Tag Archive for: hacktivists

‘Hacktivists’ join the front lines in Israel-Hamas war

/in


WASHINGTON and JERUSALEM — When Hamas sprung its deadly assault on Israel in early October, its militants came from land, air and sea.

The Palestinian group launched rockets at populous areas, deployed drones to destroy observation posts, used motorized gliders to float fighters over fortified borders and dispatched speedboats into defended waters. The effects were instantly tangible, with many Israelis killed, abducted or displaced. Infrastructure, including hardened military installations, was damaged.

Less apparent were the virtual campaigns waged before, during and after the opening salvos, though not necessarily by Hamas itself. Hackers supporting its cause hijacked billboards and flooded phones with threatening texts. Grisly videos quickly circulated online, and social media platforms such as X, formerly Twitter, were saturated with front-line footage, some of it fake.

The online efforts serve many purposes, experts told C4ISRNET, including influencing public opinion, softening resistance and hampering the emergency response.

RELATED
U.S. Army Sgt. James Hyman collects information from two sensors — on an unmanned aerial system and a robotic dog — in order to conduct cyber operations during an operational readiness assessment in March 2023.

Cyberattacks “are increasing daily, with hundreds of attacks we’ve monitored so far,” said Gil Messing, the chief of staff at Check Point Software Technologies, a cybersecurity company with roots in Tel Aviv. “Our data shows an 18% increase in attacks on Israeli targets since the beginning of the war, and we expect it to continue.”

Hack-tivity

Outside groups with vested interests in the Israel-Hamas fight are dominating the cyber battlefield.

Operations include defacing popular websites and flooding networks with artificial traffic, rendering them unable to function. This tactic is known as a distributed denial-of-service, or DDoS, attack. Similar moves were seen in the opening days of the Russia-Ukraine war.

“Cyberattacks happened all along, before the [Hamas attack] and after,” said Messing, whose team monitors dozens of third-party groups around the world.

“Hacktivists play a critical role here and actually carry out the vast majority of attacks,” Messing added, using a term for hackers motivated by political or social movements.

Cloudflare, an American company that provides cybersecurity and network services, said media sites were…

Source…

Trigona ransomware claimed to be dismantled by Ukrainian hacktivists

/in


BleepingComputer reports that the Trigona ransomware gang had its operations taken down after its servers were compromised and wiped in an attack claimed by the Ukrainian Cyber Alliance hacktivist group.

Exploitation of a critical Confluence Data Center and Server vulnerability, tracked as CVE-2023-22515, enabled UCA hacktivists to infiltrate Trigona’s ransomware infrastructure last week without being detected by the ransomware group. Despite moving to protect its publicly exposed infrastructure following the exposure of its internal support documents by a UCA hacker by the name of “herm1t,” Trigona had hundreds of gigabytes of data from its admin and victim panels, internal systems, blog, and data leak site, as well as its source code, cryptocurrency hot wallets, developer environment, and database records stolen and later deleted by the hacktivists.

Prior to being dismantled, Trigona ransomware compromised Microsoft SQL servers and targeted 15 or more companies across various sectors, including manufacturing and finance.

Source…

Ukrainian Hacktivists Claim Trigona Ransomware Takedown

/in


Fraud Management & Cybercrime
,
Ransomware

Data From Trigona’s Servers Exfiltrated and Wiped Out, Reads a Note on Leak Site

Mihir Bagwe (MihirBagwe) •
October 18, 2023    

Ukrainian Hacktivists Claim Trigona Ransomware Takedown
A screenshot of the Trigona ransomware leak site taken on Oct. 18, 2023

Pro-Ukrainian hackers claimed responsibility for wiping the servers of the Trigona ransomware gang, a recently formed group that may have links to the Russian cybercriminal underground.

See Also: Challenges and Solutions in MSSP-Driven Governance, Risk, and Compliance for Growing Organizations


The Ukrainian Cyber Alliance, a hacktivist collective, on Wednesday tweeted a screenshot of the gang’s apparently defaced dark web leak site now displaying a message that “Trigona is gone. The servers of the Trigona ransomware gang has been exfiltrated and wiped out. Welcome to the world you created for others. Hacked by Ukrainian Cyber Alliance.” Trigona dark web sites appeared to be offline as of Wednesday afternoon.


The same message appeared on the hacktivist group’s Telegram channel. The group claims to be a community of cyber activists from various cities in Ukraine. Inform Napalm said the Ukrainian Cyber Alliance formed in 2016 through a merger of separate hacktivist groups.


A hacktivist that goes by the moniker @vx_herm1t on X, formerly known as Twitter, who asserts he is a member of this Ukrainian Cyber Alliance posted in a tweet thread what he said was the Trigona administrator panel access URL and the key for logging in. A self-proclaimed spokesperson for the Ukrainian Cyber Alliance on Facebook going by the name “Sean Brian Townsend” posted a similar message while making light of Russian ransomware hackers’ abilities. “Ransomware is the scavenger of the computer world. They are weak. ‘Terrible Russian hackers,’…

Source…

Malaysia-linked hacktivists make ongoing attacks on India • The Register

/in


A Malaysia-linked hacktivist group has attacked targets in India, seemingly in reprisal for a representative of the ruling Bharatiya Janata Party (BJP) making remarks felt to be insulting to the prophet Muhammad.

The BJP has ties to the Hindu Nationalist movement that promotes the idea India should be an exclusively Hindu nation. During a late May debate about the status of a mosque in the Indian city of Varanasi – a holy city and pilgrimage site – BJP rep Nupur Sharma made inflammatory remarks about Islam that sparked controversy and violence in India.

The threat groups have successfully filled the void left by Anonymous.

According to Indian threat intelligence vendor CloudSEK and US-based security and application delivery vendor Radware, Sharma’s remarks caught the attention of a Malaysia-linked group called DragonForce that has launched attacks against Indian targets and sought assistance from others to do likewise under the banner “#OpsPatuk”.

Radware’s take [PDF] on DragonForce is it’s “a known pro-Palestinian hacktivist group located in Malaysia and has been observed working with several threat groups in the past, including the T3 Dimension Team and ReliksCrew.”

“DragonForce Malaysia is not considered an advanced or a persistent threat group, nor are they currently considered to be sophisticated,” Radware’s analysts wrote. “But where they lack sophistication, they make up for it with their organizational skills and ability to quickly disseminate information to other members.”

Those skills extend to Twitter, where DragonForce is assumed to be the entity behind the following missive that calls for others to join its attacks on India and lists targets in sectors including logistics, education, web hosting, and software:

CloudSEK concurs with Radware’s analysis that DragonForce relies on widely available DDoS tools and suggests

Source…