"The flaw concerns a "certain misconfiguration in the Data Leak Site (DLS) of BlackLock Ransomware, leading to clearnet IP addresses disclosure related to their network infrastructure behind TOR hidden services.""
Threat hunters infiltrated the infrastructure of the BlackLock ransomware group, revealing critical operational security flaws and recruitment methods. A vulnerability in BlackLock's Data Leak Site allowed for the extraction of configuration files and command histories. BlackLock, a rebranded version of the Eldorado ransomware group, has aggressively targeted industries in multiple countries and launched an affiliate network to recruit traffers for early-stage attacks. Resecurity identified a misconfiguration in their web server, adding to their operational security risks and exposing sensitive information.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]