October 18, 2023 at 07:18PM
The Ukrainian Cyber Alliance has successfully hacked the servers of the Trigona ransomware gang, copying all available information before wiping the servers clean. The hackers gained access to Trigona’s infrastructure using a public exploit and managed to extract data, including source code and database records. The activists have deleted and defaced Trigona’s sites and claim to have retrieved three backups of stolen documents. The Ukrainian Cyber Alliance is a group that defends Ukraine’s cyberspace and has previously targeted organizations supporting Russia’s activities. Trigona ransomware, which emerged last year, has been rendered inactive by the hack.
Key Takeaways from the Meeting Notes:
1. Ukrainian Cyber Alliance (UCA) hacked the servers of the Trigona ransomware gang and wiped them clean after copying all available information, including source code and database records.
2. UCA gained access to Trigona ransomware’s infrastructure using a critical vulnerability in Confluence Data Center and Server.
3. The vulnerability had been exploited by the threat group Storm-0062 since September 14.
4. UCA breached Trigona ransomware’s Confluence server about six days ago and mapped their infrastructure without being noticed.
5. Trigona ransomware initially panicked and changed passwords and took down public-facing infrastructure after screenshots of their internal support documents were published by a UCA activist.
6. Over the next week, UCA managed to take all information from Trigona ransomware’s administration and victim panels, blog and data leak site, and internal tools.
7. UCA also exfiltrated the developer environment, cryptocurrency hot wallets, source code, and database records.
8. UCA claims to have retrieved three backups containing likely stolen documents.
9. UCA deleted and defaced Trigona ransomware’s sites and shared the key for the administration panel site.
10. UCA is a group of hacktivists established in 2014 to defend Ukraine’s cyberspace against Russian aggression.
11. The members of UCA are mostly unidentified, but they unite under a common goal of exposing Russian activity and propaganda efforts.
12. UCA has previously carried out successful hacking operations, including targeting the Russian Ministry of Defense and hacking the emails of Vladislav Surkov, who played a role in Russian propaganda.
13. Trigona ransomware emerged in late October last year and used a Tor site to negotiate ransom payments.
14. Trigona targeted various industries and compromised multiple companies.
15. Recently, due to UCA’s actions, Trigona ransomware’s public websites and services are not available.