14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
Dear Cloudflare,
You're currently flagging us as a phishing domain. We aren't a phishing domain. Also, we use your product for our website. Please help.
Thanks,
You degenerates need to stop goofin' on the FBI 😭
Читать полностью…
Correction: USDoD was a broker and/or middleman for the initial posting. We were instructed to explicitly state that credit for the compromise is to be given to an individual operating under the moniker "SXUL".
Читать полностью…
Today RansomHub ransomware group claimed to ransom Frontier Communications. Frontier Communications is a large Internet Service Provider based out of Dallas, Texas.
Frontier Communications confirmed this by submitting a form 8-K to the SEC.
Information via Dominic Alvieri
Comments are disabled again. Channel removed. We underestimated the degeneracy. Nerds flooded the channel faster than we anticipated. It was the great vx-underground temp chat civil war of 2024.
Читать полностью…
Good morning,
Several people have asked about an account named 'vxugsupp'. We are not vxugsupp. We do not know who that is. The only staff members from vx-underground on Telegram are @smellyvx (hi, it's me, smelly) and @BradleyVX
Have a nice day. Enjoy the rest of your weekend.
We've broken 300,000 followers on Xitter
Thank you for the love and support.
Cheers to 400,000
Love you♥️
Previously on Dragon Ball Z, the individuals who claim responsibility for the TicketMaster breach stated they got access via a Managed Service Provider – which was later determined to be Snowflake. They claimed access was gotten via an infostealer.
Today Live Nation Entertainment a/k/a TicketMaster reported to the SEC that they had indeed been compromised (SEC link attached at the bottom of post)
Hudson Rock confirmed that employee credentials from Snowflake were stolen via a Lumma Stealer campaign. However, Snowflake put out a statement today stating they have not been compromised and that they believe the individual companies were compromised as a result of poor security practices. White Intel corroborated the findings from Hudson Rock by disclosing more information on the Lumma Stealer campaign.
Will Snowflake reverse their statement and say they're compromised? Will TicketMaster data be leaked online? Will Lumma Stealer keep hitting large companies? Will more data from Snowflake be leaked online? Find out on the next episode of Dragon Ball Z
Official SEC report: https://www.sec.gov/Archives/edgar/data/1335258/000133525824000081/lyv-20240520.htm
Snowflake has put out a statement denying being compromised
Full statement: https://community.snowflake.com/s/question/0D5VI00000Emyl00AB/detecting-and-preventing-unauthorized-user-access
The good news: prompted UAC, administrative privileges required to access this folder
The bad news: still easily accessible
We are aware that one of the images released by the National Police of Ukraine, during a raid from Operation Endgame, shows an arrest of a naked person.
No information is given on who this person is or why they're naked.
tl;dr prolly raided while showering or going potty
"successfully executive"
Imagine if we could make a single post without sounding like a bunch of idiots
Crazy to think we've got Fed anime and Fed dubstep before we got Elder Scrolls VI or Grand Theft Auto VI
Читать полностью…
Law enforcement agencies across the globe have come together, similar to Goku and Vegeta doing the Gogeta fusion dance, to form "Operation Endgame".
Agencies from The Netherlands, Denmark, United Kingdom, France, Germany, and the United States have created a website and disclose episodes (and seasons?) and have countdowns to ... potential indictments or arrests? Operation Endgame has a timer, similar to ransomware groups, and is scheduled to release something in roughly 7 hours.
Each episode (a/k/a arrest or indictment?) comes with an actual anime short. Law enforcement going crazy 😂
Url: https://operation-endgame.com/
Over the past couple of weeks several high-profile Threat Actors, believed to be operating out of the United States or United Kingdom, suddenly disappeared
There is no evidence of rebrand or exit. All contact addresses are active, logs still present. They just vanished 🤔
Hello, how are you?
Today is the day of rest. We hope all of you have had a good week and a good weekend thus far.
Next week we will be updating the archives, adding more papers, and adding more samples.
We'll see you Monday.
Love you ♥️
Today Snowflake, a digital storage provider who was recently surrounded in controversy from the TicketMaster breach, put out a joint statement with both Mandiant and Crowdstrike.
tl;dr Snowflake was not breached
Mandiant and Crowdstrike are both heavy-hitters in the DFIR industry and have worked the largest network compromises on the planet – from ransomware incidents to state sponsored threat actors. So, we applaud Snowflake for hiring not one but two DFIR consulting firms. That is a pretty penny spent and it appears Snowflake took the rumors and speculation very serious. That is cool and badass.
Per the report – although Snowflake was not breached, customers of Snowflake have been a 'trending' target, and some customers failed to follow the recommended best security practices written by Snowflake.
Snowflake, in conjunction with Mandiant and Crowdstrike, identified various customers who may have also been targeted and have notified the customers.
Official statement and more information: https://community.snowflake.com/s/question/0D5VI00000Emyl00AB/detecting-and-preventing-unauthorized-user-access
April 8th, 2024, a Threat Actor operating under the moniker "USDoD" placed a large database up for sale on Breached titled: "National Public Data". They claimed it contained 2,900,000,000 records on United States citizens. They put the data up for sale for $3,500,000.
National Public Data is a background check and person lookup and verification company located in Coral Springs, Florida. The company offers API data lookups to other companies. In summary – they're a lowkey databroker.
Last week we were informed USDoD intends on leaking the database. We requested a copy in advance to confirm the validity of the data.
We reviewed the massive file – 277.1GB uncompressed, and can confirm the data present in it is real and accurate. We searched up several individuals who consented to having their information looked up.
1. The database DOES NOT contain information from individuals who use data opt-out services. Every person who used some sort of data opt-out service was not present.
2. People who did not use data opt-out services and resided in the United States were immediately found. It showed their:
- First name
- Last name
- Address
- Address history (3 decades+)
- Social security number
It also allowed us to find their parents, and nearest siblings. We were able to identify someones parents, deceased relatives, Uncles, Aunts, and Cousins. Additionally, we can confirm this database also contains information on individuals who are deceased. Some individuals located had been deceased for nearly 2 decades.
Chat has returned with rules in place. Hopefully it works. Comments are also enabled.
Have a nice day.
We believe in security through obscurity.
That's why we use a custom built OS that relies on CLGUI (Command Line Graphical User Interface, pronounced KLA GOO EE). It uses images instead of text for the CLI.
Instead of DIR or LS we use a picture of Chicken. GREP is a Kitty
Law enforcement has released a new 'episode' of Operation Endgame. The video is odd.
Читать полностью…
May 26th Hudson Rock began investigating the alleged TicketMaster breach and the subseuent Santander Bank breach. They spoke with an unidentified Threat Actor(s) claiming responsibility for the breach. Hudson Rock was able to confirm some of their statements.
They discovered Snowflake, a large cloud storage provider, was impacted by Lumma Stealer.
The unidentified Threat Actor states they were able to get access to those companies by Infostealer malware, which allowed them to log into ServiceNow and bypass OKTA.
The unidentified Threat Actor(s) stated they're trying to extort Snowflake for $20,000,000 but Snowflake has ignored them. The Threat Actor(s) also claim to have exfiltrated sensitive data from over 400 companies which use Snowflake.
More information: https://www.hudsonrock.com/blog/snowflake-massive-breach-access-through-infostealer-infection
Security researcher GossiTheDog shared a TikTok video from Microsoft employees showing Microsoft Recall.
Rest assured that malware will not be able to access it and your privacy is safe (joking, it's super unsafe)
Today the National Police of Ukraine, in conjunction with the Cyber Department of the Security Service of Ukraine, announced a takedown of multiple 'hacker services'.
The takedown is in partnership with the United States, France, the Netherlands, the United Kingdom, Northern Ireland, Denmark, and Germany in what is now being labeled as "Operation Endgame".
The raids disclosed today are related to 'Pikabot', 'IcedId', and 'AlexCrypt'. These malicious tools and malware campaigns are explicitly noted by the National Police of Ukraine as being in the arsenal of Russian-based Threat Groups 'BlackBasta', 'REvil', and 'Conti'.
Raids were conducted in unspecified regions of Ukraine. However, it is noted suspected developers, suspected administrators, and suspected operation organizers were raided. Furthermore, servers were 'blocked' (?), mobile devices were seized, and computer equipment was seized.
More information: https://cyberpolice.gov.ua/news/zablokovano-xakerski-servisy-svitovyx-kiberzlochynnyx-organizaczij-slidchi-naczpolicziyi-ukrayiny-doluchylysya-do-mizhnarodnoyi-speczoperacziyi-endgame-2143/
Previously on Dragon Ball Z: Law enforcement agents seized the BreachForum backend and placed a 'this site has been seized' sticker on the BreachForum landing page. However, shortly after the takedown, BreachForum quickly returned online.
Fast forward to today: BreachForum administrative staff issued a statement on their forum to Breach members and law enforcement agencies. The messages are attached to this post.
Breach administrative staff also shared e-mail's between them and their host provider
In summary Breach administrative staff assert law enforcement failed to successfully executive a seizure and inadvertently caused damage to a business who is not affiliated with them. Breach administrators also some how acquired the e-mail correspondence between law enforcement agencies and their host provider.
The latest release from Operation Endgame has been released.
In this video it is evident that Law enforcement agencies across the globe banded together to pay for roughly 30 seconds of Skrillex sound bites
Today we spoke with multiple individuals privy to and involved in the alleged TicketMaster breach.
Sometime in April an unidentified Threat Group was able to get access to TicketMaster AWS instances by pivoting from a Managed Service Provider. The TicketMaster breach was not performed by ShinyHunters group. ShinyHunters is the individual and/or group which posted the auction of the data, they are acting as a proxy for the Threat Group responsible for the compromise.
Based on data provided to us by the Threat Group responsible for the compromise, we can assert with a high degree of confidence the data is legitimate. Date ranges in the database appear to go as far back as 2011. However, some dates show information from the mid-2000's. Data shared with us includes:
- Full name
- Email address
- Address
- Telephone number
- Credit card number (hashed)
- Credit card type, authentication type, etc
- All user financial transactions
NOTE: The data provided to us, even as a 'sample', was absurdly large and made it difficult to review in depth. We are unable to verify the authenticity of financial information. Briefly skimming the PII present in the dump, it appears authentic.
We've updated the vx-underground papers collection. You won't believe what we've added. The 3rd paper will blow your mind!
^ That's how some media outlets write and no one likes it, not even the writers