An outstanding example of counter-cybercrime has been the successful penetration of the digital infrastructure associated with the ransomware group BlackLock. Threat intelligence professionals succeeded in successfully infiltrating this infrastructure. As a result of this operation, researchers were able to gain valuable insight into the operations of threat actors, according to cybersecurity company Resecurity. This breakthrough was made possible due to a vulnerability in the data leak site (DLS) of BlackLock, which enabled the breakthrough to be accomplished.
Using this weakness, it is possible to retrieve configuration details, authentication credentials, as well as a comprehensive log of the commands that have been executed on the compromised server. The problem was triggered by an inadvertent error in the DLS that exposed the clearnet IP addresses associated with the group’s back-end systems as a result of a misconfiguration.
A rare insight into the internal network architecture of the ransomware group was provided after these systems were unintentionally revealed in conjunction with additional service-related metadata, which were typically concealed behind TOR services. Upon discovering the security flaws, Security successfully decrypted multiple BlackLock ransomware user accounts as a result of its decryption.
As a result of this breakthrough, the firm was able to gain a deep insight into the gang’s infrastructure, enabling it to monitor and, sometimes, even con
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: