Oct 19, 2023 12:00:00

Ukrainian hackers successfully hacked ransomware group ``Trigona'' and burned down servers

It was reported that a group of pro-Ukrainian cyber activists hacked the servers of the ransomware group

Trigona , extracted the source code, and erased all data.

Ukrainian activists hack Trigona ransomware gang, wipe servers
https://www.bleepingcomputer.com/news/security/ukrainian-activists-hack-trigona-ransomware-gang-wipe-servers/

On October 18, 2023, an X user named herm1t, a member of the Ukrainian Cyber Alliance (UCA), wrote, ``The servers of the ransomware group Trigona were destroyed by data leakage by UCA. .Welcome to the world you created for others!'' He revealed that UCA's hacking of Trigona was successful.

Trigone. The servers of the Trigona ransomware gang has been exfiltrated and wiped out by @UCA_ruhate_ Welcome to the world you created for others! pic.twitter.com/ALiud4sPQv

— herm1t (@vx_herm1t) October 17, 2023

According to the IT news site Bleeping Computer, the attack on Trigona used `` CVE-2023-22515, '' a privilege escalation vulnerability in the information sharing tool Confluence .

UCA first secretly infiltrated the Confluence server used by Trigona and over the course of about a week, thoroughly extracted the organization's internal data. herm1t told BleepingComputer that the successfully stolen data included developer environments, cryptocurrency hot wallets, source code, and databases. There is also a possibility that the decryption key for the ransomware was successfully captured, and will be made public as soon as it is found.

UCA claims to have obtained three backup files containing hundreds of gigabytes of documents that may have been stolen by Trigona.

herm1t told BleepingComputer, ``Trigona initially panicked and then responded by changing passwords and taking down public-facing infrastructure.''

UCA was originally a group formed in 2014 by hackers from Ukraine and around the world with the aim of defending Ukrainian cyberspace from attacks by Russia. UCA, which was launched in 2016 as a non-governmental organization, began targeting various organizations and individuals supporting Russia.

The UCA has previously hacked the Russian Ministry of Defense twice, leaking confidential data, hacked the emails of Vladimir Putin's political advisor

Vladislav Surkov , and committed crimes against Crimea, the annexation of Crimea, and eastern Ukraine. He is said to have disclosed about the financing of political operations in the state.

Trigona, on the other hand, is an emerging ransomware group that was identified as an unknown cybercrime group in early 2022, and began operating under its current name in late October of the same year, collecting ransom payments from ransomware victims in the virtual currency Monero. I have launched a Tor site to receive it.

In early 2023, they infiltrated Microsoft's SQL server and stole access credentials, but at the time of writing, multiple sites operated by Trigona were offline due to UCA attacks. is.