BTC $55865.7639
ETH $3222.4858
BNB $400.6682
SOL $110.6842
XRP $0.5548
ADA $0.6230
AVAX $39.2767
DOGE $0.0896
TRX $0.1404
wstETH $3751.1765
LINK $19.0474
DOT $8.0594
WETH $3236.9354
MATIC $1.0625
UNI $10.5983
WBTC $55965.3668
IMX $3.3901
ICP $13.0143
BCH $300.6764
LTC $74.8911
CAKE $3.2355
FIL $8.1517
ETC $28.1561
RNDR $7.4096
KAS $0.1718
DAI $0.9979
HBAR $0.1117
ATOM $11.3293
VET $0.0491
INJ $36.5642
TON $2.1072
OKB $51.3395
LDO $3.5443
FDUSD $1.0015
STX $3.0723
ARB $1.9162
NEAR $4.0168
XMR $131.7677
TIA $17.0755
XLM $0.1186
GRT $0.2823
ENS $22.2643
THETA $2.1117
MKR $2155.4331
WEMIX $2.1023
APEX $2.4575
BEAM $0.0357
BTC $55865.7639
ETH $3222.4858
BNB $400.6682
SOL $110.6842
XRP $0.5548
ADA $0.6230
AVAX $39.2767
DOGE $0.0896
TRX $0.1404
wstETH $3751.1765
LINK $19.0474
DOT $8.0594
WETH $3236.9354
MATIC $1.0625
UNI $10.5983
WBTC $55965.3668
IMX $3.3901
ICP $13.0143
BCH $300.6764
LTC $74.8911
CAKE $3.2355
FIL $8.1517
ETC $28.1561
RNDR $7.4096
KAS $0.1718
DAI $0.9979
HBAR $0.1117
ATOM $11.3293
VET $0.0491
INJ $36.5642
TON $2.1072
OKB $51.3395
LDO $3.5443
FDUSD $1.0015
STX $3.0723
ARB $1.9162
NEAR $4.0168
XMR $131.7677
TIA $17.0755
XLM $0.1186
GRT $0.2823
ENS $22.2643
THETA $2.1117
MKR $2155.4331
WEMIX $2.1023
APEX $2.4575
BEAM $0.0357
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Ukraine accuses Russian hacktivists of using a new version of the Somnia ransomware


    Russian hacktivists encrypted systems and caused disruptions to several Ukrainian organizations using a new version of the Somnia ransomware. CERT-UA confirmed the incident and blamed From Russia with Love (FRwL), also known as the Z-Team, tracked by UAC-0118.

    It is worth noting that the accusations are not groundless: the hacktivists announced the creation of Somnia in their Telegram channel and even posted evidence of attacks on a Ukrainian organization engaged in the production of tanks.

    An investigation conducted by CERT-UA showed that the attack began with the victim downloading and running a file posing as software called “Advanced IP Scanner”, which actually contained the Vidar infostealer. This malware steals Telegram session data, which, in the absence of two-factor authentication and a passcode, allows attackers to gain access to the victim's account.

    As it was established, the Telegram account was needed by hackers to steal VPN connection data (including certificates and authentication data). Having gained remote access to the organization's computer network using a VPN, the attackers conducted reconnaissance (using Netscan), launched a Cobalt Strike beacon and stole valuable data using Rclone. In addition, there are signs of the launch of Anydesk and Ngrok.

    Specialists noted that Somnia has been modified. If the symmetric 3DES algorithm was used in the first version of the program, then the AES algorithm is implemented in the second version. And given the dynamism of the key and the initialization vector, CERT-UA assumes that this version of the malware does not provide data decryption.

    Author DeepWeb
    Psychonaut artists
    Hackers began to spread the personal data of Medibank customers

    Comments 0

    Add comment