Deep and Dark Web Round Up
Highlights
Malware/Ransomware
BlackCat/ALPHV seized by Law Enforcement
After weeks of speculation that downtime on the leak site for Ransomware group Blackcat/ALPHV was due to law enforcement action, the site has officially been seized. The DOJ announced that the FBI had successfully breached the ALPHV ransomware operation’s servers to monitor their activities and decryption keys. The site had been suffering issues since Dec 7, which the group had attributed to technical issues despite reports of Law Enforcement action.
However, a new message soon appeared on the site, claiming that the site had been unseized and providing a new onion address for the leak site.
The message is translated as follows:
BEGINS
As you all know the FBI got the keys to our blog, now we'll tell you how it was.
First of all, as everything happened, having studied their documents, we understand that they received access to one of the DC, because all the other CCs were not touched, it turns out that they somehow hacked one of our hosters, maybe even he helped them.
The maximum they have these keys in the last month and a half, it's about 400 companies, but now they're more than 3,000 companies will never get their keys.
Because of their actions, we introduce new rules, or rather remove ALL rules, except one, you cannot touch the CIS, you can now block hospitals, nuclear power plants, anything and anywhere.
Reight is now 90% for all the adverts.
We do not issue any discounts to companies, payment strictly the amount that we indicated.
VIP adverts receive their private affiliate program, which we raise only for them, at a separate center, full, isolated from each other.
Thank you for your experience, we will take into account our mistakes and will work even tighter, waiting for your dive in chats and requests to make discounts that are no longer available.
ENDS
The site is currently showing as seized again.
German law enforcement announced the seizure of Kingdom market a dark web marketplace known to sell drugs, hacking tools and counterfeit documents. One of the administrators of the site was reported to have been arrested in the US. A seizure notification was posted on their onion site.
The site has operated since March 2021 and was one of the most well-known dark marketplaces. It was announced that investigations were ongoing to identify the people who operated the site aided by the seizure of their infrastructure.
Other marketplaces have taken this opportunity to invite sellers to their sites to continue their operations via Dread.
领英推荐
International Law Firm Reportedly Hit by LockBit Ransomware Attack: UPDATE
Update: The leak appeared on the site with 2 days until the data was due to be collected. However, on Monday the page was no longer active, and a 404-error appeared which may suggest that the ransom was paid, securing the data from public release.
One of the world’s largest law firms, CMS, reportedly has been hit by a LockBit ransomware attack that has resulted in a 500GB data theft.? In a post on the LockBit dark web blog, the hackers claimed to have acquired “all confidential information in the USA” and data related to “financial and corporate crimes of clients.”? The data theft reportedly also includes personal information on CMS employees and the company’s tax and financial reports.?CMS has a staff of 6,000 lawyers working at 81 offices around the world.
Threat Actor Activity
An Individual linked to the Lapsus$ group has been sentenced to an indefinite sentence in a secure hospital by a UK court.
Arion Kurtaj who is 18 years of age and autistic is among the primary Lapsus$ threat actors and was involved in the leak of assets associated with the video game, Grand Theft Auto VI.
According to the judge, Kurtaj continued to be a "high risk" to the public given his abilities and desire to commit cybercrime.
In the same trial spanning, another?17-year-old Lapsus$ member (unnamed due to legal reasons), has been deemed guilty at Southwark Crown Court, London.
The unnamed minor?collaborated with Kurtaj and other gang?members?to breach tech giants?NVIDIA?and telcos including?BT/EE, before attempting to extort them for a $4 million ransom that was not paid.
The dark web marketplace BidenCash has reportedly released 1.9million credit cards for free. This is the third time that they have made such a release although the validity of the cards is not confirmed.
BidenCash launched in early 2022 as a new marketplace on both the dark web and the clearnet, selling credit and debit cards that were stolen through phishing or skimmers on e-commerce sites.
Notable Leaks and Breaches
Suggested Further Reading
About DarkOwl
DarkOwl uses machine learning to collect automatically, continuously, and anonymously, index and rank darknet, deep web, and high-risk surface net data that allows for simplicity in searching.
Our platform collects and stores data in near real-time, allowing darknet sites that frequently change location and availability, be queried in a safe and secure manner without having to access the darknet itself.
DarkOwl is unique not only in the depth and breadth of its darknet data, but also in the relevance and searchability of its data, its investigation tools, and its passionate customer service. As importantly, DarkOwl data is ethically and safely collected from the darknet, allowing users secure and anonymous access to information and threats relevant to their mission. Our passion, our focus, and our expertise is the darknet.
For more information, visit www.darkowl.com.