Comcast has reported a security breach impacting 35,879,455 Xfinity customers. It is reported the breach was discovered December 6th, 2023 with a suspected initial breach date of mid-October, 2023.

Information via BrettCallow

ALPHV ransomware groups website has been seized

Information via AlvieriD

Previously ALPHV ransomware group reported to us that their website was offline due to hardware failure. This has happened to them in the past, so the excuse was plausible. However, as you can see from the image above, it was not hardware failure.

ALPHV ransomware group administrative group has contacted us to inform us they have moved their servers and blogs.

*Image translated from Russian to English

Today the United States government released an official statement regarding ALPHV ransomware group.

They unveiled they have a decryption tool for ALPHV and, with cooperation with international partners, decrypted over 500 companies

More information: https://www.justice.gov/opa/pr/justice-department-disrupts-prolific-alphvblackcat-ransomware-variant

The FBI ALPHV search warrant states that a confidential informant got access to the ALPHV panel.

Then the FBI did an ... 'investigation' on the ALPHV panel, managed to get visibility into the ALPHV network, got 946 private/public keys and access to other affiliate panels (???)

tl;dr summary of United States government (and associated entities) vs ALPHV ransomware group

December 10th, 2023: ALPHV primary domain goes offline, administration saying it is hardware failure

December 10th, 2023: Rumors circulate that is it LE taking down ALPHV

December 11th, 2023: ALPHV denies allegations

December 19th, 2023, 7:26AM EST: ALPHV domain seized

December 19th, 2023, 7:42AM EST: ALPHV states this is the old domain and it doesn't matter

December 19th, 2023, 9:56AM EST, United States Department of Justice releases official statement on the seizure of ALPHV as well as compromising of their servers

December 19th, 2023: 12:34PM EST, ALPHV unseizes domain and threatens retaliation against United States (and associated entities) by allowing attacks against critical infrastructure

Updated United States government vs ALPHV ransomware group

The FBI has re-seized ALPHV's old website, ALPHV would then take it back. It has been seized and then 'unseized' roughly 4 times today.

Lockbit ransomware group is now trying to poach ALPHV developers and affiliates

We're doing (another) giveaway on Twitter

https://twitter.com/vxunderground/status/1737281915890118719

We spoke with Lockbit ransomware group administrative staff today about the ALPHV situation

Lockbit believes what has happened to ALPHV is unfortunate and the FBI poses a considerable threat to his organization

*Image translated from Russian to English

The EFF is cool and badass. They help defend our privacy and internet rights. vx-underground is now a 'Level 2 Guardian'.

POV: you've been trying to solve a computer related problem for 8 hours and its dinner time

We've updated vx-underground

- 30,000+ new malware samples courtesy of virussign
- 2023-12-01 - Defeating Ransomware Through Vulnerability Exploitation

More to come:)

Have a nice day

We are, once again, doing another giveaway. This will be our 2nd to last giveaway this month. Then we will stop spamming all of you with stuff.

https://twitter.com/vxunderground/status/1737628257590362606

This Friday we will be doing our last giveaway for the month of December.

This month we managed to giveaway $48,485.45 of educational courses and exams. Thank you everyone who donated to us to make this possible.

We love all of you.

Have a nice day.

Seasons Greetings ❄️❄️