью…
vx-underground talking with vendors and CERTs trying to get free stuff
Читать полностью…
Some important updates for vx-underground for the remainder of 2023:
- More giveaways of educational content coming. Unfortunately, we are relatively busy and we are having a difficult time giving away so much material so fast. Be patient! We have 4 more remaining! This totals roughly $55,000 in educational content given away for free to you beautiful bastards.
- Harddrive pre-orders are being cloned. New purchases will begin cloning in January, 2024
- Updates to vx-underground content will be slow, if even at all, for the remainder of 2023 as we enjoy the holiday season and vacation time 😎
Important updates to vx-underground in 2024:
- Improve site search functionality
- Improve site scrapability for degenerates
- Give away educational content once per month
- December, 2024 will be giveaways all month (again)
- Black Mass Vol 3 will be released
- Black Mass Vol 4 ¯\_(ツ)_/¯
- Allow API querying and downloading in VXDB
- Add 'recent additions' feed to website
- Reactivate Twitter ransomware bot
- New merchandise? ¯\_(ツ)_/¯
Thank you for everyone who sponsors, donates, purchases things from us, and interacts with our posts. All of these things allow growth which brings in revenue. This increases the sites performance and materials without charging money to people and without us worshipping corporate overlords.
We look forward to serving all of you in 2024.
I love you
Oh, and per request we will accept BTC and ETH for harddrive purchases 🫡
Читать полностью…
Doing more giveaways, as is tradition.
https://twitter.com/vxunderground/status/1736076937309593737
This is what true limitless power looks like. This person has ascended into omnipotence
Читать полностью…
We're almost done with our giveaways so soon we'll stop spamming you degenerates with free shit. Anyway, here is the next round of free stuff:
https://twitter.com/vxunderground/status/1735537990288490939
An unknown Threat Actor is selling stolen data from Bank of America. They claim they have over 500,000 unique records of customers with data including:
- First Name
- Last Name
- Full Address
- Date of Birth
- Social Security Number
1. We are now selecting individuals to win vx-underground merch. We are choosing random people in blocks of 10. Pay attention!
2. More giveaways tomorrow
3. Yes, we know the RansomwareNewsBot on Twitter is still down. The developer traveled to the UAE and disappeared. Not joking.
Giving away $800 of vx-underground merch on Twitter for Christmas / holiday season
https://twitter.com/vxunderground/status/1734673266357186847
tl;dr summary of United States government (and associated entities) vs ALPHV ransomware group
December 10th, 2023: ALPHV primary domain goes offline, administration saying it is hardware failure
December 10th, 2023: Rumors circulate that is it LE taking down ALPHV
December 11th, 2023: ALPHV denies allegations
December 19th, 2023, 7:26AM EST: ALPHV domain seized
December 19th, 2023, 7:42AM EST: ALPHV states this is the old domain and it doesn't matter
December 19th, 2023, 9:56AM EST, United States Department of Justice releases official statement on the seizure of ALPHV as well as compromising of their servers
December 19th, 2023: 12:34PM EST, ALPHV unseizes domain and threatens retaliation against United States (and associated entities) by allowing attacks against critical infrastructure
Welp, today Kingdom Market was seized by German authorities. The German authorities also notified individuals of the domain seizure on Dread ... with Kingdom Marketplaces administrators PGP key ...
😭😭oh my god
Today the United States government released an official statement regarding ALPHV ransomware group.
They unveiled they have a decryption tool for ALPHV and, with cooperation with international partners, decrypted over 500 companies
More information: https://www.justice.gov/opa/pr/justice-department-disrupts-prolific-alphvblackcat-ransomware-variant
Previously ALPHV ransomware group reported to us that their website was offline due to hardware failure. This has happened to them in the past, so the excuse was plausible. However, as you can see from the image above, it was not hardware failure.
Читать полностью…
Comcast has reported a security breach impacting 35,879,455 Xfinity customers. It is reported the breach was discovered December 6th, 2023 with a suspected initial breach date of mid-October, 2023.
Information via BrettCallow
When we asked a vendor for free stuff and they asked us what our 4th quarter social media strategy is
(we don't have strategies)
We are once again doing another giveaway on Twitter - we are approaching the end of our giveaways
https://twitter.com/vxunderground/status/1736646877385248934
We are now cloning harddrive pre-orders. We are working on 8 harddrives to be sent to purchasers. Additionally, we have 20+- harddrives in stock which are available for purchase.
If you'd like the complete vx-underground collection you can buy it here: https://www.vx-underwear.org/collections/vxug-collection
We've got legitimate companies reaching out to us, offering us money to tweet their brands or products. They are calling us "influencers".
We just posted a video of serial killer Jeffrey Dahmer forcing a victim to watch a C++ programming tutorial. We are NOT influencers 😂😂😂
WARNING: Before reading this, put a helmet on your head so when you begin repeatedly bashing your head on your desk you don't get brain damage. Chronic Traumatic Encephalopathy (CTE) is a serious issue. You've been warned.
Private Threat Intelligence community CTI League (CTIL) is being accused by political commentators (?) about conducting COVID19 counter-misinformation campaigns. CTIL was primarily documenting COVID19 misinformation campaigns and reporting information to healthcare facilities and government agencies on Threat Actor activity.
Political commentators assert CTIL intentionally withheld information on suspected Threat Actor's because their true objective was to target anti-vax individuals and act as a tool for NATO-based entities to conceal or censor information and freedom of speech.
This is the first time, to the best of our knowledge, that political commentators have vocally expressed disdain toward Cyber Threat Intelligence groups ... with the false belief they're a censorship group. The issue has escalated to the point where leadership from CTIL had to testify in front of United States congress.
tl;dr Cyber Threat Intelligence for healthcare facilities is illegal and for nerds
tl;dr tl;dr wtaf lmfao
We've won an award! We won the SANS "Most IC3 complaints" award! Shout out to the FBI, NSA, and CIA for not hooding us, kidnapping us, and prying our eyes open like that totally creepy scene from A Clockwork Orange.
Читать полностью…
Researcher discovers XSS/CSRF abusing undocumented features in Twitter analytics.
Thread shows full JS exploit chain to hijack users accounts by having them click a link.
¯\_(ツ)_/¯ Another day in Shangri-La
https://twitter.com/shoucccc/status/1734802168723734764
Seriously, we say 'comment on the tweet for a chance to win'. If you DM us a whole shakespearean speech on why you deserve to win we will orbital nuke you
Читать полностью…