All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk.
A company valued at $33,900,000,000 was defeated by a 10-minute conversation.
A company valued at $33,900,000,000 was defeated by a 10-minute conversation.
๐คฃ147๐14๐คฏ12๐ซก8โค5๐ฅ4โคโ๐ฅ1๐1๐ฑ1๐ข1
What's new with us? Well, we've got quite a bit of updates.
1. Our new VXDB is live, we are working on populating it with our entire malware sample collection. Once all malware samples are present we will allow verified individuals to share and/or upload samples to the VXDB. We are restricting access to verified individuals only so the database isn't filled with junk data. The database is, as we've said 1,000 times before, free for everyone to use. It currently has limitations, but it is an ongoing work and progress and it is 100% open source:)
2. Black Mass Volume II will be released this weekend (ideally). It was be available for sale on Amazon and free for download on vx-underground. The Amazon price will be as cheap as possible to ensure people all across the world, regardless of income, can purchase a physical if they'd like. Additionally, upon release we will be giving away over 40 copies of Black Mass Volume II for free! More details on that later.
3. vx-underground is being re-vamped (again). We are migrating away from Alibaba and moving to Wasabi. Alibaba was being ... a pain ... they do not play nice while migrating. We've had to make several local copies and now we are in the process of migrating to Wasabi. Once the migration is complete vx-underground will receive a new front-end (again). The new front-end will be written in Elixir, automatically update with new additions, and allow website visitors to scrape the site easier. Yes, we are going WAY out of our way to make sure you nerds can scrape it.
4. Yes, we will eventually sell physical copies of vx-underground on SATA harddrives. This is something we are currently researching to ensure we do not bankrupt ourselves trying to do this. Be patient.
5. We are doing another giveaway. Soon we will be giving away subscriptions to MULLVAD VPN for nerds who care about their privacy, or something.
6. Finally, as is tradition, we have tons of new papers and samples to add. However, we cannot do this until step 3 is complete.
This is all thanks to our monthly supporters and sponsors. Thank you for the love and support.
Have a nice day (or evening).
1. Our new VXDB is live, we are working on populating it with our entire malware sample collection. Once all malware samples are present we will allow verified individuals to share and/or upload samples to the VXDB. We are restricting access to verified individuals only so the database isn't filled with junk data. The database is, as we've said 1,000 times before, free for everyone to use. It currently has limitations, but it is an ongoing work and progress and it is 100% open source:)
2. Black Mass Volume II will be released this weekend (ideally). It was be available for sale on Amazon and free for download on vx-underground. The Amazon price will be as cheap as possible to ensure people all across the world, regardless of income, can purchase a physical if they'd like. Additionally, upon release we will be giving away over 40 copies of Black Mass Volume II for free! More details on that later.
3. vx-underground is being re-vamped (again). We are migrating away from Alibaba and moving to Wasabi. Alibaba was being ... a pain ... they do not play nice while migrating. We've had to make several local copies and now we are in the process of migrating to Wasabi. Once the migration is complete vx-underground will receive a new front-end (again). The new front-end will be written in Elixir, automatically update with new additions, and allow website visitors to scrape the site easier. Yes, we are going WAY out of our way to make sure you nerds can scrape it.
4. Yes, we will eventually sell physical copies of vx-underground on SATA harddrives. This is something we are currently researching to ensure we do not bankrupt ourselves trying to do this. Be patient.
5. We are doing another giveaway. Soon we will be giving away subscriptions to MULLVAD VPN for nerds who care about their privacy, or something.
6. Finally, as is tradition, we have tons of new papers and samples to add. However, we cannot do this until step 3 is complete.
This is all thanks to our monthly supporters and sponsors. Thank you for the love and support.
Have a nice day (or evening).
โค83๐12๐ฅ5๐คช2
Another day, another series of e-mails from compromised government e-mail addresses.
Thank you for the messages Will and USDoD. They have been received.
Thank you for the messages Will and USDoD. They have been received.
โค59๐คช12๐7๐6๐คฃ4๐ฑ2๐ฅ1
Very cool. Thank you Bitdefender and TrustedSec for the kind words when speaking with Forbes. However, we would like to note vx-underground is a collective of several people - it is not a single person.
(TrustedSec knows this, maybe Mr. Hammerstone made an oopsie doopsie)
(TrustedSec knows this, maybe Mr. Hammerstone made an oopsie doopsie)
โค90๐23๐ฏ8๐ซก5๐4๐1
Security researcher Gi7w0rm accidentally got access to the International Space Stations urine recycling system.
He was able to identify when astronauts used the restroom (based on urine percentage increasing) and when it was processing urine (urine percentage decreasing).
He was able to identify when astronauts used the restroom (based on urine percentage increasing) and when it was processing urine (urine percentage decreasing).
๐คฃ164๐9๐ค8๐7โค4๐ซก4๐คช4๐3๐คฏ1
Note: Per the insights from a space nerd, SWGlassPit, this is publicly available telemetry originally released for a now defunct project known as ISS live.
tl;dr ISS lets you monitor pee-pee and poo-poo? We had no idea =D
Real-time monitoring is here: https://iss-mimic.github.io/Mimic/
tl;dr ISS lets you monitor pee-pee and poo-poo? We had no idea =D
Real-time monitoring is here: https://iss-mimic.github.io/Mimic/
๐36๐คฏ11๐6๐ซก5๐คช3
We have pioneered a new method for extending WiFi technologies (we stole it actually). Our methodology uses aerodynamic engineering, or whatever fancy word works here. Please see the attached image which demonstrates our technology. We believe this was revolutionize WiFi.
๐ฅ100๐คฃ70๐15๐ฑ7๐ค6๐ฏ6โค5๐5๐2
The past 72 hours we have added 221,319 new malware samples to the VXDB. We only have 15,778,681 samples remaining. ๐ซก
Reminder that the VXDB is free for anyone to use. Oh, and it's open source.
https://virus.exchange
Have a nice day.
Reminder that the VXDB is free for anyone to use. Oh, and it's open source.
https://virus.exchange
Have a nice day.
โค47๐ซก22๐1
When Scattered Spider compromised MGM they tried to modify code for the slot machines to make them spit out money ๐๐
These nerds are going full Ocean's Eleven
These nerds are going full Ocean's Eleven
๐คฃ72๐ฅ10โค5๐4๐ฏ2๐ค1
Do wE kNoW iF CaEsArS wAs HaCkeD?!
Yes, they were compromised around the exact same time as MGM and access to Caesar's was compromised using the exact same technique that was used against MGM.
Read the U.S. Securities and Exchange Commission report, nerds.
Yes, they were compromised around the exact same time as MGM and access to Caesar's was compromised using the exact same technique that was used against MGM.
Read the U.S. Securities and Exchange Commission report, nerds.
๐27๐คฃ21โค5๐คฏ4
Hello,
We are aware ALPHV ransomware group criticized us for spreading misinformation. They incorrectly attributed us to the Financial Times article about ALPHV affiliates attempting to tamper with slot machines
We will speak with ALPHV and resolve the issue.
Thanks,
We are aware ALPHV ransomware group criticized us for spreading misinformation. They incorrectly attributed us to the Financial Times article about ALPHV affiliates attempting to tamper with slot machines
We will speak with ALPHV and resolve the issue.
Thanks,
๐40๐ซก23๐คช13โค1๐ข1
Thank you to the ALPHV ransomware group administrative staff for correcting their blog post and correcting the misattribution to us.
We wholeheartedly appreciate.
We wholeheartedly appreciate.
๐50โค10๐ซก9๐2๐1
This media is not supported in your browser
VIEW IN TELEGRAM
U+4VeZwaR37JIofFHKafYTXVXQhP278yfarcWWRwZlI=
๐ค74๐คช17๐ฅ12๐ข3๐ซก3๐2๐ฑ2๐คฏ1
Okay, we deleted the previous tweet because now we're giving away 4 one year subscriptions to MULLVAD. Hahaha.
It on Twitter:)
https://twitter.com/vxunderground/status/1702720582293311896
It on Twitter:)
https://twitter.com/vxunderground/status/1702720582293311896
X (formerly Twitter)
vx-underground on X
We're doing another giveaway
We're giving away 4 one year subscriptions to MULLVAD VPN for 5 devices. They will be delivered in the form of giftcards. No PII is required from any potential winner.
Winners will be selected September 17th.
Comment belowโฆ
We're giving away 4 one year subscriptions to MULLVAD VPN for 5 devices. They will be delivered in the form of giftcards. No PII is required from any potential winner.
Winners will be selected September 17th.
Comment belowโฆ
โค32๐7๐ฅ5๐คฃ4๐ซก1
While everyone is focusing on the catastrophe of the MGM breach, it should be noted that it is business as usual for other ransomware groups.
Note: Publicly listed victims on ransomware websites indicate the victim did not pay and/or negotiations are still on-going.
- Cactus ransomware group was the most active this month (so far), with 30 new victims publicly displayed. Their victims are primarily agricultural and industrial organizations.
- ALPHV ransomware group claims 19 new victims in September. Besides MGM, they have claimed law firms, architecture and design companies, real estate companies, physicians offices, investment companies, and media analysis companies.
- Lockbit ransomware group claims 19 new victims as well. Lockbit ransomware group most notably targeted a non-profit hospital, a Behavioral health center for the mentally ill, 2 school distracts located within the United States, and law firm which represents American Veterans who need legal assistance.
- CryptBB, a new and emerging group, claimed 8 victims, most notably a school district in the United States.
- NoEscape claims to have compromised US-Canada water organization, the International Joint Commission, and threatens to leak sensitive government data.
- BianLain attacks Save the Children International, a 104 year old non-profit which aided children who were victims of WW2 nazi concentration camps (among many other incredible deeds).
- RansomedVC claims 30 new victims this month, primarily leveraging web exploitation and intimidation tactics.
Other active ransomware group activity this month: RagnarLocker, Threeam, CiphBit, Trigona, Knight, Akira, Monti, Stormous, Blacksuit, Play, RansomHouse, IncRansom, Lorenz, BlackByte, Qilin, RaGroup, Everest, Mallox, Medusa, Rhysida, 8base, Abyss.
In the month of September, 2023, there have been over 200 newly documented ransomware attacks. Again, this does not include victims who have paid.
The most notorious groups still remain on top: ALPHV and Lockbit. Both have existed (in some manner) since at least 2019.
Note: Publicly listed victims on ransomware websites indicate the victim did not pay and/or negotiations are still on-going.
- Cactus ransomware group was the most active this month (so far), with 30 new victims publicly displayed. Their victims are primarily agricultural and industrial organizations.
- ALPHV ransomware group claims 19 new victims in September. Besides MGM, they have claimed law firms, architecture and design companies, real estate companies, physicians offices, investment companies, and media analysis companies.
- Lockbit ransomware group claims 19 new victims as well. Lockbit ransomware group most notably targeted a non-profit hospital, a Behavioral health center for the mentally ill, 2 school distracts located within the United States, and law firm which represents American Veterans who need legal assistance.
- CryptBB, a new and emerging group, claimed 8 victims, most notably a school district in the United States.
- NoEscape claims to have compromised US-Canada water organization, the International Joint Commission, and threatens to leak sensitive government data.
- BianLain attacks Save the Children International, a 104 year old non-profit which aided children who were victims of WW2 nazi concentration camps (among many other incredible deeds).
- RansomedVC claims 30 new victims this month, primarily leveraging web exploitation and intimidation tactics.
Other active ransomware group activity this month: RagnarLocker, Threeam, CiphBit, Trigona, Knight, Akira, Monti, Stormous, Blacksuit, Play, RansomHouse, IncRansom, Lorenz, BlackByte, Qilin, RaGroup, Everest, Mallox, Medusa, Rhysida, 8base, Abyss.
In the month of September, 2023, there have been over 200 newly documented ransomware attacks. Again, this does not include victims who have paid.
The most notorious groups still remain on top: ALPHV and Lockbit. Both have existed (in some manner) since at least 2019.
๐22๐ซก10๐ข9โค6๐ฅ5๐คฃ5๐4๐คฏ3๐ฏ3๐ค1