We thought us posting bullshit online and memeing was like, whatever. Today we learned actual large cybersecurity vendors do indeed actually pay attention to us. Now we wonder how many of you are actually feds.

Hello,

We are aware that someone has created a BlueSky named "vx-undergroundre". The account notes it is not official — it is essentially a repost bot.

We don't know who this person is, but it's not uncommon for people to do community off-shoots of our work.

We are aware of projects such as "vx-playground" and "vxchat tmp(3)" which act as small community groups to discuss malware.

We're super happy we inspire people to do stuff. We have no problem with it.

> afk all saturday
> get home
> check emails and messages
> *scroll* *scroll*
> cat pics
> *scroll* *scroll*
> schizophrenic messages
> *scroll* *scroll*
> message from someone on fbi most wanted

Normal weekend

We've also had someone sending us the N-word every single day in protest of us not having a chatroom. They've sent us the N-word every single day since July.

Their persistence is impressive

The Internet Archive users are reporting to have received this e-mail just moments ago.

It appears that the person(s) who compromised The Internet Archive still maintain some form of persistent access and are trying to send a message.

Information and photo courtesy of zenullfur

We're sending somewhere between 10 to 20 files per second to VirusTotal — a little over 2,000,000 API requests per day.

why can't i hold all these malicious windows binaries

We were told that our memes are "cringe" and read like they're written by a middle-aged man. Those criticisms are accurate — they are indeed cringe and the average age of vx-underground staff members is like, 35. We're not cool and young, we're old and achy

Good morning, evening, or night.

We've made a large update to vx-underground. The initial update posted resulted in two posts — sorry.

Attached is a list of all additions.

Have a nice day,

do u love us?

1 love = 1 malware

We have a profound respect for the video game cheat makers and video game reverse engineers.

The video game cheat producers and video game reverse engineers are very much disenfranchised by the information security community.

There is an innate bias and condescending tone directed toward them because of the dislike of video game cheaters and the false belief that this skillset (video game reverse engineering) is not an applicable skillset in real-world scenarios. This cannot be further from the truth.

Individuals capable of reverse engineering video games and developing cheats for them are lethal. These people can easily transfer and apply this skillset to targeted application exploitation or weaponization.

We've had the privilege of conversing with some truly special and gifted young people. Unfortunately, we are not privy with this community in totality, but we wanted to take this moment to express our gratitude to people such as daaximus, JustasMasiulis, and namazso.

We have witnessed these individuals make considerable contributions to recent trendy research topics and, in our opinion, have been given insufficient credit for their work. Very few people seem to realize these people have been core contributors to recently re-discovered (or newly announced?) process injection techniques. Additionally, Namazso is in essence the primary person who produced code and information on the recent trend of stack spoofing.

Much love and respect to these people. We see you. We hope others do too. 🫡

Thank you to the person who made this. It is very cute. It is appreciated.

Also, thank you to the people for sending us photos of their critters. We have seen your messages. We appreciate you and your animals thinking of us.

- ahhahahhhaha
- 0xAm03113
- SariBezliGurme
- Z3r0n37
- jamiedukee
- _Catal1n
- enigmatikk_
- DevourYourNan
- BigDeuce814
- Chromium_uwu
- w2ppx
- _sem_e
- NSAShips
- ballsplate
- aylacroft
- rtaqqqq
- ArkovFR
- brend000000
- Biggiefat39
- 0xDEC0DED
- thy_cs6
- VesiRott_

Xitter Grok AI summary of vx-underground.

Everything listed in this was mentioned in some capacity over the years of our existence. Someone, somewhere, is training off our stuff.

wHy DoNt u Do UpDatEs DaiLy

Because we're constantly ingesting malware and papers. We prefer to do a weekly, or bi-weekly, or whatever, large update. It's easier.

In the meanwhile we'll just talk about criminal stuff and post dumb pictures.

Thank you for your support.

Someone found more vx-underground graffiti in Bletchley, England.

You nerds are gonna make law enforcement think we're a cult or a gang 😭😭😭

Today the United States Securities and Exchange Commission charged four companies for intentionally misleading investors about the severity of the SolarWinds breach.

In or around September 2019, APT29 a/k/a Cozy Bear a/k/a Turla Group compromised United States-based network monitoring company SolarWinds. The compromise resulted in one of the largest Supply-Chain attacks in history when the state-sponsored group began slipstreaming malicious payloads into the SolarWinds Orion toolset updates.

The United States Securities and Exchange Commission has issued the following fines:

- Unisys, an information technology service and consulting company : $4,000,000 fine

- Avaya, a company with provides cloud services and workplace collaboration services: $1,000,000 fine

- Check Point Software, a provider for hardware and software cyber security solutions: $995,000 fine

- Mimecast, a cloud-based email management company: $990,000 fine