DarkSide Hackers Reportedly Closing Down After Retaliation Routs Their Infrastructure


From ZH

The hacker group responsible for the ransomware attack on Colonial Pipeline that caused fuel shortages in the Southeast US appears to be shutting down after all its recent success, according to WSJ.

The operator of the ransomware group Darkside, believed to originate in Eastern Europe or Russia, has been unable to access its computer systems to conduct cyber attacks. Associates close to the hacking group said it would disbandciting international pressure from the US, said security research firm FireEye.

Recorded Future threat intelligence analyst Dmitry Smilyanets said DarkSide has lost control of its servers and lost some money it made through ransom payments.

"A few hours ago, we lost access to the public part of our infrastructure, namely: Blog. Payment server. DOS servers," Darksupp, the operator of the Darkside ransomware, said.

Now, these servers are unavailable via SSH, and the hosting panels are blocked."

Darksupp also reported cryptocurrency funds were withdrawn from the payment server and would be split between itself and its associates.

This sudden dispersion of the hacking group is suspicious. Who would disband a hack operation for a measly $5 million - that will barely buy a mansion in the Bay Area. 

On Thursday, President Joe Biden announced his administration had been "in direct communication with Moscow about the imperative for responsible countries to take decisive action against these ransomware networks" and would "pursue a measure to disrupt their ability to operate."

Biden said, "We do not believe the Russian government was involved in this attack, but we do have strong reason to believe that the criminals who did the attack are living in Russia, that's where it came from."

But not everyone is convinced DarkSide is a legitimate hacking group but rather a cover for a rogue group of CIA hackers. 

Natalya Kaspersky, the founder and former CEO of security software firm Kaspersky Lab, made an explosive suggestion in an interview with Russian state-owned domestic news agency RIA Novosti that CIA hackers were actually behind the Colonial Pipeline attack, reported RT News.

Kaspersky said the Umbrage team, which is part of the Remote Development Branch under the CIA's Center for Cyber Intelligence, can mask its hackers as outside ones and leave behind the "fingerprints" of the external hackers when it breaks into electronic devices.

WikiLeaks in 2017 shed light on the Umbrage team. At the time, USA Today said CIA operatives "may have been cataloging hacking methods from outside hackers, including in Russia, that would have allowed the agency to mask their identity by employing the method during espionage."

Kaspersky pointed out a list "of the countries under whose hacker groups this UMBRAGE is disguised – Russia, North Korea, China, Iran." She claimed that "therefore, it cannot be said with certainty that a hacker group carried out the attack from Russia and that it was not a provocation made themselves from there, or from some other country." 

... more things that make you go hmm. 

Print Friendly, PDF & Email
0 0 votes
Article Rating
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments