Security News > 2023 > October > Ukrainian activists hack Trigona ransomware gang, wipe servers

Ukrainian activists hack Trigona ransomware gang, wipe servers
2023-10-18 23:17

A group of cyber activists under the Ukrainian Cyber Alliance banner has hacked the servers of the Trigona ransomware gang and wiped them clean after copying all the information available.

Ukrainian Cyber Alliance hackers gained access to Trigona ransomware's infrastructure by using a public exploit for CVE-2023-22515, a critical vulnerability in Confluence Data Center and Server that can be leveraged remotely to escalate privileges.

The Ukrainian Cyber Alliance, or UCA for short, first breached Trigona ransomware's Confluence server about six days ago, established persistence, and mapped the cybercriminal's infrastructure completely unnoticed.

After a UCA activist using the handle herm1t published screenshots of the ransomware gang's internal support documents, BleepingComputer was told that Trigona ransomware initially panicked and responded by changing the password and taking down its public-facing infrastructure.

The Trigona ransomware operation emerged under this name in late October last year, when the gang launched a Tor site to negotiate ransom payments in Monero cryptocurrency with victims of their attacks.

At the moment, due to the Ukrainian Cyber Alliance's recent actions, none of the Trigona ransomware public websites and services are online.


News URL

https://www.bleepingcomputer.com/news/security/ukrainian-activists-hack-trigona-ransomware-gang-wipe-servers/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-10-04 CVE-2023-22515 Unspecified vulnerability in Atlassian Confluence Data Center and Confluence Server
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.
network
low complexity
atlassian
critical
9.8