News Report: Cyber Ylientists Hack and Clean Trigona Group Servers
A group of cyber ylientists hacked servers of the Trigona group engaged in the creation of extortion software and completely cleaned them after copying all available information. Activists claim that they have removed all the data from the threat systems, including the source code and the database record that may contain decryption keys.
The hackers gained access to Trigona’s infrastructure by using a public exploit for the vulnerability of CVE-2023-22515. This critical vulnerability in Confluence Data Center and Server can be used remotely for the escalation of privileges.
After the activist with the pseudonym Herm1t published pictures of the Trigona internal documents screen, it was reported that the Trigona group changed the password in panic and turned off its public infrastructure. However, over the next week, the activists managed to extract all the information from the control panels and the groups of the victims of the group, their blog, the site leakage, and internal tools.
Herm1t said that they also extracted the developer’s hot cryptocurrency wallets, as well as the source code and the database recording. Activists do not know whether they contained any information keys to the information, but they stated that they would publish them if they find them.
After extracting all the available data from the extortion group, activists deleted and spoiled their sites, also sharing the key to the administration panel.
Trigona began its activities under this name at the end of October last year when the group launched the TOR website for negotiations on the payment of a ransom in the Monero cryptocurrency with the victims of their attacks. At the moment, due to the recent actions of cybesists, not one of the public sites and services of Trigona is available on the network.
Sources:
https://twitter.com/uca_ruhate_