14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
Nevermind, they got bonked now – was enjoying some ice cream and watching Brooklyn Nine-Nine until nerds began blowing up the phone.
Читать полностью…
Today Lockbit ransomware group's website has been seized (again).
The new server hijack mocking asks Lockbit ransomware group administrative "What have we learned?" and states they will unveil more identities of ransomware operators behind Lockbit (possibly the leaders too)
Hello, how are you?
We hope everyone had a good week and is enjoying their weekend thus far. Today is the day of rest.
Enjoy your Sunday.
Yesterday (or whenever, we don't care enough to get the exact date) F-Society ransomware group claimed to have compromised Bitfinex.
This compromise is a hoax. Bitfinex was not compromised. The 'stolen data' is just a list of username:password combinations from GitHub.
Underground ransomware group, a relatively new group which first appeared roughly March 21, 2024, has claimed to have ransomed Synology.
Synology is a Taiwanese corporation that specializes in network-attached storage appliances. Many nerds are familiar with them.
Underground ransomware group claims to have exfiltrated 51GBs of data. Upon review of leaked data snippets it appears they've primarily exfiltrated data off of user workstations. It is also in German. We aren't going to translate German into English (it's Saturday) – so we can't weight in on the validity or the value of the data.
Interestingly, the date of the data shows 2023-07-18. We aren't sure if they've had access to Synology for several months, or they've simply grabbed older data.
Unlike most traditional ransomware groups they also have a Telegram channel.
These government e-mails, which can used for social engineering, can be sold for as low as $1 – in some cases they're free because of how many are available.
tl;dr their problem is your problem because they will use it against your company or end users
(we're not the fancy smart looking dude in the suit)
Читать полностью…
Note:
Other members of vx-underground listen to weird techno music that sounds like it belongs in an anime. Other members, such as Bradley, don't listen to anything so they can focus (he is probably a serial killer)
Note:
* No Threat Actor(s) have taken credit for the compromise
* Individuals reviewing the data suspect the parent company, Psyclone Inc, may have been the initial access point. Evidence supporting this is debug data present in The Post Millennial database dump as well as adjacent website HumanEvents going offline – however this still remains speculation.
17 days away from 5 year vx-underground anniversary
Читать полностью…
Today DropBox reported to the SEC that on April 24th, 2024, they detected unauthorized access to the DropBox Sign prod environment.
DropBox states an unknown Threat Actor(s) was able to access user e-mails, usernames, account settings, and in some scenarios hashed passwords, phone numbers, API keys, OAuth tokens, and MFA.
DropBox states there is no evidence the Threat Actor(s) accessed user contents or payment information. They state no other products owned by DropBox were compromised – only DropBox Sign was compromised.
They state an investigation is on-going and no specific Threat Actor(s) or group have been attributed to the attack.
More information: https://www.sec.gov/Archives/edgar/data/1467623/000146762324000024/dbx-20240429.htm
Today Yaroslav Vasinskyi, the REvil ransomware operator responsible for the infamous Kaseya supply chain attack, was sentenced to 13 years in prison.
https://www.justice.gov/opa/pr/sodinokibirevil-affiliate-sentenced-role-700m-ransomware-scheme
On Monday a former NSA employee was sentenced for attempting to sell Top Secret United States documents to the Russian Federation.
His plot was foiled when he tried to sell the documents to an undercover FBI Agent.
He was sentenced to 21 years in prison
https://www.justice.gov/opa/pr/former-nsa-employee-sentenced-over-21-years-prison-attempted-espionage
It is the day of rest. However, the FBI and NCA UK apparently do not believe in this. We are upset by this. Both organizations can now redeem one (1) monkey bonk at their time of choosing.
Читать полностью…
Telegram nerds,
Per request (multiple requests...) we will enable comments on posts on Telegram. We will do it some time next week, whenever we get around to it. Please try to keep it civil (we know you won't, you're all a bunch of degenerates, but please try).
Have a nice day.
If you or someone you know recently commented on this situation without verifying the validity of the data please deploy one (1) monkey bonk.
Thanks,
Update:
Someone asked for a comment from Synology. Synology confirmed they were targeted by (what they believe to be) a spear-phishing campaign in April, 2023.
tl;dr the data is old. No ransomware was deployed. The company is not impacted.
Thank you to the people who enjoy calling us 'fart faces' and 'stinky' from compromised government e-mails. It's fun:)
It's also painstakingly obvious that less-developed countries run rampant with stealer malware and it poses a serious security threat
When you're a degenerate nerd but corporate asks you to go to a conference
Читать полностью…
When we're coding we like to listen to gangster rap (it makes us feel cool and dangerous)
Читать полностью…
Yesterday evening The Post Millennial, a Canadian conservative news website, was compromised. The landing page was defaced, displaying the transgender flag, as well as making a satirical post mocking conservative author and social media commentator Andy Ngo.
The Threat Actor(s) responsible for the compromise leaked information on 39,850 subscribers to the website. The leaked information includes:
- Gender
- Name
- Display name
- Nick name
- E-mail address
- Phone number
- Address
- Password
- Subscriber details (payment information)
- 'Daleted' – a boolean field incorrectly spelled
and more...
Passwords are in plain text. Payment information does not display credit card information. Payment information displays preferred payment method (e.g. PayPal, Credit Card, Debit Card) and currency used (e.g. CAD, USD). Some fields are optional such as telephone number or address. Additionally, this leak unveils some information on government representatives across the globe – including United States government personnel. This displays their contact information in plain text.
Also, the Threat Actor(s) leaked information on authors for The Post Millennial editors. We are not sure on the validity of this data, unless this website has 761 editors. Editor information disclosure shows:
- Username
- IP Address
- Phone number
- Country
- Email address
- Name
Image 1. Snippet of leaked subscriber information
Image 2. Snippet of leaked editor information
Image 3. Defaced website and satirical post
In Honor of World Password Day we would like to inform all of you that the password is "infected"
Thanks
Recently we've had a few companies contact us about doing sponsored tweets.
They see our engagement rates and likes on posts.
They don't see that a majority of our follower base is criminals, weebs, degenerates, Linux users, and C programmers
These are the last publicly posted images of Yaroslav Vasinskyi.
He was approx. 19 years old in these pictures.
He was arrested at approx. 22 years old.
He was sentenced at approx. age 25 years old.
He will be released from prison when he is approx. 38 years old.
He made approx. $8,300,000. Don't throwaway your life for ransomware.
2 weeks ago McAfee reported a variant of Redline stealer using Lua.
This is 100% some nerd from Roblox who decided to go into the stealer game 😂😂😂
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/redline-stealer-a-novel-approach/
"Are your malware builders clean?"
Hell no they're not clean – don't trust those things, not memeing.
Them: "lmfap"
Me: *sees obvious typo* "laughing my fucking ass pants"