vx-underground
When you see someone on social media discussing using AI to code it is your personal responsibility to encourage them. Tell them to "ignore the haters" and "keep it up!". This will keep our cybersecurity pockets phat for generations to come.
Is this ethical? Probably not. Is it cool and badass? Yes.
💯117😎19👏7🤝6😁4👍2❤1😢1
Hi,
We've added 497 malware builders (even some old school), including some which target Android devices. Each directory now includes images of the malware builder as a 'preview'.
Some builders have been removed so we can ensure they're legitimate.
Thanks to Cryakl 🤝
We've added 497 malware builders (even some old school), including some which target Android devices. Each directory now includes images of the malware builder as a 'preview'.
Some builders have been removed so we can ensure they're legitimate.
Thanks to Cryakl 🤝
❤99❤🔥30🤓11🔥5👍3👏2🫡2😢1
vx-underground
Hi, We've added 497 malware builders (even some old school), including some which target Android devices. Each directory now includes images of the malware builder as a 'preview'. Some builders have been removed so we can ensure they're legitimate. Thanks…
Honestly, Sliver, NightHawk, Havoc, Cobalt Strike, you need to take notes.
Do your tools even look cool and badass like this?
Do your tools even look cool and badass like this?
❤129❤🔥39🤣34🔥10🫡6🤓5👍2👏2😢1
Connor Moucka a/k/a Waifu, the Canadian believed to be responsible for the Snowflake compromise, has consented to extradition to the United States.
We can't recall a time a suspected Threat Actor consented to extradition to the United States.
https://cyberscoop.com/connor-moucka-snowflake-hacker-extradition-us/
We can't recall a time a suspected Threat Actor consented to extradition to the United States.
https://cyberscoop.com/connor-moucka-snowflake-hacker-extradition-us/
CyberScoop
Canadian citizen allegedly involved in Snowflake attacks consents to extradition to US
Connor Moucka, a 26-year-old arrested at the behest of U.S. authorities in October in Kitchener, Ontario, faces 20 federal charges.
🤣71😱18🙏4👍2❤1😢1
This media is not supported in your browser
VIEW IN TELEGRAM
Arkana ransomware group claims to have compromised an Internet Service Provider in California.
They were even nice enough to put together a music video montage illustrating the level of access they possess.
They were even nice enough to put together a music video montage illustrating the level of access they possess.
🤣156😎32🤓5❤4👍4🤯2😱2😢1
Arkana ransomware group claims to have compromised "Wide Open West - WOW!", one of the largest Internet Service Provider's in the United States.
First and foremost: we have never heard of Arkana ransomware group. We've seen some researchers mention them via their onion domain — but this appears to be their first victim. Their first victim is also a giant.
Second: previously we shared a music montage video Arkana put together illustrating the level of access they claim to have on "WOW". However, upon inspection, the compromise Arkana is claiming to have is far more devastating than initially thought.
Interestingly, Arkana has used some sort of AI tool to provide a high-level overview of their compromise on their onion domain. It reads exactly like a ChatGPT message.
tl;dr
1. Arkana opens by threatening WOW by mentioning lawsuits (incorrectly citing GDPR) by shareholders and customners.
2. Arkana mocks the CEO. They published her company shares, address, address history, e-mail addresses, and social security number. They taunt her.
3. Share generic company information which is public, primarily shareholders, company executives, directors, etc.
4. Provide table layouts impacting 403,000 customers including:
- UserId
- UserName, Password
- SecurityQuestion
- SecurityAnswer
- Email
- Full name
- WOW service package information
5. Demonstrate full access to "Symphonica" — and show themselves allegedly pushing malware to customer devices (in Michigan?).
6. Demonstrate full access to "AppianCloud", they suggest (in their AI summary, and also in the video they made), they can potentially alter billing information or alter financial transactions (?).
7. The images (as well as the video) Arkana share show intimate and detailed access to WOW.
This is very, very, very interesting from a random, suddenly appearing, almost no-name ransomware group. We see ransomware groups appear all the time, rarely do they make an explosive impact like this right out the gate. We personally do not know of many groups capable of NOT ONLY compromising an ISP, but also knowing how to navigate the infrastructure AND ALSO (allegedly, based on the footage provided) push malware to customer devices.
First and foremost: we have never heard of Arkana ransomware group. We've seen some researchers mention them via their onion domain — but this appears to be their first victim. Their first victim is also a giant.
Second: previously we shared a music montage video Arkana put together illustrating the level of access they claim to have on "WOW". However, upon inspection, the compromise Arkana is claiming to have is far more devastating than initially thought.
Interestingly, Arkana has used some sort of AI tool to provide a high-level overview of their compromise on their onion domain. It reads exactly like a ChatGPT message.
tl;dr
1. Arkana opens by threatening WOW by mentioning lawsuits (incorrectly citing GDPR) by shareholders and customners.
2. Arkana mocks the CEO. They published her company shares, address, address history, e-mail addresses, and social security number. They taunt her.
3. Share generic company information which is public, primarily shareholders, company executives, directors, etc.
4. Provide table layouts impacting 403,000 customers including:
- UserId
- UserName, Password
- SecurityQuestion
- SecurityAnswer
- Full name
- WOW service package information
5. Demonstrate full access to "Symphonica" — and show themselves allegedly pushing malware to customer devices (in Michigan?).
6. Demonstrate full access to "AppianCloud", they suggest (in their AI summary, and also in the video they made), they can potentially alter billing information or alter financial transactions (?).
7. The images (as well as the video) Arkana share show intimate and detailed access to WOW.
This is very, very, very interesting from a random, suddenly appearing, almost no-name ransomware group. We see ransomware groups appear all the time, rarely do they make an explosive impact like this right out the gate. We personally do not know of many groups capable of NOT ONLY compromising an ISP, but also knowing how to navigate the infrastructure AND ALSO (allegedly, based on the footage provided) push malware to customer devices.
🎉91🤯52🔥9❤8🥰7😎4🤔3👍2😁2💯1🤓1
StreamElements web store was compromised. Over 100,000 people impacted.
The Threat Actor responsible was kind enough to notify the impacted customers by sending all of them an email from "Diddy Squad".
The Threat Actor responsible was kind enough to notify the impacted customers by sending all of them an email from "Diddy Squad".
❤72😁44💯7👍6🥰3😢1
1. StreamElements confirms there was a data breach. However, they assert their web shop is ran be an external entity. They were not compromised, but customer data was still stolen. ¯\_(ツ)_/¯
2. WoW! ISP breach was (probably) the result of information stealer malware (the usual suspect). HudsonRock confirms the names and information displayed in the video from Arkana ransomware were previously found in information stealer logs.
tl;dr employee with actual access to stuff at isp somehow does oopsie, detonates infostealer malware, ransomware nerds get it, chaos ensues
tl;dr tl;dr big hacks always infostealers, phishing, or social engineering
tl;dr x3 ¯\_(ツ)_/¯
2. WoW! ISP breach was (probably) the result of information stealer malware (the usual suspect). HudsonRock confirms the names and information displayed in the video from Arkana ransomware were previously found in information stealer logs.
tl;dr employee with actual access to stuff at isp somehow does oopsie, detonates infostealer malware, ransomware nerds get it, chaos ensues
tl;dr tl;dr big hacks always infostealers, phishing, or social engineering
tl;dr x3 ¯\_(ツ)_/¯
🔥50🤣18👍8❤🔥6😢1
> researcher releases cool paper
> *crickets*
> influencer with mailing list appears
> shares stolen lame cheat sheet png
> 100000 likes
> 50000 retweets
> noobs in comments foaming out mouth
> *crickets*
> influencer with mailing list appears
> shares stolen lame cheat sheet png
> 100000 likes
> 50000 retweets
> noobs in comments foaming out mouth
❤80🤣42😢32🔥8🤓3💯2
Hello, how are you?
First and foremost: thank you to our friends at TorGuard for the hosting they've been providing us. It's a wonderful gift and it makes our lives WAY easier. Thank you, Mr. TorGuard.
Anyway, we're almost done restoring the virus-dot-exchange. We've successfully uploaded 26,356,958 malwares. We have more to add, but we're almost done. It's truly a Christmas miracle. In an ideal world, the migration will be completed ... next week sometime.
Following the completion of the restoration of the virus exchange, we'll be hammering vx-underground with new APT malware samples and papers. Additionally, we've got tons of new malware we need to add from the InTheWild collection and VirusSign collection. We will also resume malware ingestion.
Sometime during this chaos, we'll be adding more work from Cryakl. We want to review our malware builders collection to ensure it's sterile-ish (no way we can truly confirm a malware builder is safe, use at your own caution, use common sense).
I'll also ensure during the work more kitty cat pictures will be present on social media (it irritates some of our more serious followers, no idea why we find that so humorous, but it is) and continue being cybercrime TMZ.
Have a nice morning, evening, or night.
- smelly smellington
First and foremost: thank you to our friends at TorGuard for the hosting they've been providing us. It's a wonderful gift and it makes our lives WAY easier. Thank you, Mr. TorGuard.
Anyway, we're almost done restoring the virus-dot-exchange. We've successfully uploaded 26,356,958 malwares. We have more to add, but we're almost done. It's truly a Christmas miracle. In an ideal world, the migration will be completed ... next week sometime.
Following the completion of the restoration of the virus exchange, we'll be hammering vx-underground with new APT malware samples and papers. Additionally, we've got tons of new malware we need to add from the InTheWild collection and VirusSign collection. We will also resume malware ingestion.
Sometime during this chaos, we'll be adding more work from Cryakl. We want to review our malware builders collection to ensure it's sterile-ish (no way we can truly confirm a malware builder is safe, use at your own caution, use common sense).
I'll also ensure during the work more kitty cat pictures will be present on social media (it irritates some of our more serious followers, no idea why we find that so humorous, but it is) and continue being cybercrime TMZ.
Have a nice morning, evening, or night.
- smelly smellington
❤70👍17🫡5🤔2😢1