Thank you to Hannah Montana Linux for letting us know our license key has expired.

We've added a new linux malware paper. Yes, they exist.

2024-01-30 - Implementing Remote Persistent Keylogger Executing in User-Space exploiting Utilities in GNU Linux Operating Systems

It is a lengthy paper noscript.

Check it out here: https://vx-underground.org/Papers/Linux/Persistence

Cyber security people on Facebook

In the past we've tried to prevent Lockbit ransomware group from attacking healthcare facilities and non-profit institutions. We have never had success.

The reason why derives from either ignorance on their end (intentional, or not, it's up to your interpretation), and ambiguity of their ruleset from affiliates.

Recently Lockbit ransomware group attacked a non-profit healthcare institute in Chicago. The facility is Saint Anthony Hospital. The facility clearly states they're a non-profit and religious institution. Attacking this facility is a blatant violation of the Lockbit ruleset which is defined by their administrative staff.

However, when we approached the Lockbit administration we received a reply with a link to the organizations financial disclosures. Lockbit ransomware group believes that a non-profit institution in the United States means employees are not paid and the organization quite literally has no money.

In other words, they will not ransom a company if they quite literally have no money.

If you attempt to educate and present information to Lockbit administrative staff on non-profit institution laws in the United States they will state the organization is corrupt and they will imply (directly or indirectly) it is a money laundering operation and the facility is dirty and deserves to be ransomed.

In summary: the rules are a facade

Additionally, it should be stated that this pseudo-ruleset applies to educational institutions as well. We are aware of several instances where affiliates ransomed public education facilities (K-12 schools).

When we bring up the fact these are state-funded educational facilities and have no money, they do not believe us or they assert that they do have money because the facility owns computers.

"If they money for computers, they have money to pay me"

We met a wonderful man on Telegram yesterday. He currently resides in a level 5 maximum security prison. He is serving 30 years in prison.

His associate smuggled a cell phone into prison, presumably through his anus, so they could do things on the internet.

Very cool 👍

Free Joey D! He didn't do anything wrong!

*Joey is serving 30 years in a maximum security prison for shooting, and nearly killing, 3 people during a drug deal gone bad

The United States Department of Justice has been arresting and/or indicting individuals involved in cyber criminals left-and-right.

They've indicted 8 individuals within the past 2 weeks.

Individuals arrested and/or indicted:
- "R" a/k/a "R$" a/k/a "ElSwapo1"
- "Em"
- "Carti" a/k/a/ "Punslayer"
- "Snoopy"
- "TheMFNPlug"
- "Joey"
- "Sosa" a/k/a "Elijah" a/k/a "King Bob"
- "The Real Jewt King"

NOTE: Reposted, phrasing improved

Accidentally ran two instances of Microsoft Teams at once

If you're interested in keeping up with ransomware attacks and/or ransomware victims, a group of researchers have ported the vx-underground ransomware news bot over to Telegram

tl;dr monitors ransomware group sites near-in-real-time for latest listings

https://news.1rj.ru/str/RansomwareNewsVX

Hackers looking for their next target

we are trying to sleep.

everytime we check twitter we see more arrests or high profile breaches

everyone just clam down for a second ok

ok ttyl

Today it was announced by authorities in Georgia that a murder suspect was accidentally released from Clayton County Jail following a 'cyber security incident' which resulted in 'widespread system outage'

tl;dr ransomware freed a suspected murderer

https://whee.net/2024/02/01/murder-suspect-mistakenly-released-from-jail-after-cybersecurity-incident/

Today CloudFlare reported that they had been compromised on Thanksgiving, 2023. They state that the Threat Actor got access via Okta, which was compromised in October, 2023

This is the 2nd time CloudFlare was compromised through Okta

No data was stolen

https://blog.cloudflare.com/thanksgiving-2023-security-incident

1. AnyDesk compromised. BleepinComputer confirmed with AnyDesk that source code and private code signing keys were stolen

2. Google search is removing cache links :(

3. Serial swatter Torswats arrested

4. CyberAv3ngers is tied to the Iranian government

10/10 email. Thank you to the author of this email. This is masterful satire.

If it is not satire, we are very sorry Mr. Williams (retired, not expired)

We've got 21,000+ malware samples in queue, 8 more harddrives to clone, 50+ malware development papers to add, 200+ malware reverse engineering papers to add, and a bunch of cat gifs

We've updated the VXUG malware families collection

- AkiraRansomware
- BottomLoader
- DLRAT
- GoTitan
- GraphicalProton
- GuLoader
- HazyLoader
- LitterDrifter
- NineRAT
- PlugX
- RedLine
- RhadamanthysLoader
- RhysidaRansomware
- RisePro
- VettaLoader

https://vx-underground.org/Samples/Families

Accidentally compressed 50,000+ malware samples with the password 'infecyed'.