Yanluowang Archives – Gridinsoft Blog https://gridinsoft.com/blogs/tag/yanluowang/ Welcome to the Gridinsoft Blog, where we share posts about security solutions to keep you, your family and business safe. Mon, 07 Nov 2022 22:58:54 +0000 en-US hourly 1 https://wordpress.org/?v=74040 200474804 Logs of Internal Chats of the Russian Hacker Group Yanluowang Leaked to the Network https://gridinsoft.com/blogs/yanluowang-hacker-group/ https://gridinsoft.com/blogs/yanluowang-hacker-group/#respond Mon, 07 Nov 2022 08:33:08 +0000 https://gridinsoft.com/blogs/?p=11665 Information security experts report a hack of the Yanluowang hacker group, which compromised Cisco this summer. According to experts, internal chats of the group leaked to the network, showing that Yanluowang consists of Russian-speaking members. KELA analysts write that the latest leak contains hack group chats dated January-September 2022, all communication in which took place… Continue reading Logs of Internal Chats of the Russian Hacker Group Yanluowang Leaked to the Network

The post Logs of Internal Chats of the Russian Hacker Group Yanluowang Leaked to the Network appeared first on Gridinsoft Blog.

]]>
Information security experts report a hack of the Yanluowang hacker group, which compromised Cisco this summer. According to experts, internal chats of the group leaked to the network, showing that Yanluowang consists of Russian-speaking members.

KELA analysts write that the latest leak contains hack group chats dated January-September 2022, all communication in which took place in Russian. This is an interesting nuance since initially many believed that Yanluowang was a Chinese hack group. However, some time ago this opinion began to change, since in September the hackers were already associated with Evil Corp.

Researchers say that in chats you can find conversations of group members known under the nicknames saint, killanas, and stealer. It is believed that the saint leads the group, while killanas is engaged in coding. Moreover, according to some sources, it has already been possible to calculate the pseudonyms of the attackers on various hack forums, and according to other sources, Yanluowang members have already been completely doxed, including their real names, social media accounts, and other details.

Yanluowang hacker group

Here is what the experts have already managed to find among the “merged” data:

  1. according to the chat logs, Yanluowang has existed since at least the fall of 2021, and in one of the conversations saint mentions the Nyx malware, which seems to be also used by his team;
  2. from the conversation between the stealer and the tester under the nickname felix, we can conclude that the version of the Yanluowang malware for ESXi is already in development;
  3. On May 14, 2022, saint revealed that the group “earned” one million US dollars in 2022 (it’s not clear if this was the total amount of buyouts or the largest of them).

In addition to the logs, you can even find screenshots on the network containing the source code for the decryption procedure for the Yanluowang ransomware.

Yanluowang hacker group

According to Risky Business, this leak appears to be the result of a major hack. Unknown individuals not only took control of the Matrix internal chat server used by the group but also compromised the Yanluowang “leak site” on the dark web. Through the defacement of this resource, the hackers demonstrated their skills, and they posted a new blog entry on the topic. The post contained links to Telegram and Twitch accounts, where links to stolen chat logs were posted.

Yanluowang hacker group

It is currently unclear who was behind the hack, but there are several theories, ranging from the classic version that it was a disgruntled former member of the group or an unknown information security specialist, and ending with the exotic version that it was the revenge of the Cisco security service for the hack that occurred in May.

Logs of Internal Chats of the Russian Hacker Group Yanluowang Leaked to the Network

Nevertheless, experts are confident that after such a large-scale compromise, Yanluowang operations can be put an end to, as other cybercriminals are unlikely to want to deal with a compromised group whose operational security is in question.

The post Logs of Internal Chats of the Russian Hacker Group Yanluowang Leaked to the Network appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/yanluowang-hacker-group/feed/ 0 11665
Ransomware publishes data stolen from Cisco https://gridinsoft.com/blogs/data-stolen-from-cisco/ https://gridinsoft.com/blogs/data-stolen-from-cisco/#comments Wed, 14 Sep 2022 12:24:55 +0000 https://gridinsoft.com/blogs/?p=10566 The Yanluowang hack group published data stolen from Cisco back in May 2022. Cisco representatives acknowledged that the data leak took place, but still insist that the incident did not affect the company’s business in any way. Let me remind you that last month, Cisco representatives confirmed that back in May, the company’s corporate network… Continue reading Ransomware publishes data stolen from Cisco

The post Ransomware publishes data stolen from Cisco appeared first on Gridinsoft Blog.

]]>
The Yanluowang hack group published data stolen from Cisco back in May 2022. Cisco representatives acknowledged that the data leak took place, but still insist that the incident did not affect the company’s business in any way.

Let me remind you that last month, Cisco representatives confirmed that back in May, the company’s corporate network was hacked by the Yanluowang extortionist group. Later, the attackers tried to extort money from Cisco, otherwise threatening to publish the data stolen during the attack in the public domain.

Then the company emphasized that the hackers did not steal anything serious at all, they only managed to steal non-confidential data from the Box folder associated with the hacked employee account.

The hackers themselves contacted Bleeping Computer and told reporters that they had stolen 2.75 GB of data from the company (approximately 3,100 files), including source codes and secret documents. According to journalists, many of the files were non-disclosure agreements, data dumps and technical documentation.

For example, the attackers gave the publication a redacted version of the agreement and showed a screenshot of the VMware vCenter admin console at the cisco.com URL. The screenshot showed numerous virtual machines, including one called GitLab and used by the Cisco CSIRT.

At the same time, Cisco continued to claim that the company has no evidence that the source code was stolen.

Let me remind you that we also reported that Cisco Hack Is Linked to Russian-Speaking Hackers from Evil Corp.

As Bleeping Computer now reports, Yanluowang members have begun leaking stolen data on the dark web. Against this background, Cisco finally confirmed the data leak, but the company continues to insist that this incident did not affect the business in any way, and the leak of information does not change the initial assessment of the incident.

On September 11, 2022, the attackers who had previously published a list of filenames associated with the incident on the dark web posted the actual contents of the same files in the same location on the dark web. The contents of these files are consistent with what we have identified and disclosed.

Our previous analysis of the incident remains unchanged – we still do not see any impact on our business, including Cisco products or services, sensitive customer data, sensitive employee information, intellectual property, or supply chain processes.Cisco said.

I note that at the end of August, cybersecurity analysts from eSentire published a report in which they presented evidence of a possible connection between the Yanluowang group and the well-known Russian-speaking hack group Evil Corp (UNC2165).

The post Ransomware publishes data stolen from Cisco appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/data-stolen-from-cisco/feed/ 1 10566