SOCRadar® Cyber Intelligence Inc. | LockBit and AlphVM Announce New Victims


Mar 20, 2023
3 Mins Read

LockBit and AlphVM Announce New Victims

Powered by DarkMirror™

Last week, two notorious ransomware groups added two more names to their victim lists. AlphVM/BlackCat announced the Amazon-owned Ring on their leak site. The company has denied this for now.

LockBit, one of the most active ransomware of recent years, has made claims about a very sensational name. They announced that they had seized 3,000 SpaceX drawings.

Here are some of the dark web headlines from last week.

Find out if your data has been exposed.

Threat Actor Behind Popular BreachForums Arrested by FBI

On March 15, 2023, a SOCRadar dark web researcher detected a post about the admin of the famous hacking forum Breached. U.S. law enforcement arrested a man believed to be the owner of the BreachForums hacking forum, known as Pompompurin. The defendant, whose real name is C*** B**** F****, was charged with one count of conspiracy to solicit individuals to sell unauthorized access devices. BreachForums is the largest data leak forum, commonly used by hackers and ransomware gangs to leak stolen data. Fitzpatrick has also been involved in various high-profile company breaches, including stealing customer data from Robinhood and allegedly using a bug to confirm the email addresses of 5.4 million Twitter users. While the suspected owner of BreachForums is away, a forum admin said that the site would continue to operate in its current capacity. F**** was released on Thursday on a $300,000 bond and will appear in the District Court of Eastern Virginia on March 24.

New Ransomware Victim of AlphVM/BlackCat: Ring

SOCRadar detected a new post that AlphVM/BlackCat included Ring in its list of victims. The Amazon-owned security camera company denied it had been hit by a ransomware attack, despite being listed on the leading ransomware group’s extortion site. The group claimed to have accessed Ring’s data, but a spokesperson for the company said there was no indication of a ransomware incident.

The Ring has experienced attacks in the past, including hacking its cameras in the US in 2019. It is unknown what data the group claims to have accessed from Ring. Still, this incident highlights the need for strong security practices and the importance of regular vulnerability assessments.

Data of CIA Agents are Leaked

On March 14, SOCRadar detected a post on a hacker forum by a threat actor claiming to belong to a CIA agent. The threat actor claims to have obtained the data from a computer belonging to a CIA agent. The threat actor claims that the compromised data includes personal information, some air force software, and documents.

LockBit Claims to Breach Maximum Industries’ Data and Steal SpaceX Drawings

SOCRadar detected a post claiming that LockBit ransomware successfully breached Maximum Industries’ data. The group behind the attack referenced Elon Musk and SpaceX in its announcement, stating that the compromised data included approximately 3,000 SpaceX drawings.

Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.