Carding 4 Carders
Professional
- Messages
- 2,729
- Reaction score
- 1,521
- Points
- 113
In 6 days, hackers completely paralyzed Trigona.
A group of cyberactivists hacked the servers of the Trigona group, which creates extortionate software, and completely cleaned them after copying all available information. The activists claim that they have extracted all data from the threat's systems, including source code and database entries that may contain decryption keys.
Hackers gained access to the Trigona infrastructure by using a public exploit for the CVE-2023-22515 vulnerability, a critical vulnerability in the Confluence Data Center and Server that can be used remotely to escalate privileges.
After an activist with the pseudonym herm1t posted screen shots of the Trigona group's internal documents, it was reported that the Trigona group changed its password in a panic and shut down its public infrastructure. However, over the next week, activists managed to extract all the information from the group's dashboard and victim panels, their blog, the data leak site, and internal tools.
herm1t reported that they also extracted the developer's environment, cryptocurrency hot wallets, as well as source code and database entries. The activists do not know if the information they transferred contains any decryption keys, but they said they would publish them if they found them.
After extracting all the available data from the ransomware group, the activists deleted and corrupted their sites, also sharing the key to the administration panel site.
Trigona began operating under this name at the end of October last year, when the group launched a Tor site to negotiate a ransom payment in the Monero cryptocurrency with victims of their attacks. At the moment, due to the recent actions of cyberactivists, none of the public sites and services of Trigona are available online.
A group of cyberactivists hacked the servers of the Trigona group, which creates extortionate software, and completely cleaned them after copying all available information. The activists claim that they have extracted all data from the threat's systems, including source code and database entries that may contain decryption keys.
Hackers gained access to the Trigona infrastructure by using a public exploit for the CVE-2023-22515 vulnerability, a critical vulnerability in the Confluence Data Center and Server that can be used remotely to escalate privileges.
After an activist with the pseudonym herm1t posted screen shots of the Trigona group's internal documents, it was reported that the Trigona group changed its password in a panic and shut down its public infrastructure. However, over the next week, activists managed to extract all the information from the group's dashboard and victim panels, their blog, the data leak site, and internal tools.
herm1t reported that they also extracted the developer's environment, cryptocurrency hot wallets, as well as source code and database entries. The activists do not know if the information they transferred contains any decryption keys, but they said they would publish them if they found them.
After extracting all the available data from the ransomware group, the activists deleted and corrupted their sites, also sharing the key to the administration panel site.
Trigona began operating under this name at the end of October last year, when the group launched a Tor site to negotiate a ransom payment in the Monero cryptocurrency with victims of their attacks. At the moment, due to the recent actions of cyberactivists, none of the public sites and services of Trigona are available online.
