This is the 2nd time, that we are aware of, that the United States Department of Justice, has admitted to using offensive operations to take down, or disrupt, ransomware groups.

The DoJ has announced that they are now focusing their efforts on HIVE affiliates and developers.

The United States government has admitted, for the 2nd time, to utilizing offensive operations against ransomware groups

tl;dr ransomware group with 24/7 SOC

Conspiracy theories galore online right now as people speculate that the NSA used a 0day exploit to compromise HIVE. Others suggest it was an inside job - an admin at HIVE leaked information to EUROPOL agents.

Reality: Phishing (probably)

Ransomware group comment to the HIVE take down:

ALPHV: This would not work on us, we have too strong security and we do not store anything on our servers

BianLian: Too bad. I think they will be restored under a new name

Lockbit: Nice news. I love when FBI pwn my competitors

The Yandex leak has shown that Yandex uses racial slurs as variable names.

Text translation:

Github: We renamed Master to Main so it is not associated with racism

Yandex:

What the hell is wrong with you nerds?

It is of the utmost importance we relay this information to all of you:

Yandex confirms usage of racial slurs in company source code. Yandex states the code which uses racial slurs did not affect company services (?), and was only used internally. They stated the racial slurs violate company policy and have apologized

https://cyberscoop.com/racial-slurs-discovered-in-leaked-yandex-source-code/

We've updated the vx-underground malware sample collection

- Virusshare.00456
- Virusshare.Android.APK.2022
- 36,260 new malicious binaries added
- All named using Kaspersky naming convention

Check it out here: https://samples.vx-underground.org/samples/Blocks/

General updates:

- 45TB+ of data delivered in the past 28 days
- 95% completion of The Old New Thing archive
- 15% of malware collection synced with Tria.ge
- ???

Sebastien Raoult, an alleged member of ShinyHunters group, has been extradited from Morocco following a request from the United States government. He is currently in Seattle, Washington.

He is facing 116 years in prison. He has plead not guilty.

https://www.justice.gov/usao-wdwa/pr/alleged-french-cybercriminal-appear-seattle-indictment-conspiracy-computer-intrusion

There is a very real possibility that sometime in the future, your children, or grandchildren, will ask if you've ever heard of vx-underground.

You can happily tell them you followed us from our beginnings on Telegram.

They will respond with: "what the hell is a Telegram?"

We've updated the vx-underground malware collection. We have added 40,000 new malware samples to our "In The Wild" collection.

- Volume 0035
- Volume 0036

Check it out here: https://samples.vx-underground.org/samples/Blocks/

This video has millions of views and is appearing on Facebook, Instagram, and TikTok.

Key points:

- Don't check Facebook with your microwave
- Every product on the planet is based out of the United States, duh
- FBI agents glow in the dark
- The Matrix song goes hard

We have finished archiving The Old New Thing blog from Raymond Chen. It is nearly 3 decades of articles - dates ranging from July, 2003 to December, 2022.

We will now begin our next large project.

Check it out here: https://www.vx-underground.org/the_old_new_thing.html

We've updated the vx-underground APT collection. We have added samples and papers from December 2022 and January 2023.

Special thanks to f0wlsec for the papers, samples, and aggregating the content as always

Check it out here: https://www.vx-underground.org/malware.html#2023

We've updated the vx-underground InTheWild collection. We've added volumes 0037, 0038, 0039, and 0040. It is 80,000 new unique malicious binaries.

Special thanks to petikvx for aggregating the malware samples.

Check it out here: https://samples.vx-underground.org/samples/Blocks/

Updating and aggregating content on Industrial Control System malware is a nightmare