A group of cyberactivists hacked the servers of the Trigona ransomware group and completely wiped them after copying all available information. Activists claim they have extracted all data from the threat’s systems, including source code and database logs that may contain decryption keys.
Hackers gained access to Trigona’s infrastructure using a public exploit for CVE-2023-22515, a critical vulnerability in Confluence’s data center and server that can be exploited remotely for privilege escalation.
After an activist with the pseudonym herm1t posted screenshots of the group’s internal documents, the Trigona group reportedly panicked and shut down its public infrastructure. However, over the course of the following week, activists managed to extract all information from the group’s dashboards and victim panels, its blog, the data breach site, and internal tools.
Herm1t reported that they also extracted the developer environment, cryptocurrency hot wallets, as well as the source code and database logs. The activists do not know if the information they transferred contains decryption keys, but said they would release them if they found them.
After an activist with the pseudonym herm1t posted screenshots of the group’s internal documents, the Trigona group reportedly panicked and shut down its public infrastructure. However, over the course of the following week, activists managed to extract all information from the group’s dashboards and victim panels, its blog, the data breach site, and internal tools.
Herm1t reported that they also extracted the developer environment, cryptocurrency hot wallets, as well as the source code and database logs. The activists do not know if the information they transferred contains decryption keys, but said they would release them if they found them.
CyberSec84 | Cybersecurity news. 
Leave a comment