Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

16 Good


About SilentRoom

  • Rank
    Rank #4

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. ArbiterSports, a sports league software company, reported a security incident affecting some 540,000 registered members, including sports referees and senior representatives from sports leagues and schools. In particular, ArbiterSports is the official software provider for the National Collegiate Athletic Association (NCAA), an American collegiate sports association that includes more than 1.2 thousand organizations that organize sports competitions in colleges and universities in the United States and Canada. According to the ArbiterSports notification, in July of this year, the company managed to repel a ransomware attack. Although the attackers failed to encrypt her systems, they were still able to steal the backup files. The backups contained data from the ArbiterGame, ArbiterOne, and ArbiterWorks web applications used by sports leagues and schools to appoint and manage schedules for referees and officials. As a result of the incident, attackers stole the data of users who registered in the aforementioned applications, including their usernames, real names, passwords, home and email addresses, dates of birth and social security numbers. After ArbiterSports managed to repel the ransomware attack, the attackers contacted her and demanded a ransom for removing the stolen files. The company paid the required amount and received confirmation from cybercriminals that the data had indeed been deleted. True, there is no guarantee that the attackers did not keep copies of the stolen data for themselves.
  2. Using the botnet, the man blocked the online purchase of tickets for the events of his beloved singer. This was reported in the press service of the cyber police. The investigation found that a 24-year-old Kharkiv resident, who lived in the Desnyanskiy district of Kiev, carried out DDoS attacks on websites and set up a botnet that prevented other users from buying tickets. At the same time, the defendant used foreign VPN services. As a result of such actions, two concerts of the singer were canceled. Three more passed in the presence of only 30% of the audience. A 24-year-old Kharkiv resident could face imprisonment for up to six years. According to preliminary police data, the amount of damage is more than UAH 500 thousand. Criminal proceedings have been opened under Part 1 of Art. 361 ("Unauthorized interference in the operation of electronic computers (computers), automated systems, computer networks or telecommunication networks") of the Criminal Code. The suspect faces a sentence of imprisonment for up to six years.
  3. US Department of Justice announced indictments against 5 Chinese nationals alleged members of a state-sponsored hacking group known as APT41. The United States Department of Justice this week announced indictments against five Chinese nationals believed to be members of the cyber-espionage group known as APT41 (Winnti, Barium, Wicked Panda and Wicked Spider). US authorities are accusing the China-linked APT group of having launched cyberattacks on hundreds of organizations across the world. The list of targets includes software and video game companies, computer hardware makers, telecom providers, and social media organizations, but also governments, non-profit entities, universities, and think tanks, not to mention pro-democracy politicians and activists in Hong Kong. The attacks also aimed at carrying out other criminal activities, such as the deployment of ransomware and cryptocurrency malware. In August 2019 and August 2020, a federal grand jury announced two separate indictments charging the five Chinese nationals with facilitating theft of source code, software code signing certificates, customer account data, and valuable business information. They have been also charged with identity theft, access device fraud, wire fraud, money laundering, and violations of the Computer Fraud and Abuse Act (CFAA). The five Chinese nations reached by the indictments are Zhang Haoran, 35, Tan Dailin, 35, Jiang Lizhi, 35, Qian Chuan, 39, and Fu Qiang, 37. According to the indictment announced in August 2019, Zhang Haoran (张浩然), 35, and Tan Dailin (谭戴林), 35, with 25, carried out cyber attacks on high-technology and similar organizations and video game companies. The August 2020 indictment charges charged Jiang Lizhi (蒋立志), 35, Qian Chuan (钱川), 39, and Fu Qiang (付强), 37, they were operating for a Chinese company named Chengdu 404 Network Technology. “The racketeering conspiracy pertained to the three defendants’ conducting the affairs of Chengdu 404 Network Technology (“Chengdu 404”), a PRC company, through a pattern of racketeering activity involving computer intrusion offenses affecting over 100 victim companies, organizations, and individuals in the United States and around the world, including in Australia, Brazil, Chile, Hong Kong, India, Indonesia, Japan, Malaysia, Pakistan, Singapore, South Korea, Taiwan, Thailand, and Vietnam. The defendants also compromised foreign government computer networks in India and Vietnam, and targeted, but did not compromise, government computer networks in the United Kingdom.” reads the press release published by DoJ.” In one case, the Chinese hackers launched a ransomware attack on the network of a non-profit organization dedicated to combating global poverty. The Chengdu 404 defendants used multiple techniques in their operations, including supply chain attacks and C2 “dead drops,” they also employed publicly available exploits and tools. They targeted multiple known vulnerabilities including CVE-2019-19781, CVE-2019-11510, CVE-2019-16920, CVE-2019-16278, CVE-2019-1652/CVE-2019-1653, and CVE-2020-10189. In August 2010, the same federal jury announced an indictment that charges Malaysian businessmen Wong Ong Hua, 46, and Ling Yang Ching, 32, for conspiring with two of the Chinese hackers. They two suspects have been arrested this week in Sitiawan, Malaysia, on U.S. warrants issued in August 2020. “The second August 2020 indictment charged Wong Ong Hua, 46, and Ling Yang Ching, 32, both Malaysian nationals and residents, with 23 counts of racketeering, conspiracy, identity theft, aggravated identity theft, access device fraud, money laundering, violations of the CFAA, and falsely registering domain names,” the DoJ continues. The U.S. District Court for the District of Columbia seized hundreds of accounts, domain names, servers, and command and control (C&C) dead drop web pages that the defendants employed in their operations.
  4. The Maze ransomware operators have adopted a new tactic to evade detection, their malware now encrypts a computer from within a virtual machine. This technique was first adopted by Ragnar Locker gang in May, at the time the Ragnar Locker was deploying Windows XP virtual machines to encrypt victim’s files while bypassing security measures. The malware leverages a VirtualBox feature that allows the host operating system to share folders and drives as a network share inside a virtual machine. The virtual machine mounts the shared path as a network drive from the \\VBOXSVR virtual computer to access their content. The virtual machine then runs the ransomware in the virtual machine to encrypt the share’s files. As the security software running on the victim’s host will not detect the ransomware executable or activity on the virtual machine, it will happily keep running without detecting that the victim’s files are now being encrypted. Now Maze ransomware operators are using the same technique, according to researchers from Sophos that blocked some of their attacks. “While conducting an investigation into an attack in July in which the attackers repeatedly attempted to infect computers with Maze ransomware, analysts with Sophos’ Managed Threat Response (MTR) discovered that the attackers had adopted a technique pioneered by the threat actors behind Ragnar Locker earlier this year, in which the ransomware payload was distributed inside of a virtual machine (VM).” reads the analysis published by Sophos. In the two attempts blocked by the Sophos end-point, the Maze operators attempted to launch various ransomware executables using scheduled tasks named ‘Windows Update Security,’ or ‘Windows Update Security Patches,’ or ‘Google Chrome Security Update.’ In the third attack blocked by Sophos, Maze ransomware operators deployed an MSI file that installed the VirtualBox VM software on the server along with a customized Windows 7 virtual machine. Upon executing the virtual machine, a batch file named startup_vrun.bat batch file would be executed that drops the Maze executables in the machine. The startup_vrun.bat file is located at Code: c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Startup to achieve persistence. “The root of that virtual disk contained three files associated with the Maze ransomware: preload.bat, vrun.exe, and a file just named payload (with no file extension), which is the actual Maze DLL payload.” continues the analysis. “The script copies the same three files found on the root of the VM disk (the vrun.exe and payload DLL binaries, and the preload.bat batch script) to other disks, then issues a command to shut down the computer immediately. When someone powers the computer on again, the script executes vrun.exe.” The machine is then shut down, after restarting it the vrun.exe will be launched to encrypt the host’s files. Experts pointed out that the size of the disk used in this attack is greater than the one observed in the previous Ragnar Locker’s attacks. The Ragnar Locker attack used a VM containing a Windows XP image that was only 404 MB in size. As Maze used Windows 7 image, the size of the file employed was of 2.6 GB. “The Maze threat actors have proven to be adept at adopting the techniques demonstrated to be successful by other ransomware gangs, including the use of extortion as a means to extract payment from victims.” concludes the report. “As endpoint protection products improve their abilities to defend against ransomware, attackers are forced to expend greater effort to make an end-run around those protections.”
  5. interesting, I wrote to you
  6. SilentRoom


    let me know if relevant
  7. Greetings! Today we will analyze the simplest scheme that any schoolchild can cope with, and which can bring a good income. Let's go! In our country (and throughout the CIS) there are many unemployed people. But busy people are almost always dissatisfied with their wages and want to find additional work. Therefore, there are a bunch of job boards, freelance exchanges and thematic publics in social. networks. I will not torment you, let's get down to business. In short, we will introduce ourselves as employers and ask our "employee" to issue a debit card, for which we will be paid money. Read carefully! We can work with VK or other social networks. networks, finding groups with vacancies from different cities. We will spam these groups with your vacancy. You can think of anything. For example, you are looking for a person who will retype texts. Also, there are message boards like Avito, OLX and freelance exchanges. But keep in mind that it costs money to create an advertisement for recruiting employees. It's not expensive. After we have posted our vacancies on any site, people will start writing to us and clarify the working conditions. After talking a little with the person, we tell him that all employees are paid to the card of a certain bank. Naturally, he needs to justify it logically. We use direct affiliate program from Alfa Bank. Regular affiliate programs often do not pay. consider traffic to be motivated. But with Alpha's direct affiliate program, everything is okay. There you are given 500 rubles for each person who issued the card. Only then will he still have to buy something with it, at least for 1 ruble. You can find your affiliate link in the Alpha app. After you have received your money from a card issued by a person, you can write to him that the job will not work, and give this person at least a little of what you earned. After all, he, after all, wasted his time. Well, or you can score, it depends on you: D And the MOST important thing is that we do not cheat people for money. After all, the issue of debit cards is free. I hate it when people are deceived, therefore, I want to ask you to give people at least some percentage of what you earn! Now imagine that you are handling 6 people a day. This is already from 3,000 rubles daily. And if 10? 50? one hundred? It all depends on you! That's all! In general, from this scheme you can come up with a bunch of other schemes. The main thing is to include your creativity. In general, Forward to achievements, guys!
  • Create New...