Friday, March 11, 2022

The DarkWeb is Pretty Bright on Telegram and Twitter

Dark net services displayed on social media.


By Dominic Alvieri

@AlvieriD

3-9-2022



More and more services and communications that were once reserved for the deepest depths of the DarkWeb are crawling up the stack, if you will to social media platforms. Ransomware group posts are now mainstream on Telegram and Twitter with calls for action, mis or disinformation and fake data leaks.

The hacking free for all


The Russian invasion of Ukraine on February 24th brought about armies of hacktivists, some real while the majority are unskilled and caught up in the wave. Legitimate groups like LAPSUS have taken to social media to announce high profile breaches from Samsung and Nvidia while other groups pretend to have hacked the world.

IT Army of Ukraine

The IT group turned army calls on users to for action providing details of direct targets the group requires taken down. More and more the IT Army of Ukraine posts targets in English and Ukrainian.





Network Battalion 65' posted a fake leak that was so embarrassing for the group but yet they post again. Not shown.


Network Battalion 65'



Like many groups constantly changing members. Brief synopsis is that the group revamping after a fallout and fake Kaspersky leak attempt. Keep an eye out.

Outrageous breach claims have been the norm. Unverified claims ranging from The National Bank of Russia to the FBI itself have been hacked. Hack the Planet until there is nothing left. Peak infosec I believe it was called. Thanks Carl.

Epic leak fail award goes to Network Battalion 65'


Right now this is a black eye that needs to be addressed. Kaspersky itself is facing intense pressure from security staff but this data breach was confirmed fake.


Kaspersky fake data leak.


Kaspersky has issued an official response courtesy of @ajvicens



Kaspersky official response to March 9th NB65 breach claim.

GhostSec

GhostSec like many malicious groups has several channels. IntelGS is Intel GhostSec a darker splintered part of the group that has also joined in the cyber war.


GhostSec


GhostSec channels appear to be currently fragmented and not coordinated.




Lapsus$


After two successful high profile leaks of Samsung and Nvidia last week LAPSUS is toying around with an anonymous poll when allegedly they have already breached Vodafone.

Mercado Libre just disclosed a breach on their latest 8k release this week with the Securities and Exchange commission. Mercado did not release a timeline or provide more vector details at this moment. 

Impresa the Portuguese media giant was hacked by Lapsus$ over the new years holiday and has had several website and platform issues ever since. The main Impresa website /impresa.pt has been down and is currently down as of March 11th, 2022.


Impresa of Portugal hacked by Lapsus.



Lapsus$ is seen toying with companies they have already hacked and allegedly hacked. Vodafone is unconfirmed at the moment.



LAPSUS Vodafone breach claim.


Groups regularly post claims and recruit people of all types. Anonymous groups large and small have taken over social media with misinformation and disinformation campaigns creating profiles, hashtags and using automated software and bots to promote their goals.

Videos and photoshopped imagers are the norm. 


IY Army of Ukraine post.


Against the West / Blue Hornet


The group appears to be restructuring and has been quiet this week as of last check. Like all groups use caution so that you don't get stung.


Against the West.

Trolls

Don't waste your time.

Stormus group tops that list. Others come to mind.

Verify any information or disinformation before you respond in any way, if at all.



Gazprom alleged data leak on Telegram




Lapsus$ live post as I blog taking credit for Ubisoft hack and advertising The Verge article about it on one of their channels.


Ubisoft hacked by Lapsus$


Lapsus$ appears to have several flaws, youth, inexperience in several key areas, smashing and grabbing what they can, the group is buying inside access from either an employee or vendor and then getting to work. Access is usually gained through a VPN or AnyDesk remote control application, recon, targeting and then deploying payloads. Social engineering methods and other low grade tactics.

Check your employees and vendors.

Currently advertising for services now.

Updated: 7 members of Lapsus$ have been arrested aged 16-21. Other members are still at large and doubtful ring leader or mastermind is teenager arrested in Oxford, England as media claims. I do not believe that to be true. There are more members at large. To be continued...


Lapsus$ advertising for hackers.

Conti

Still alive and kicking albeit smaller and segmented. Looking to reform in Russia.

Samsung Leak

Lapsus$ again.



LockBit has just allegedly leaked several companies from Singapore, verification pending. LockBit has been very active in the past 30 days. Lapsus has a mock vote due this weekend to leak another high profile company and I'm sure they will be plenty of fake anonymous group claims. 

There are other groups but this was intended to be a brief account.  
Stay safe.




Dominic Alvieri

Twitter @AlvieriD
at No comments:
Labels: , , , , , , , , , , , , , , , , , ,
Subscribe to: Posts (Atom)

Typosquatting with Mikhail

The Infrastructure Boss by Dominic Alvieri April 10th, 2024 @AlvieriD What does a former Boris Yeltsin era Defense Minister for the Russian ...