The noose appears to be tightening around the DarkSide hackers behind the cyber attack on US oil pipeline operator Colonel Pipeline: Experts say Their servers are down and their messages have been deleted by a large community of Russian cybercriminals.
Cybersecurity firm Recorded Future said the hacker who demanded a ransom from Colonial Pipeline Inc. He admitted his group DarkSide lost access to many of the servers used to host his blog O to charge.
It can be accessed through the TOR browser on the darknet, the underground version of the internet, DarkSide cannot be seen this morning.
“A few hours ago We lost Access to the public part of our infrastructureNamely: the blog. Payment server. DoS Servers, “Darksupp writes, citing Recorded Future.
Denial of Service (DoS) attacks aim to block a website, overloading it with traffic.
Darksupp also indicated that the cryptocurrency money has been removed., Used to pay the ransom demanded by the hacker group.
But an analyst at Recorded Future thinks so This could be a ploy for DarkSide to be able to shut down its own infrastructure Thus, you avoid paying your partners.
Kimberly Goody, head of financial crime analysis at Mandiant, a subsidiary of US cybersecurity giant FireEye, said in a statement sent to Agence France-Presse: His company was “unable to independently verify the allegations” about the DarkSide shutdown.
“Some speculation from other players suggests it might be an “exit scam”He adds, pointing to a scheme intended to close faith to keep most of the loot.
-DarkSide removed from Russian forum –
There was no evidence that DarkSide might have been forced to disconnectBut the Twitter account of the 780th Military Intelligence Brigade, the US Army’s cyberattack operations brigade, retweeted the Recorded Future report.
DarkSide first appeared publicly in August 2020 and is specialized in what is known as “ransomware”: Software that infiltrates the victim’s computer network and encrypts the data on their machines, Thus preventing operations. Then the criminals demand a ransom to release the data.
The FBI on Monday identified Darkside as the group behind “ransomware” against Colonial Pipeline. Last week, the company was forced to close its operations.
Same monday, President Joe Biden accused hackers “from Russia” of carrying out a cyber attack, Without claiming that the Russian government is directly involved.
Biden said that yesterday It was “in direct contact with Moscow about the need for responsible nations to take decisive action Against these “ransomware” networks.
Nakasone, at a hearing before a parliamentary group, the Director of the Joint Command Responsible for Cybersecurity (USCYBERCOM) and the US National Security Agency (NSA), He asserted that his job was “to present a series of operational opportunities or business plans.” For consideration by the foreign minister or the president. ”
on the other side, All Darkside’s posts on the Russian-speaking XSS forum removedAccording to researchers from the Dark Shadows digital sandbox.
Instead, DarkSide’s recruitment ads on another Russian-language hacking platform, Exploit, were still active It has not been updated since April nor does it refer to the attack on the colonial pipeline.
According to information from Bloomberg and other US media, Colonial Pipeline has reportedly paid the hackers $ 5 million.
In response to a question by Agence France-Presse, a spokesman for the Colonial pipeline did not comment and only indicated that an investigation was underway.
The Biden administration also declined to comment Emphasize that companies must enhance their IT security.
According to Elliptic, which tracks the criminal use of crypto assets, DarkSide’s Bitcoin Wallet received 75 BTC (About $ 4.4 million) May 8The day after the colonial pipeline attack.
sum, The group has received the equivalent of $ 17.5 million since the beginning of March, Asegura elliptic.
The attack on the Colonial pipeline computer systems, which transport about 45 percent of the fuel from the Gulf of Mexico to the east coast of the United States, The operator was forced to close all its operations.
He. She Motorists have panicked for fear of fuel shortages And flocked to gas stations for storage.
Colonial pipeline claimed, however, last night That completely restored its system and started distributing fuel.