Ukrainian Activists Strikes: Trigona Ransomware Servers Hacked
A coalition of cyber activists breached the servers of Trigona, an entity known for its development of ransomware software, and, after copying all available information, meticulously purged them. These activists assert that they extracted all data from the threat systems, encompassing both the source code and database records, which might hold decryption keys.
This happens, sometimes, when u r baddie actor acting like ransomie russki shit. https://t.co/KcJosGuNkv
— Ukrainian Cyber Alliance (@UCA_ruhate_) October 18, 2023
The hackers gained access to Trigona’s infrastructure by harnessing a publicly available exploit for vulnerability CVE-2023-22515, a severe flaw in Confluence Data Center and Server, which permits remote privilege escalation.
Following a disclosure by an activist under the pseudonym ‘herm1t’, who shared snapshots of Trigona’s internal documents, it was reported that, in a frenzied response, Trigona swiftly altered their password and deactivated their public infrastructure. Nevertheless, within the subsequent week, the activists successfully retrieved data from the group’s control panels, victim boards, blogs, data leak sites, and internal tools.
The Ukrainian Cyber Alliance defaces Trigona ransomware website |
Image Credit: herm1t
‘herm1t’ conveyed that they also harvested the developer environment, cryptocurrency hot wallets, as well as the database records and source code. The activists remain uncertain whether the extracted data contains any decryption keys, but they pledged to release them if discovered.
After siphoning all the data from the ransomware group, the activists obliterated and defaced their websites, further sharing the administration panel’s access key.
Trigona emerged under this moniker in late October the previous year, when they inaugurated a Tor site to negotiate Monero cryptocurrency ransoms with the victims of their onslaughts. At present, due to the recent maneuvers of these cyber activists, none of Trigona’s public sites or services remain accessible online.
