While everyone was discussing the NPM supply chain attack, what else happened?
- _CPResearch_ did some article on some nerd named PureCoder (???) who was doing some ClickFix malware campaign with fake job offers. They did some kind of campaign, compromised some place for a few days, or something. They found the builder and cryptor and some other stuff. New malware guy on the block doing malware and stuff
- Securelist did an article on RevengeHotel. They target hotels, and steal credit cards, etc. They're back again and using AI for phishing and malicious scripts. Claude and/or ChatGPT is helping Threat Actors I guess
- PointWild discovered a new Information Stealer named Raven. It's written in C++ and Delphi.
- proofpoint did some news on TA415 (China?) targeting the United States think tanks and universities. They're using Visual Studio dev tunnels, Google Calenders, and Google Sheets as a C2
- Acronis discussed a new malware campaign that uses ClickFix and steganography together to be extra cool and badass. This malware campaign is in multiple languages or whatever. It just delivers an infostealer
- sekoia_io did a thing on APT28 (Russia?) and some new campaign Russia hacking thingy named "Phantom Net Voxel". They uncovered it when they looked at some stuff from the Ukraine government. It does a bunch of stuff and lands on BeardShell and SlimyAgent.
- GDATA released another paper on ManualFinder. They found some more malware campaigns, and deception, and blah blah blah. It's called AppSuite and OneStart
That's all in just 1 day. Smh yall gotta LOCK IN (its like this everyday, everyday is an inescapable nightmare)
- _CPResearch_ did some article on some nerd named PureCoder (???) who was doing some ClickFix malware campaign with fake job offers. They did some kind of campaign, compromised some place for a few days, or something. They found the builder and cryptor and some other stuff. New malware guy on the block doing malware and stuff
- Securelist did an article on RevengeHotel. They target hotels, and steal credit cards, etc. They're back again and using AI for phishing and malicious scripts. Claude and/or ChatGPT is helping Threat Actors I guess
- PointWild discovered a new Information Stealer named Raven. It's written in C++ and Delphi.
- proofpoint did some news on TA415 (China?) targeting the United States think tanks and universities. They're using Visual Studio dev tunnels, Google Calenders, and Google Sheets as a C2
- Acronis discussed a new malware campaign that uses ClickFix and steganography together to be extra cool and badass. This malware campaign is in multiple languages or whatever. It just delivers an infostealer
- sekoia_io did a thing on APT28 (Russia?) and some new campaign Russia hacking thingy named "Phantom Net Voxel". They uncovered it when they looked at some stuff from the Ukraine government. It does a bunch of stuff and lands on BeardShell and SlimyAgent.
- GDATA released another paper on ManualFinder. They found some more malware campaigns, and deception, and blah blah blah. It's called AppSuite and OneStart
That's all in just 1 day. Smh yall gotta LOCK IN (its like this everyday, everyday is an inescapable nightmare)
β€41π₯°11π±10π’1
vx-underground
While everyone was discussing the NPM supply chain attack, what else happened? - _CPResearch_ did some article on some nerd named PureCoder (???) who was doing some ClickFix malware campaign with fake job offers. They did some kind of campaign, compromisedβ¦
Note: I skimmed the paper too skimmingly. PureCoder and pure stuff is known. I misread when skimming (I skim stuff).
I'm sorry to everyone who I let down. Please stop bonking me.
I'm sorry to everyone who I let down. Please stop bonking me.
π€45π€8β€5π’1π«‘1
vx-underground
tl;dr - By default it uses the Perplexity search engine - Installing the browser requires a Perplexity account - Not available on Linux (yet) - The browser "uses AI to securely handle your data"(?) - Generic features of all modern web browsers - Probablyβ¦
In my opinion, this will probably secure your password, ya. It is 1Password. However, I'm inclined to believe this is an attempt at harvesting more data for AI research.
They no longer need to scrape when they're inside your machine.
They no longer need to scrape when they're inside your machine.
π―73π±9π5β€1π’1
vx-underground
HOLY FUCK. Department of Justice nabbed one of the Scattered Spider guys. They got him on 120 counts of computer intrusions. He's facing over 95 years in prison. I've NEVER seen a cyber crime charge this high.
www.justice.gov
United Kingdom National Charged in Connection with Multiple Cyber
A complaint filed in the District of New Jersey was unsealed today charging Thalha Jubair, a United Kingdom national, with conspiracies to commit computer fraud, wire fraud, and money laundering, in relation to at least 120 computer network intrusions andβ¦
π₯°19π’5β€2π2π1
vx-underground
I received this image quite some time ago. I've been sitting on it. Staring at it. Contemplating the duality of life. Can anyone guess what this image is?
This is (allegedly) Transport For London. I received this image over 1 year ago.
π±26π€£17π8π₯5π’1
Dawg, one of the Scattered Spider guys ransomed a bunch of companies, made $36,000,000, then used the money for Uber Eats and Steam π
They had him from Uber Eats bro π
They had him from Uber Eats bro π
π€£121π11π7π«‘5π’2
DAWG. They social engineered the United States judicial system (???), reset someone's password by pretending to be helpdesk, and LOOKED THEMSELVES UP
π€£84π7π€6β€2π’1π€©1
jubair.complaint.pdf
214.7 KB
Official court document on United States v Jubair (Scattered Spider, Earth2Star)
π₯°18π₯7β€2π’1
vx-underground
DAWG. They social engineered the United States judicial system (???), reset someone's password by pretending to be helpdesk, and LOOKED THEMSELVES UP
Imagine being "INDIVIDUAL-1". The FBI just kicks in your door asking who "Austin" is π
π€£50π’5β€2
vx-underground
Chat, I'm not a crypto nerd. In this Scattered Spider court document, they state Mr. Jubair a/k/a Earth2Star received approx. 920.16BTC from performing ransomware attacks. How difficult is it to safely launder 920.16BTC? (approx. $108,062,646 as of thisβ¦
WHO THE FUCK DID THEY RANSOM FOR 964 BTC
π€£68π€―19π±8π2π’1π€1
> Scattered Spider ransoms company for 964BTC
> wtf_thats_alot.jpeg
> Document says "Cost of BTC at time was $36M"
> $36M / 964BTC = $37.5K
> BTC value was $37.5K in November, 2023
> Google "Ransomware, November, 2023"
> omfg.exe
> wtf_thats_alot.jpeg
> Document says "Cost of BTC at time was $36M"
> $36M / 964BTC = $37.5K
> BTC value was $37.5K in November, 2023
> Google "Ransomware, November, 2023"
> omfg.exe
π€―89π€£22π11β€3π’1
There's people on Xitter saying "The COM" is an ANTIFA, LGBTQIA, Furry, Transexual anti-American gang funded by George Soros
This has occured because FBI Director Kash Patel mentioned 764 in a Senate hearing. Ameriburgers who don't do computers looked up 764, found "The COM" on Wikipedia, and now think "the COM" is some sort of Democrat (American Liberal) funded organization
Dawg wtf LOL
This has occured because FBI Director Kash Patel mentioned 764 in a Senate hearing. Ameriburgers who don't do computers looked up 764, found "The COM" on Wikipedia, and now think "the COM" is some sort of Democrat (American Liberal) funded organization
Dawg wtf LOL
π€£86π9π₯4β€2π±1π’1
The craziest thing about the entire Scattered Spider trilogy is how simple they operated and how effective it was
They didn't utilize 0day exploits. They didn't utilize novel and "undetectable" malware. They didn't exploit N-days or try to find vulnerable external facing machines.
All they did was call the help desk. That's it. That's literally it.
Scattered Spider performed basic reconnaissance from social media (LinkedIn), investor websites, and dug up any information they could about the company.
Then they called the help desk.
That's how they compromised banks, critical infrastructure, casinos, car manufacturers, petroleum companies, luxury brands, government entities, air lines, and record labels.
Once they got access they used basic open source tooling from GitHub. It was never anything super fancy.
All of these companies invested heavily into Threat Intelligence, SOC analysts, Endpoint Detection Response software, DFIR experts, and anything else you can think of and it was defeated by doing basic research on the company and calling the help desk
We're so fucked
They didn't utilize 0day exploits. They didn't utilize novel and "undetectable" malware. They didn't exploit N-days or try to find vulnerable external facing machines.
All they did was call the help desk. That's it. That's literally it.
Scattered Spider performed basic reconnaissance from social media (LinkedIn), investor websites, and dug up any information they could about the company.
Then they called the help desk.
That's how they compromised banks, critical infrastructure, casinos, car manufacturers, petroleum companies, luxury brands, government entities, air lines, and record labels.
Once they got access they used basic open source tooling from GitHub. It was never anything super fancy.
All of these companies invested heavily into Threat Intelligence, SOC analysts, Endpoint Detection Response software, DFIR experts, and anything else you can think of and it was defeated by doing basic research on the company and calling the help desk
We're so fucked
π€£103β€16π―10π€7π4π’2π₯1π₯°1