Dark Peep #16: Exploring Ransomware, LockBit's Collaboration, BreachForums Leak, and the Resurgence of CyberNiggers

Keypoints

Play Ransomware and LockBit Collaboration: Play Ransomware allegedly pays $35,000 for LockBit’s tactics.
AzzaSec Hijacked: AzzaSec’s Telegram channels were taken over by a rival threat actor.
Holy League Emergence: A new hacktivist collective targeting NATO, Europe, Ukraine, and Israel has formed.
Brain Cipher Decryption Key: After attacking Indonesia, Brain Cipher unexpectedly released a decryption key.
SiegedSec Disbandment: SiegedSec announced their disbandment due to mental health issues and FBI pressure.
BreachForums Data Leak: Emo leaked personal data of over 200,000 members from BreachForums.
IntelBroker Revival Attempt: IntelBroker aims to revive the controversial group CyberNiggers.

MITRE Techniques

[T1078] Initial Access – Brief description of how it was used. ‘Use of compromised credentials to gain access to systems.’
[T1203] Execution – Brief description of how it was used. ‘Exploitation of vulnerabilities in software to execute malicious code.’
[T1547] Persistence – Brief description of how it was used. ‘Techniques to maintain access to systems after initial compromise.’
[T1041] Exfiltration – Brief description of how it was used. ‘Transfer of data from compromised systems to an external location.’
[T1499] Impact – Brief description of how it was used. ‘Disruption of services through DDoS attacks and other means.’

Indicators of Compromise

[IP Address] BreachForums data leak – registration IPs, last IP address used on the site, and other IPs
[Email Address] BreachForums data leak – emails, and login names
[User ID] BreachForums data leak – 212414 member IDs, and other IDs

Dark Peep #16: Exploring Ransomware, LockBit’s Collaboration, BreachForums Leak, and the Resurgence of CyberNiggers – SOCRadar® Cyber Intelligence Inc.