Tag: Leaked | Page 3

Ministry of Defence hit by Russia-linked hackers as security secrets are leaked in data posted online

September 3, 2023/in Internet Security

THE Ministry of Defence has been hit by hackers with links to Russia, as security secrets have been leaked and the data posted online.

Hackers have released thousands of pages of information with could be used by criminals to access the HMNB Clyde nuclear submarine base, the Porton Down chemical weapons lab and a GCHQ listening post.

The Royal Navy’s Trident-class nuclear submarine VanguardCredit: s

Information concerning high-security prisons and a military site key to our cyber defences was also stolen in the raid by group LockBit.

Hackers are said to have targeted the databases of Zaun, a firm which makes the fences for maximum security sites.

The information was published on the internet’s dark web, which can be accessed with specialist software.

It’s thought the information was stolen last month during an attack on the firm based in the West Midlands, according to a report by the Mirror.

I'm a cyber crime expert, how to avoid latest scams like sneaky WhatsApp trick

I’m a cyber expert and there’s 2 websites you must never search for

LockBit is regarded as the world’s most dangerous hacking gang with its keys suspects listed on the FBI’s Most Wanted list.

It’s thought they are responsible for 1,400 attacks on global targets.

The group is also allegedly behind a £66million blackmail attempt on the Royal Mail – with the postal service refusing to cave in to their demands.

A number of Russian nationals have been accused of cyber attacks and held in both the United States and Canada.

LockBit is said to have financial connections to Russian gangsters.

One document which was leaked relates to specific equipment bought to protect Porton Down in Wiltshire.

Zaun describes its work there as “very secretive”.

Another leaked document posted on the dark web is a sales order detailing goods purchased for HMNB Clyde – also known as Faslane – which is home to Trident nuclear subs.

Other documents include a sales order report for equipment at GCHQ’s communications complex in Bude, Cornwall, as well as security equipment at RAF Waddington in Lincolnshire, where the Reaper attack drones squadron is based, and Cawdor Barracks, the base of the 14th Signal Regiment, which deals in electronic warfare.

Detailed drawings for perimeter fencing at Cawdor, in Pembrokeshire, were attached to company emails.

Paperwork…

Source…

Hacking forum hacked, user database leaked online • Graham Cluley

June 9, 2023/in Computer Security

Hacking forum hacked, user database leaked online

RaidForums, the notorious hacking and data leak forum seized and shut down by the authorities back in April 2022, is – perhaps surprisingly – at the centre of another cybersecurity breach.

Because it seems the hacking site has been… err… hacked.

As Bleeping Computer explains, upon the demise of RaidForums many of its users jumped ship to a new hacking forum called BreachForums to trade their stolen data.

Sign up to our free newsletter.
Security news, advice, and tips.

However, in March this year the US Department of Justice announced that it had forced BreachForums offline, and arrested its alleged founder 20-year-old Conor Brian Fitzpatrick, aka “pompompurin.”

Once again, those who like to frequent criminal hacking forums realised that they had to find a new home. Some members of the site, no doubt, would have feared that the authorities might have been able to spy upon their communications and gather evidence of their various wrongdoings.

So, did they give up a life of cybercrime? Far from it! Many of them joined a new hacking forum called ExposeForums.

And it is this site which appears to have now leaked the user database of RaidForums – potentially providing law enforcement, security researchers, and – yes – other cybercriminals with a large amount of potentially sensitive information.

Raidforums leak

According to Bleeping Computer, the data includes details of 478,870 RaidForums members, “including their usernames, email addresses, hashed passwords, registration dates, and a variety of other information related to the forum software.”

Chances are that this information (and possibly more) has been in the hands of law enforcement investigators since RaidForums’ website was seized in April 2022, but there is no doubt that it would also be of interest to others.

It must be pretty nerve-wracking being a mamber of a hacking forum like RaidForums, BreachForums, ExposeForums… never quite knowing when your preferred cybercrime hangout is going to be seized by the cops, and what information they might be able to find out about you.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley…

Source…

Raidforums member data leaked on new ‘Exposed’ hacking forum

May 31, 2023/in Computer Security

A recently launched hacking site has published the member database of RaidForums, a notorious hacking forum taken offline in 2022.

Founded in 2015, RaidForums operated on the regular internet and was a popular hacking and data leak forum. Although it offered various illegal services, it was best known for trading stolen credentials.

The site was taken down in 2022 following an international law enforcement investigation and its founder, Diogo Santos Coelho of Portugal, was arrested. RaidForums was quickly replaced by a nearly identical site called BreachForums, but that site was taken down after its founder Conor Brian Fitzpatrick was arrested in March.

It’s often said that law enforcement operations targeting illicit sites are like a game of “Whac-A-Mole”: Every time one site is taken down, another appears. The story of RaidForums and its successors are the same. The new player in town, complete with the same design and similar illegal services, goes by the name “Exposed,” and it’s on this forum that the RaidForums data has been leaked.

A user on Exposed, going by the name of “Impotent” and claiming to be both the owner and administrator of the site (pictured), has leaked 374.7 megabytes of RaidForums data. Bleeping Computer reported today that the data consists of a single SQL file that contains the registration information of 478,870 RaidForums members, including their usernames, email addresses, hashed passwords, registration dates and a variety of other information.

How the data was obtained was not shared. Impotent told Bleeping Computer that it knows where the data came from but has promised not to disclose any details about the source. Impotent added that the member database table contains 99% of the original lines, with some removed to “cause no drama.”

“There’s no telling how this data was gathered, whether it was a new breach or just reusing data from another older breach, but it continues a well-worn pattern of malicious websites leaking customer data,” Roger Grimes, data-driven defense evangelist at security awareness training company KnowBe4 Inc., told SiliconANGLE. “It turns out that most malicious websites are no better…

Source…

Leaked LockBit, Babuk code leveraged by Buhti ransomware operation

May 26, 2023/in Internet Security

BleepingComputer reports that Windows and Linux systems are being targeted by Blacktail’s Buhti ransomware operation using leaked LockBit and Babuk ransomware source code.

Attacks by Blacktail on Windows systems involve the use of the Windows LockBit 3.0 builder that would prompt file encryption with the “.buthi” extension, while a Babuk source code-based payload has been leveraged in intrusions against Linux systems, according to a report from Symantec’s Threat Hunter team.

Despite reusing leaked ransomware source code, Blacktail’s Buhti operation has been leveraging its own Go-based exfiltration tool and network infiltration technique on top of exploiting the PaperCut NG and MF remote code execution vulnerability, tracked as CVE-2023-27350, and the IBM Aspera Faspex flaw, tracked as CVE-2022-47986, said researchers.

Organizations in the U.S., China, Belgium, India, Estonia, Switzerland, Spain, Germany, Ethiopia, and the U.K. have already been impacted by Buhti ransomware attacks, indicating the significant threat of the Blacktail operation, noted Kaspersky researcher Marc Rivero.

Source…

Tag Archive for: Leaked