Tag Archive for: Leak

New BlackCat ransomware analysis published as leak site goes dark

/in


Amid news that the ALPHV/BlackCat ransomware gang is shutting down operations in a likely exit scam, researchers published a new technical breakdown of the ransomware’s binary.

The Trustwave SpiderLabs report published Wednesday dives into remote access and stealth tactics used in deployment of BlackCat ransomware since the group’s resurgence, after its initial disruption by the FBI in December.

ALPHV/BlackCat’s leak site went down for a second time on Friday and is now replaced with an FBI takedown notice that security experts say is likely fake.

Inspecting the site shows the takedown banner is extracted from an archive, and Europol and the National Crime Agency (NCA) deny being involved in the takedown despite their logos appearing on the page, BleepingComputer reports.  

The cybergang’s operators claim they plan to cease operations and sell the BlackCat ransomware source code for $5 million due to law enforcement interference — but this move comes after allegations it stole a $22 million ransom from one of its own affiliates after claiming responsibility for the attack against Change Healthcare. This has led the gang’s actions to be labeled by many as an “exit scam.”

“Based on our experience, we believe that BlackCat’s claim of shutting down due to law enforcement pressure is a hoax. We anticipate their return under a new guise or brand after the hiatus,” Reegun Jayapaul, principal threat hunter at Trustwave, told SC Media in an email. “This tactic serves as a means for them to execute one final significant scam before resurfacing with less scrutiny.”

Whether ALPHV/BlackCat returns under a different name — or the ransomware-as-a-service (RaaS) strain is sold and brought under new management — organizations should stay alert for BlackCat’s ransomware tactics despite the bizarre shakeup.

“Regardless if BlackCat sells their source code or not, threat actors are always honing and evolving their craft,” Shawn Kanady, global director of the Trustwave SpiderLabs Threat Hunt Team, told SC Media.

New stealth features discovered in BlackCat ransomware ‘Version 3’

The BlackCat variant studied by Trustwave researchers is more elusive than previous versions…

Source…

Hackers for sale: what we’ve learned from China’s enormous cyber leak | Technology

/in


A enormous data leak from a Chinese cybersecurity firm has offered a rare glimpse into the inner workings of Beijing-linked hackers.

Analysts say the leak is a treasure trove of intel into the day-to-day operations of China’s hacking programme, which the FBI says is the biggest of any country. The company, I-Soon, has yet to confirm the leak is genuine and has not responded to a request for comment. As of Friday, the leaked data was removed from the online software repository GitHub, where it had been posted.

From staff complaints about pay and office gossip to claims of hacking foreign governments, here are some of the key insights from the leaks:

Who got hacked?

Every day, workers at I-Soon were targeting big fish.

Government agencies of China’s neighbours, including Kyrgyzstan, Thailand, Cambodia, Mongolia and Vietnam, had websites or email servers compromised, the leak revealed. There are long lists of targets, from British government departments to Thai ministries. I-Soon staff also boasted in leaked chats that they secured access to telecom service providers in Pakistan, Kazakhstan, Mongolia, Thailand and Malaysia, among others. They named the government of India – a geopolitical rival of Beijing’s – as a key target for “infiltration”. And they claimed to have secured back-end access to higher education institutions in Hong Kong and self-ruled Taiwan, which China claims as part of its territory. But they also admitted to having lost access to some of their data seized from government agencies in Myanmar and South Korea.

Other targets are domestic, from China’s north-western region of Xinjiang to Tibet and from illegal pornography to gambling rings.

Who was paying I-Soon?

Judging from the leaks, most of I-Soon’s customers were provincial or local police departments – as well as province-level state security agencies responsible for protecting the Communist party from perceived threats to its rule. The firm also offered clients help protecting their devices from hacking and securing their communications – with many of their contracts listed as “non-secret”.

There were references to official corruption: in one chat, salesmen discussed selling the company’s…

Source…

A Mysterious Leak Exposed Chinese Hacking Secrets

/in


While the documents have now been removed from GitHub, where they were first posted, the identity and motivations of the person, or people, who leaked them remains a mystery. However, Chang says the documents appear to be real, a fact confirmed by two employees working for i-Soon, according to the Associated Press, which reported that the company and police in China are investigating the leak.

“There are around eight categories of the leaked files. We can see how i-Soon engaged with China’s national security authorities, the details of i-Soon’s products and financial problems,” Chang says. “More importantly, we spotted documents detailing how i-Soon supported the development of the notorious remote access Trojan (RAT), ShadowPad,” Chang adds. The ShadowPad malware has been used by Chinese hacking groups since at least 2017.

Since the files were first published, security researchers have been poring over their contents and analyzing the documentation. Included were references to software to run disinformation campaigns on X, details of efforts to access communications data across Asia, and targets within governments in the United Kingdom, India, and elsewhere, according to reports by the New York Times and the The Washington Post. The documents also reveal how i-Soon worked for China’s Ministry of State Security and the People’s Liberation Army.

According to researchers at SentinelOne, the files also include pictures of “custom hardware snooping devices,” such as a power bank that could help steal data and the company’s marketing materials. “In a bid to get work in Xinjiang–where China subjects millions of Ugyhurs to what the UN Human Rights Council has called genocide–the company bragged about past counterterrorism work,” the researchers write. “The company listed other terrorism-related targets the company had hacked previously as evidence of their ability to perform these tasks, including targeting counterterrorism centers in Pakistan and Afghanistan.”

The Federal Trade Commission has fined antivirus firm Avast $16.5 for collecting and selling people’s web browsing data through its browser extensions and security software. This included the details…

Source…

Hackers for sale: What we’ve learnt from China’s massive cyber leak

/in


BEIJING – A massive data leak from Chinese cyber-security firm I-Soon has offered a rare glimpse into the inner workings of Beijing-linked hackers.

I-Soon has yet to confirm the leak is genuine and has not responded to a request for comment from AFP.

As at Feb 23, the leaked data was removed from the online software repository GitHub, where it had been posted.

Analysts say the leak is a treasure trove of intelligence into the day-to-day operations of China’s hacking programme, which the United States’ Federal Bureau of Investigation says is the biggest of any country.

From staff complaints about pay and office gossip to claims of hacking foreign governments, here are some of the key insights from the leaks:

Who got hacked?

Every day, workers at I-Soon were targeting big fish.

Government agencies from China’s neighbours, including Kyrgyzstan, Thailand, Cambodia, Mongolia and Vietnam, had websites or e-mail servers compromised, the leak revealed.

There are long lists of targets, from British government departments to Thai ministries.

I-Soon staff also boasted in leaked chats that they secured access to telecom service providers in Pakistan, Kazakhstan, Mongolia, Thailand and Malaysia, among others.

They named the government of India – a geopolitical rival of Beijing’s – as a key target for “infiltration”.

And they claimed to have secured back-end access to higher education institutions in Hong Kong and self-ruled Taiwan, which China claims as part of its territory.

But they also admitted to having lost access to some of their data seized from government agencies in Myanmar and South Korea.

Other targets are domestic, from China’s north-western region of Xinjiang to Tibet and from illegal pornography to gambling rings.

Who was paying them?

Judging from the leaks, most of I-Soon’s customers were provincial or local police departments – as well as province-level state security agencies responsible for protecting the Communist Party from perceived threats to its rule.

The firm also offered clients help protecting their devices from hacking and securing their communications – with many of their contracts listed as…

Source…