Onion Information

Page Clicks: 0

First Seen: 03/12/2024

Last Indexed: 10/23/2024

Domain Index Total: 101

cybercrime news Iris Green Writer Ransomware group steals data from dozens of organizations using MOVEit exploit June 5, 2023 On May 31, Progress Software issued a warning regarding the vulnerability of its MOVEit Transfer managed file transfer (MFT) software to a critical SQL injection. This vulnerability can be exploited by an unauthorized attacker to gain access to MOVEit Transfer databases. The vendor has stated that, depending on the database engine in use (MySQL, Microsoft SQL Server, or Azure SQL), the attacker may be able to deduce information about the database's structure and contents, as well as execute SQL statements that modify or delete database elements. Multiple cybersecurity firms have reported instances of attacks involving the MOVEit zero-day vulnerability. These firms include Huntress, Rapid7, TrustedSec, GreyNoise, Mandiant, and Volexity. The initial attacks were first observed by Mandiant on May 27th. However, GreyNoise, a threat intelligence firm, detected scanning activity that may be linked to this flaw as early as March. In these attacks, malicious actors have taken advantage of the vulnerability to deploy a webshell/backdoor, which enables them to pilfer data uploaded by MOVEit Transfer clients. The attack has been attributed to UNC4857, a recently identified threat cluster, and the webshell utilized has been named LemurLoot by Mandiant. The security firm has observed instances of victimization in the United States, Canada, and India, with instances of data theft occurring within mere minutes of the webshell's deployment in certain cases. Mandiant stated that the campaign's apparent opportunistic nature and the ensuing data theft activity are in line with the behavior of extortion actors. Consequently, organizations that fall prey to this campaign may receive ransom emails within the next few days or weeks. The organization has observed certain similarities between UNC4857 and activities previously attributed to the FIN11 and Cl0p operations. However, it has been determined that there is insufficient evidence to draw a definitive conclusion. In contrast, Microsoft is confident that the Cl0p ransomware attack was carried out by the threat actor behind it. The technology giant identifies the group as Lace Tempest and cites overlaps with FIN11 and TA505 activity. The Cl0p ransomware group has previously taken advantage of a vulnerability in Fortra's GoAnywhere MFT software to steal data from numerous organizations. According to the Shodan search engine, there are approximately 2,500 internet-exposed MOVEit systems, primarily in the United States. The Censys search engine has identified over 3,000 hosts, including those in the financial, education, and government sectors. Security researcher Kevin Beaumont, who has been monitoring the attacks, has knowledge of data being stolen from a "double-digit number" of organizations, including financial institutions and US government agencies. The US Cybersecurity and Infrastructure Security Agency (CISA) has included CVE-2023-34362 in its Known Exploited Vulnerabilities Catalog and has instructed government agencies to promptly patch it. Some similar articles you may like! Heinrich X April 4, 2024 At&T Has Confirmed That Data Belonging To 73 Million User Has Been Leaked On The Dark Web AT&T has confirmed that data belonging to 73 million current and former customers has been leaked on the dark web. In a formal statement, the Dallas-based compa... cybercrime news Heinrich X Dec. 27, 2023 International Authorities Claims Alphv Blackcat Ransomware (Raas) Seizure International Law enforcement agencies claim to have seized the dark net leak site of the infamous ALPHV ransomware gang, also known as BlackCat. A ransomware f... cybercrime news Darknet Markets Top darknet markets, feel free to explore. Purchase at your own risk, but we don't encourage. Ares Market Mgm Grand Market Archetyp Market Drug Hub Market Super Market Omg!Omg! Market (Ru) Cypher Market Dark Matter Market Abacus Market More darknet markets Vendor Stores Some known vendors who run their own dark web stores. Smackers Vendor Shop Gammagoblin Heineken Express More vendor stores Search Engines Can't find what you're looking for? Maybe try one of the search engines. Tordex Torch Venus More search engines Forums Reach out to members of the darknet community and improve your research thru these forums. Dread Libre More forums Popular Top 8 Darknet Markets Mgm Grand Market Ares Darknet Market Omg!Omg! Darknet Market