vx-underground
Photo
We were going to edit the meme. Instead of "next gen gaming console" we were going to put something Cybersecurity related. Then we collectively said "Fuck it, I don't give a shit".
(We're v v eepy)
(We're v v eepy)
🤣58❤8❤🔥5🤝3👍1🔥1😢1
It's going to be an interesting couple of days.
Amazon was compromised in May, 2023 via a MoveIT 0day exploit. Based on information we've received, we can confirm the Amazon data is 100% legitimate.
More information: https://www.infostealers.com/article/massive-moveit-vulnerability-breach-hacker-leaks-employee-data-from-amazon-mcdonalds-hsbc-hp-and-potentially-1000-other-companies/
Amazon was compromised in May, 2023 via a MoveIT 0day exploit. Based on information we've received, we can confirm the Amazon data is 100% legitimate.
More information: https://www.infostealers.com/article/massive-moveit-vulnerability-breach-hacker-leaks-employee-data-from-amazon-mcdonalds-hsbc-hp-and-potentially-1000-other-companies/
InfoStealers
Massive MOVEit Vulnerability Breach: Hacker Leaks Employee Data from Amazon, McDonald's, HSBC, HP, and Potentially 1000+ Other…
Discover the significant vulnerability breach that exposed extensive employee data from major organizations worldwide.
👍42🔥15🤓6❤3🎉2🤣1
vx-underground
It's going to be an interesting couple of days. Amazon was compromised in May, 2023 via a MoveIT 0day exploit. Based on information we've received, we can confirm the Amazon data is 100% legitimate. More information: https://www.infostealers.com/article/massive…
Unrelated to employee data being exfiltrated, at one point in time one of the Amazon locations had a water bill exceeding $65,000 (annually).
tl;dr water bill is $5,400/month?
tl;dr water bill is $5,400/month?
❤31🤯21👍3
Massive poop storm coming.
We can confirm the HSBC data (The Hongkong and Shanghai Banking Corporation) UK division was compromised via MoveIT 0day and the exfiltrated data is 100% legitimate.
No customers impacted — only internal company information
https://www.infostealers.com/article/massive-moveit-vulnerability-breach-hacker-leaks-employee-data-from-amazon-mcdonalds-hsbc-hp-and-potentially-1000-other-companies/
We can confirm the HSBC data (The Hongkong and Shanghai Banking Corporation) UK division was compromised via MoveIT 0day and the exfiltrated data is 100% legitimate.
No customers impacted — only internal company information
https://www.infostealers.com/article/massive-moveit-vulnerability-breach-hacker-leaks-employee-data-from-amazon-mcdonalds-hsbc-hp-and-potentially-1000-other-companies/
InfoStealers
Massive MOVEit Vulnerability Breach: Hacker Leaks Employee Data from Amazon, McDonald's, HSBC, HP, and Potentially 1000+ Other…
Discover the significant vulnerability breach that exposed extensive employee data from major organizations worldwide.
❤35🔥9👍5🎉3🤯2
Today HudsonRock reported a Threat Actor operating under the moniker "Nam3L3ss" claimed to have compromised several large organizations via a MoveIT 0day exploit. Nam3L3ss is currently auctioning and/or distributing the data on the infamous Breached forum.
List of allegedly compromised organizations:
- Amazon
- MetLife
- Cardinal Health
- HSBC
- Fidelity
- U.S. Bank
- HP
- Canada Post
- Delta Airlines
- Applied Materials (AMAT)
- Leidos
- Charles Schwab
- 3M
- Lenovo
- Bristol Myers Squibb
- Omnicom Group
- TIAA
- Union Bank of Switzerland (UBS)
- Westinghouse
- Urban Outfitters (URBN)
- Rush University
- British Telecom (BT)
- Firmenich
- City National Bank (CNB)
- McDonald’s
Organizations we've confirmed to have been compromised:
- Amazon
- HSBC
Based on the data reviewed, the compromise for both these organizations took place around May 31st, 2023. None of the data (as we've seen thus far) contains customer information. The data for the organizations impacted appears to be HR and/or accountant related. We do not believe any of this information leaked to be 'mission critical', but because it exposes company internals (employees, floor plans, costs), this still poses a threat to organizations.
tl;dr we don't think Nam3L3ss is playing around. We think this is the real deal.
We are not sure how this person got their hands on the MoveIT 0day exploit, this was used frequently by cl0p ransomware group in the past. It was also briefly used by Lockbit ransomware group.
¯\_(ツ)_/¯
List of allegedly compromised organizations:
- Amazon
- MetLife
- Cardinal Health
- HSBC
- Fidelity
- U.S. Bank
- HP
- Canada Post
- Delta Airlines
- Applied Materials (AMAT)
- Leidos
- Charles Schwab
- 3M
- Lenovo
- Bristol Myers Squibb
- Omnicom Group
- TIAA
- Union Bank of Switzerland (UBS)
- Westinghouse
- Urban Outfitters (URBN)
- Rush University
- British Telecom (BT)
- Firmenich
- City National Bank (CNB)
- McDonald’s
Organizations we've confirmed to have been compromised:
- Amazon
- HSBC
Based on the data reviewed, the compromise for both these organizations took place around May 31st, 2023. None of the data (as we've seen thus far) contains customer information. The data for the organizations impacted appears to be HR and/or accountant related. We do not believe any of this information leaked to be 'mission critical', but because it exposes company internals (employees, floor plans, costs), this still poses a threat to organizations.
tl;dr we don't think Nam3L3ss is playing around. We think this is the real deal.
We are not sure how this person got their hands on the MoveIT 0day exploit, this was used frequently by cl0p ransomware group in the past. It was also briefly used by Lockbit ransomware group.
¯\_(ツ)_/¯
🔥67🫡8👍6❤4🤣4🤓4😢3😎2🥰1
404mediaco spoke with Amazon today. Amazon has confirmed the legitimacy of the data breach.
We now understand why their CEO has made workers return back to the office — if you saw how much Amazon pays in office rent a year, your head would explode.
https://www.404media.co/amazon-confirms-breach-of-employee-data/
We now understand why their CEO has made workers return back to the office — if you saw how much Amazon pays in office rent a year, your head would explode.
https://www.404media.co/amazon-confirms-breach-of-employee-data/
404 Media
Amazon Confirms Breach of Employee Data
The breach includes the employees’ name, work contact information, and what location they work at.
🤣66❤6👍4💯4🤯2
Media is too big
VIEW IN TELEGRAM
A woman's rant is going semi-viral in political circles on Twitter and Facebook. Some are citing her rant as evidence of potential electoral interference during the 2024 Presidential election.
The woman's opening remarks claim she possesses a CCIE (Cisco Certified Internetwork Expert) — a very prestigious certification which is often possessed by truly dedicated people.
Currently there are only 45,000 active CCIE holders worldwide. Only 3% of Cisco cert holders attempt it ... and only 26% pass — it has a 74% failure rate.
Now it should be stated that no one in our group possesses a CCIE. We do not claim to be network experts, we're just malware nerds. However, despite our lackluster understanding of networking (beyond the computer science basics of the OSI model), we can confidently say this woman does not possess a CCIE and we believe she is lying.
Additionally, we would like to note we did indeed watch this entire video. Despite this woman's jargon and clear ... plainly wrong information... we decided to give her a chance to speak her mind and opinion.
We do not recommend watching the entire 8 minute video. You will have no benefit from it. At roughly 4 minutes you will see, very clearly, this is not a technical person.
The woman's opening remarks claim she possesses a CCIE (Cisco Certified Internetwork Expert) — a very prestigious certification which is often possessed by truly dedicated people.
Currently there are only 45,000 active CCIE holders worldwide. Only 3% of Cisco cert holders attempt it ... and only 26% pass — it has a 74% failure rate.
Now it should be stated that no one in our group possesses a CCIE. We do not claim to be network experts, we're just malware nerds. However, despite our lackluster understanding of networking (beyond the computer science basics of the OSI model), we can confidently say this woman does not possess a CCIE and we believe she is lying.
Additionally, we would like to note we did indeed watch this entire video. Despite this woman's jargon and clear ... plainly wrong information... we decided to give her a chance to speak her mind and opinion.
We do not recommend watching the entire 8 minute video. You will have no benefit from it. At roughly 4 minutes you will see, very clearly, this is not a technical person.
🤣228🫡24🤓10👍9🤯7😢3❤2🔥2🤔2❤🔥1😎1
We just became a yearly subscriber to 404 Media
This small group of people have some how been covering news related to government drama (non-political), privacy news, cybercrime news, malware news, internet oopsie news.
The underdogs are killin' it.
tl;dr support small biz
This small group of people have some how been covering news related to government drama (non-political), privacy news, cybercrime news, malware news, internet oopsie news.
The underdogs are killin' it.
tl;dr support small biz
🔥117❤21🤣5👍4👏3😢3
vx-underground
We just became a yearly subscriber to 404 Media This small group of people have some how been covering news related to government drama (non-political), privacy news, cybercrime news, malware news, internet oopsie news. The underdogs are killin' it. tl;dr…
We also don't typically pay for news either. But they're ad-free and doing really good work.
They didn't ask us to post this either — but we have to give them praise for their coverage of information stealers, confirmation on Amazon breach-thingy, Snowflake, etc.
They didn't ask us to post this either — but we have to give them praise for their coverage of information stealers, confirmation on Amazon breach-thingy, Snowflake, etc.
❤81🔥8👏4👍3🫡3😢2
More details have emerged regarding the person alleged to be responsible for the Snowflake breach.
Connor Riley Moucka a/k/a Alexander Antonin Moucka a/k/a judische a/k/a catist a/k/a waifu a/k/a ellyel8 is facing the following charges:
1 count of Conspiracy 18 U.S.C. § 371 - conspiracy to commit an offense or to defraud the United States.
Maximum punishment is 5 years in federal prison.
5 counts of Computer Fraud and Abuse 18 U.S.C. § 1030(a)(2)(C) & 18 U.S.C. § 1030(c)(2)(B)(i)-(iii) - Intentionally access a computer without authorization or exceed authorized access with additional relations of:
i) The offense was committed for purposes of commercial advantage or private financial gain.
ii) Committed in furtherance of any criminal or tortious act, in violation of the Constitution or laws of the United States or any state.
iii) The value of the information obtained exceeds $5,000.
Maximum punish is 5 years in prison, 10 years in prison for repeat offenders.
2 counts of Extortion in Relation to Computer Fraud 18 U.S.C. § 1030(a)(7)(B) & 18 U.S.C. § 1030(c)(3)(A) - the Computer Fraud and Abuse Act (CFAA) that address extortion involving computers.
Maximum punish is 5 years in prison.
10 counts of Wire Fraud 18 U.S.C. § 1343 & 18 U.S.C. § 2 - Deceive or defraud someone to obtain money or property by means of false or fraudulent pretenses, representations, or promises and aiding and abetting.
Maximum punishment is 20 years in prison.
2 counts of Aggravated Identity Theft 18 U.S.C. § 1028A(a)(1) & 18 U.S.C. § 2 - Knowingly use, transfer, or possess another person’s means of identification without lawful authority during and in relation to certain felony offenses and aiding and abetting.
Maximum punishment is 2 years in prison, repeat offenders face 5 years in prison.
Connor Riley Moucka, if found guilty, is facing a maximum sentence of 275 years in prison.
Connor Riley Moucka a/k/a Alexander Antonin Moucka a/k/a judische a/k/a catist a/k/a waifu a/k/a ellyel8 is facing the following charges:
1 count of Conspiracy 18 U.S.C. § 371 - conspiracy to commit an offense or to defraud the United States.
Maximum punishment is 5 years in federal prison.
5 counts of Computer Fraud and Abuse 18 U.S.C. § 1030(a)(2)(C) & 18 U.S.C. § 1030(c)(2)(B)(i)-(iii) - Intentionally access a computer without authorization or exceed authorized access with additional relations of:
i) The offense was committed for purposes of commercial advantage or private financial gain.
ii) Committed in furtherance of any criminal or tortious act, in violation of the Constitution or laws of the United States or any state.
iii) The value of the information obtained exceeds $5,000.
Maximum punish is 5 years in prison, 10 years in prison for repeat offenders.
2 counts of Extortion in Relation to Computer Fraud 18 U.S.C. § 1030(a)(7)(B) & 18 U.S.C. § 1030(c)(3)(A) - the Computer Fraud and Abuse Act (CFAA) that address extortion involving computers.
Maximum punish is 5 years in prison.
10 counts of Wire Fraud 18 U.S.C. § 1343 & 18 U.S.C. § 2 - Deceive or defraud someone to obtain money or property by means of false or fraudulent pretenses, representations, or promises and aiding and abetting.
Maximum punishment is 20 years in prison.
2 counts of Aggravated Identity Theft 18 U.S.C. § 1028A(a)(1) & 18 U.S.C. § 2 - Knowingly use, transfer, or possess another person’s means of identification without lawful authority during and in relation to certain felony offenses and aiding and abetting.
Maximum punishment is 2 years in prison, repeat offenders face 5 years in prison.
Connor Riley Moucka, if found guilty, is facing a maximum sentence of 275 years in prison.
🤣43😢16🫡9❤4🤯4👍3👏2
vx-underground
More details have emerged regarding the person alleged to be responsible for the Snowflake breach. Connor Riley Moucka a/k/a Alexander Antonin Moucka a/k/a judische a/k/a catist a/k/a waifu a/k/a ellyel8 is facing the following charges: 1 count of Conspiracy…
NOTE: This 'maximum' punishment is worst case scenario. We don't believe he will receive 275 years in prison even if found guilty on all counts.
The Threat Actor responsible for the Kaseya supply-chain attack got 30 years in prison and they did way more damage.
The Threat Actor responsible for the Kaseya supply-chain attack got 30 years in prison and they did way more damage.
😱30👍8🤔6🤣4😢2
vx-underground
A woman's rant is going semi-viral in political circles on Twitter and Facebook. Some are citing her rant as evidence of potential electoral interference during the 2024 Presidential election. The woman's opening remarks claim she possesses a CCIE (Cisco…
Following this post we received quite a bit of comments and messages. People unfamiliar with us seem to be under the impression we don't know what a computer is.
You're correct — we don't know anything about these computers and these series of tubes. Please help.
You're correct — we don't know anything about these computers and these series of tubes. Please help.
🤣114😁6😢1
Today alexocheema from exolabs reported an unknown Threat Actor trying to slipstream a malware payload into their GitHub repo (image 1).
Interestingly, Malcoreio identified the exact same note & code was also slipstreamed (or attempted to be slipstreamed) into other GitHub repos too (image 2).
The GitHub profile which tried to insert the payload into Exolab was "EvilDojo666". The GitHub profile name identified by Malcore was "Darkmage666" (image 3).
One of the targets was yt-dlp. Those bastards.
tl;dr campaign
Interestingly, Malcoreio identified the exact same note & code was also slipstreamed (or attempted to be slipstreamed) into other GitHub repos too (image 2).
The GitHub profile which tried to insert the payload into Exolab was "EvilDojo666". The GitHub profile name identified by Malcore was "Darkmage666" (image 3).
One of the targets was yt-dlp. Those bastards.
tl;dr campaign
❤65🔥15😢10🤣10😱8🙏4👍3
Latest additions to vx-underground.
Read them.
2015-08-12 - Stealth Techniques - Hiding Files in the Registry
2015-08-20 - Manually Enumerating Process Modules
2015-12-05 - Abusing WMI To Build A Persistent Asynchronous And Fileless Backdoor
2019-12-17 - Calling Local Windows RPC Servers from NET
2021-02-27 - Windows object permissions as a backdoor
2021-10-21 - Windows Exploitation Tricks - Relaying DCOM Authentication
2024-01-31 - Abusing the GPU for Malware with OpenCL
2024-04-19 - Detecting Sandboxes Without Syscalls
2024-09-12 - Proof of Concept - Transforming an EXE or DLL to Shellcode
2024-09-13 - ScriptBlock Smuggling
2024-09-16 - Kernel ETW is the best ETW
2024-09-20 - Anti-Anti-Rootkit Techniques - Part II Stomped Drivers and Hidden Threads
2024-09-28 - Notes on unprivileged access to Bitlocker
2024-10-04 - Notes on xWizard.exe and xWizards.dll
2024-10-09 - XBL Live Game Save DCOM for lateral movement
2024-10-22 - Offensive Groovy programming.pdf
2024-10-22 - Reading BitLocker numerical passwords via API
2024-10-24 - EmbedPayloadInPng
2024-10-27 - ExecutePeFromPngViaLNK
2024-10-30 - EV code signing with pfx in 2024
2024-10-31 - SysVEHSyscalls in Rust
2024-11-09 - Structured Storage and Compound Files.pdf
2024-11-09 - Using VBS enclaves for anti-cheat purposes.pdf
Read them.
2015-08-12 - Stealth Techniques - Hiding Files in the Registry
2015-08-20 - Manually Enumerating Process Modules
2015-12-05 - Abusing WMI To Build A Persistent Asynchronous And Fileless Backdoor
2019-12-17 - Calling Local Windows RPC Servers from NET
2021-02-27 - Windows object permissions as a backdoor
2021-10-21 - Windows Exploitation Tricks - Relaying DCOM Authentication
2024-01-31 - Abusing the GPU for Malware with OpenCL
2024-04-19 - Detecting Sandboxes Without Syscalls
2024-09-12 - Proof of Concept - Transforming an EXE or DLL to Shellcode
2024-09-13 - ScriptBlock Smuggling
2024-09-16 - Kernel ETW is the best ETW
2024-09-20 - Anti-Anti-Rootkit Techniques - Part II Stomped Drivers and Hidden Threads
2024-09-28 - Notes on unprivileged access to Bitlocker
2024-10-04 - Notes on xWizard.exe and xWizards.dll
2024-10-09 - XBL Live Game Save DCOM for lateral movement
2024-10-22 - Offensive Groovy programming.pdf
2024-10-22 - Reading BitLocker numerical passwords via API
2024-10-24 - EmbedPayloadInPng
2024-10-27 - ExecutePeFromPngViaLNK
2024-10-30 - EV code signing with pfx in 2024
2024-10-31 - SysVEHSyscalls in Rust
2024-11-09 - Structured Storage and Compound Files.pdf
2024-11-09 - Using VBS enclaves for anti-cheat purposes.pdf
❤🔥35🎉7❤6👍3🫡3😢2🥰1