From the United States Department of Justice:
911 S5 Botnet Dismantled and Its Administrator Arrested in Coordinated International Operation
Botnet Infected Over 19M IP Addresses to Enable Billions of Dollars in Pandemic and Unemployment Fraud, and Access to Child Exploitation Materials
https://www.justice.gov/opa/pr/911-s5-botnet-dismantled-and-its-administrator-arrested-coordinated-international-operation
911 S5 Botnet Dismantled and Its Administrator Arrested in Coordinated International Operation
Botnet Infected Over 19M IP Addresses to Enable Billions of Dollars in Pandemic and Unemployment Fraud, and Access to Child Exploitation Materials
https://www.justice.gov/opa/pr/911-s5-botnet-dismantled-and-its-administrator-arrested-coordinated-international-operation
www.justice.gov
911 S5 Botnet Dismantled and Its Administrator Arrested in Coordinated
A court-authorized international law enforcement operation led by the U.S. Justice Department disrupted a botnet used to commit cyber attacks, large-scale fraud, child exploitation, harassment, bomb threats, and export violations.
π’37π«‘12π7π₯°6π₯3
We've updated the vx-underground papers collection. You won't believe what we've added. The 3rd paper will blow your mind!
^ That's how some media outlets write and no one likes it, not even the writers
^ That's how some media outlets write and no one likes it, not even the writers
π72π10π₯6β€4π’2π2
Over the past couple of weeks several high-profile Threat Actors, believed to be operating out of the United States or United Kingdom, suddenly disappeared
There is no evidence of rebrand or exit. All contact addresses are active, logs still present. They just vanished π€
There is no evidence of rebrand or exit. All contact addresses are active, logs still present. They just vanished π€
π€105π±11π’4π3π€―2π2π€£2π«‘1
Today we spoke with multiple individuals privy to and involved in the alleged TicketMaster breach.
Sometime in April an unidentified Threat Group was able to get access to TicketMaster AWS instances by pivoting from a Managed Service Provider. The TicketMaster breach was not performed by ShinyHunters group. ShinyHunters is the individual and/or group which posted the auction of the data, they are acting as a proxy for the Threat Group responsible for the compromise.
Based on data provided to us by the Threat Group responsible for the compromise, we can assert with a high degree of confidence the data is legitimate. Date ranges in the database appear to go as far back as 2011. However, some dates show information from the mid-2000's. Data shared with us includes:
- Full name
- Email address
- Address
- Telephone number
- Credit card number (hashed)
- Credit card type, authentication type, etc
- All user financial transactions
NOTE: The data provided to us, even as a 'sample', was absurdly large and made it difficult to review in depth. We are unable to verify the authenticity of financial information. Briefly skimming the PII present in the dump, it appears authentic.
Sometime in April an unidentified Threat Group was able to get access to TicketMaster AWS instances by pivoting from a Managed Service Provider. The TicketMaster breach was not performed by ShinyHunters group. ShinyHunters is the individual and/or group which posted the auction of the data, they are acting as a proxy for the Threat Group responsible for the compromise.
Based on data provided to us by the Threat Group responsible for the compromise, we can assert with a high degree of confidence the data is legitimate. Date ranges in the database appear to go as far back as 2011. However, some dates show information from the mid-2000's. Data shared with us includes:
- Full name
- Email address
- Address
- Telephone number
- Credit card number (hashed)
- Credit card type, authentication type, etc
- All user financial transactions
NOTE: The data provided to us, even as a 'sample', was absurdly large and made it difficult to review in depth. We are unable to verify the authenticity of financial information. Briefly skimming the PII present in the dump, it appears authentic.
π58β€3π’1π1
Media is too big
VIEW IN TELEGRAM
Law enforcement agencies across the globe have come together, similar to Goku and Vegeta doing the Gogeta fusion dance, to form "Operation Endgame".
Agencies from The Netherlands, Denmark, United Kingdom, France, Germany, and the United States have created a website and disclose episodes (and seasons?) and have countdowns to ... potential indictments or arrests? Operation Endgame has a timer, similar to ransomware groups, and is scheduled to release something in roughly 7 hours.
Each episode (a/k/a arrest or indictment?) comes with an actual anime short. Law enforcement going crazy π
Url: https://operation-endgame.com/
Agencies from The Netherlands, Denmark, United Kingdom, France, Germany, and the United States have created a website and disclose episodes (and seasons?) and have countdowns to ... potential indictments or arrests? Operation Endgame has a timer, similar to ransomware groups, and is scheduled to release something in roughly 7 hours.
Each episode (a/k/a arrest or indictment?) comes with an actual anime short. Law enforcement going crazy π
Url: https://operation-endgame.com/
π€£124π11π€―11π€7π₯4π’4β€2π1π1
Media is too big
VIEW IN TELEGRAM
The latest release from Operation Endgame has been released.
In this video it is evident that Law enforcement agencies across the globe banded together to pay for roughly 30 seconds of Skrillex sound bites
In this video it is evident that Law enforcement agencies across the globe banded together to pay for roughly 30 seconds of Skrillex sound bites
π€£98β€11π₯5π5π4π3π’1
Crazy to think we've got Fed anime and Fed dubstep before we got Elder Scrolls VI or Grand Theft Auto VI
π€£119π₯8β€4π3π1π1π’1
Previously on Dragon Ball Z: Law enforcement agents seized the BreachForum backend and placed a 'this site has been seized' sticker on the BreachForum landing page. However, shortly after the takedown, BreachForum quickly returned online.
Fast forward to today: BreachForum administrative staff issued a statement on their forum to Breach members and law enforcement agencies. The messages are attached to this post.
Breach administrative staff also shared e-mail's between them and their host provider
In summary Breach administrative staff assert law enforcement failed to successfully executive a seizure and inadvertently caused damage to a business who is not affiliated with them. Breach administrators also some how acquired the e-mail correspondence between law enforcement agencies and their host provider.
Fast forward to today: BreachForum administrative staff issued a statement on their forum to Breach members and law enforcement agencies. The messages are attached to this post.
Breach administrative staff also shared e-mail's between them and their host provider
In summary Breach administrative staff assert law enforcement failed to successfully executive a seizure and inadvertently caused damage to a business who is not affiliated with them. Breach administrators also some how acquired the e-mail correspondence between law enforcement agencies and their host provider.
π€£128π€―8β€2π₯2π’1
vx-underground
Previously on Dragon Ball Z: Law enforcement agents seized the BreachForum backend and placed a 'this site has been seized' sticker on the BreachForum landing page. However, shortly after the takedown, BreachForum quickly returned online. Fast forward toβ¦
"successfully executive"
Imagine if we could make a single post without sounding like a bunch of idiots
Imagine if we could make a single post without sounding like a bunch of idiots
β€βπ₯61π€£28β€5π4π2π₯2π―2π₯°1π’1π1
Today the National Police of Ukraine, in conjunction with the Cyber Department of the Security Service of Ukraine, announced a takedown of multiple 'hacker services'.
The takedown is in partnership with the United States, France, the Netherlands, the United Kingdom, Northern Ireland, Denmark, and Germany in what is now being labeled as "Operation Endgame".
The raids disclosed today are related to 'Pikabot', 'IcedId', and 'AlexCrypt'. These malicious tools and malware campaigns are explicitly noted by the National Police of Ukraine as being in the arsenal of Russian-based Threat Groups 'BlackBasta', 'REvil', and 'Conti'.
Raids were conducted in unspecified regions of Ukraine. However, it is noted suspected developers, suspected administrators, and suspected operation organizers were raided. Furthermore, servers were 'blocked' (?), mobile devices were seized, and computer equipment was seized.
More information: https://cyberpolice.gov.ua/news/zablokovano-xakerski-servisy-svitovyx-kiberzlochynnyx-organizaczij-slidchi-naczpolicziyi-ukrayiny-doluchylysya-do-mizhnarodnoyi-speczoperacziyi-endgame-2143/
The takedown is in partnership with the United States, France, the Netherlands, the United Kingdom, Northern Ireland, Denmark, and Germany in what is now being labeled as "Operation Endgame".
The raids disclosed today are related to 'Pikabot', 'IcedId', and 'AlexCrypt'. These malicious tools and malware campaigns are explicitly noted by the National Police of Ukraine as being in the arsenal of Russian-based Threat Groups 'BlackBasta', 'REvil', and 'Conti'.
Raids were conducted in unspecified regions of Ukraine. However, it is noted suspected developers, suspected administrators, and suspected operation organizers were raided. Furthermore, servers were 'blocked' (?), mobile devices were seized, and computer equipment was seized.
More information: https://cyberpolice.gov.ua/news/zablokovano-xakerski-servisy-svitovyx-kiberzlochynnyx-organizaczij-slidchi-naczpolicziyi-ukrayiny-doluchylysya-do-mizhnarodnoyi-speczoperacziyi-endgame-2143/
π€£63π20β€7π’5π1π€1π«‘1
We are aware that one of the images released by the National Police of Ukraine, during a raid from Operation Endgame, shows an arrest of a naked person.
No information is given on who this person is or why they're naked.
tl;dr prolly raided while showering or going potty
No information is given on who this person is or why they're naked.
tl;dr prolly raided while showering or going potty
π€£108π«‘27π7π’2
This media is not supported in your browser
VIEW IN TELEGRAM
Security researcher GossiTheDog shared a TikTok video from Microsoft employees showing Microsoft Recall.
Rest assured that malware will not be able to access it and your privacy is safe (joking, it's super unsafe)
Rest assured that malware will not be able to access it and your privacy is safe (joking, it's super unsafe)
π€£129π11β€4π±3π€2π1π’1
vx-underground
Security researcher GossiTheDog shared a TikTok video from Microsoft employees showing Microsoft Recall. Rest assured that malware will not be able to access it and your privacy is safe (joking, it's super unsafe)
The good news: prompted UAC, administrative privileges required to access this folder
The bad news: still easily accessible
The bad news: still easily accessible
π€£135π7π6π₯5π1π’1
May 26th Hudson Rock began investigating the alleged TicketMaster breach and the subseuent Santander Bank breach. They spoke with an unidentified Threat Actor(s) claiming responsibility for the breach. Hudson Rock was able to confirm some of their statements.
They discovered Snowflake, a large cloud storage provider, was impacted by Lumma Stealer.
The unidentified Threat Actor states they were able to get access to those companies by Infostealer malware, which allowed them to log into ServiceNow and bypass OKTA.
The unidentified Threat Actor(s) stated they're trying to extort Snowflake for $20,000,000 but Snowflake has ignored them. The Threat Actor(s) also claim to have exfiltrated sensitive data from over 400 companies which use Snowflake.
More information: https://www.hudsonrock.com/blog/snowflake-massive-breach-access-through-infostealer-infection
They discovered Snowflake, a large cloud storage provider, was impacted by Lumma Stealer.
The unidentified Threat Actor states they were able to get access to those companies by Infostealer malware, which allowed them to log into ServiceNow and bypass OKTA.
The unidentified Threat Actor(s) stated they're trying to extort Snowflake for $20,000,000 but Snowflake has ignored them. The Threat Actor(s) also claim to have exfiltrated sensitive data from over 400 companies which use Snowflake.
More information: https://www.hudsonrock.com/blog/snowflake-massive-breach-access-through-infostealer-infection
Hudson Rock
Hudson Rock - Infostealer Intelligence Solutions
Powered by Hudson Rock's continuously augmented cybercrime database, composed of millions of machines compromised by Infostealers in global malware spreading campaigns.
π₯46π3π±3β€2
Snowflake has put out a statement denying being compromised
Full statement: https://community.snowflake.com/s/question/0D5VI00000Emyl00AB/detecting-and-preventing-unauthorized-user-access
Full statement: https://community.snowflake.com/s/question/0D5VI00000Emyl00AB/detecting-and-preventing-unauthorized-user-access
Snowflake
Snowflake Community
Join our community of data professionals to learn, connect, share and innovate together
π€28π4π4π’2