infrastructure destruction squad
442 subscribers
375 photos
26 videos
2 files
32 links
infrastructure destruction squad
Download Telegram
infrastructure destruction squad
Photo
The internal network of Libyan Airlines has been fully compromised and we have gained complete control over the entire network infrastructure We successfully breached the primary MikroTik RouterOS device belonging to the company located at Mitiga International Airport in Tripoli and gained access to all of its configurations and subsystems including employee and customer PPPoE accounts DHCP servers routing tables firewall rules Hotspot settings and system logs containing login and logout data for all users We also exploited a security vulnerability in the SNMP protocol which was openly accessible on port 161 without any protection allowing us to collect sensitive device information such as uptime firmware version and the device name which was labeled Libyan Airlines Mittiga Airport Telecom confirming that the device is located at Mitiga International Airport in Tripoli and belongs to Libyan Airlines

We have taken control of over 600 active devices connected to the network including smartphones tablets laptops and desktop computers belonging to company employees and various departments We identified 18 active PPPoE sessions under different usernames and have been monitoring incoming and outgoing data traffic analyzing data packets passing through the network and gaining access to sensitive information such as emails login credentials internal documents and administrative correspondence Additionally we have the ability to add delete or modify internet accounts change passwords and adjust permissions giving us full control over the network and data flow allowing us to spy on users intercept information redirect traffic and even shut down the network completely or redirect users to fake websites to collect more data or carry out phishing attacks

We have compromised over 2500 accounts within the companys internal network including employee accounts administrative accounts customer accounts email accounts internal system access accounts VPN accounts Hotspot accounts and PPPoE accounts all of which are now under our full control

Furthermore we have successfully compromised additional new accounts with over 6000 additional accounts discovered and documented during the breach These newly discovered accounts include internet accounts with various speeds 3 Mbps 4 Mbps 5 Mbps 7 Mbps 10 Mbps remote access accounts hidden administrative accounts test accounts and backup accounts All of these accounts were protected by extremely weak passwords or in many cases the password was identical to the username which greatly facilitated our access and compromise

We can exploit these new and discovered accounts in multiple dangerous ways including using employee accounts to access internal email and confidential correspondence reading all messages and sending forged emails under the name of senior management to spread misinformation or cause administrative damage We can also use customer accounts to access their personal data including phone numbers email addresses payment details and sensitive information allowing us to carry out fraud and identity theft attacks

We can also take control of VPN accounts to access other internal networks connected to the company such as other airport networks booking systems aviation networks and ground handling systems potentially leading to the compromise of the entire aviation system We can exploit PPPoE accounts to change users internet settings redirect traffic to our servers collect and analyze data for espionage or hacking purposes and use administrative accounts to modify security settings disable protection systems create new vulnerabilities and leave backdoors to ensure continued control even after the breach is discovered

We can also exploit Hotspot accounts to distribute unauthorized internet connections sell them to third parties or use them to launch cyberattacks from within the network making them difficult to trace We can leak sensitive company data including financial information employment contracts passenger data flight information and operational data to the media competitors or hostile
infrastructure destruction squad
Photo
entities and gradually disable the companys internal systems to avoid detection potentially paralyzing company operations disrupting flights canceling bookings and causing massive financial losses

Additionally we can carry out targeted phishing attacks against employees and senior management to gather more sensitive information and passwords expand the scope of the breach to include other systems outside the company and deploy malware and ransomware within the internal network encrypting vital data and demanding a huge ransom to restore systems and decrypt files We can monitor employee and management activity in real time collecting information about their movements communications and relationships which we can use to pressure or blackmail them

Furthermore we can use administrative accounts to issue forged orders for fund transfers move money to external accounts or falsify invoices and contracts resulting in massive financial losses for the company We can also use the compromised network to create a botnet of infected devices to launch DDoS attacks on government banking or media targets within Libya and abroad and sell stolen data and login credentials on the black market to hackers competitors or hostile entities generating huge financial profits at the expense of the companys security

We can also alter flight paths cancel flights or cause deliberate delays to create chaos and confusion at Mitiga International Airport damaging the companys reputation We can infiltrate the airports CCTV systems and access surveillance cameras allowing us to monitor passenger and employee movements and gather intelligence about the airport We can also use customer accounts to purchase flight tickets using their stolen data causing financial losses to customers and damaging their reputations

All of these newly discovered and compromised accounts give us unprecedented control over one of Libyas most critical facilities We are now in a position to decide how to exploit this breach whether for financial political intelligence or even reputational damage purposes At any moment we can completely shut down the service leak sensitive data or use the network as a platform to launch cyberattacks on other targets making this breach one of the most dangerous attacks a national airline could ever face and placing the entire future of the company in our hands
infrastructure destruction squad
🔴The internal network of Libyan Airlines has been fully compromised and we have gained complete control over the entire network infrastructure We successfully breached the main MikroTik RouterOS device belonging to the company which is located at Mitiga International…
This is a complete large network, and we haven't shown you the rest of the data We now have an entire internal network under our control and we have the ability to sell this network with all its details including all passwords access permissions routing settings user accounts backups and system logs

We offer for buyers a complete and ready-to-exploit network with the necessary technical support to use it for any purpose

To contact and negotiate you can reach us through our dedicated account:

📩 @blacknetransom

Time is limited and the data is waiting for whoever pays the right price
2
infrastructure destruction squad
🔴 PRTG System Breach Update 🔴 We have successfully gained access to the PRTG system! Our team has successfully breached the PRTG Network Monitor system used by SriLankan Airlines, which is responsible for monitoring all servers, devices, and the entire…
Media is too big
VIEW IN TELEGRAM
This is a monitoring server dashboard related to SriLankan Airlines running the PRTG Network Monitor system which is used by SriLankan Airlines to oversee all servers devices, and the entire internal network.

This video was recorded at the time the servers were breached.

These servers have now been shut down by SriLankan Airlines after they became aware of the intrusion
1
Hello, a vulnerability was exploited and data from 500 financial companies including banks was stolen
🤔1😇1
infrastructure destruction squad
Hello, a vulnerability was exploited and data from 500 financial companies including banks was stolen
🔴Another victim of ransomware
BLACKNET-00
CIMB Bank is our latest victim.


CIMB Group is one of the largest banking groups in Southeast Asia headquartered in Kuala Lumpur Malaysia. It provides financial services to

individuals and businesses including retail banking corporate banking investment banking asset management and Islamic banking
😁2
infrastructure destruction squad
Photo
Another Victim of Ransomware BLACKNET-00

CIMB Bank is our latest victim. Our team successfully infiltrated the bank's systems and obtained documents and account details belonging to VICTORY CONQUEST HOLDINGS PTE LTD, a company registered at 51 JERVOIS ROAD 02-01 DORMER PARK SINGAPORE 249045. We now have access to account number 2000959027 in Singapore dollars and account number 2000959039 in US dollars, along with bank statements for January February and March 2025.

We compromised the bank's electronic payment system and gained access to the customer database, obtaining complete bank statements with all transaction details including local transfers via PayNow FAST payments and international telegraphic transfers. We also obtained personal information of clients including names residential addresses phone numbers and tax registration details.

If the ransom is not paid we will publicly release all stolen data which will expose the company to severe financial losses through unauthorized withdrawals forged invoices in the company's name and fraudulent money transfers. Client identities could be stolen and used to open fake bank and business accounts for fraud and money laundering. The company's complete financial records including suppliers clients and transferred amounts will be exposed damaging its business reputation and causing loss of trust from partners clients and other banks. Legal liability may also arise including lawsuits from affected clients central bank investigations regulatory fines and potential suspension of business operations.

We are BLACKNET-00. You have a limited time to pay the ransom before we leak everything we have. The decision is yours
2
🔴Another victim of the BLACKNET-00 ransomware.
FIRST NATIONAL BANK in South Africa is our latest

victim. Our team successfully breached the bank's systems and obtained sensitive financial documents.