Threat hunters infiltrated the infrastructure of the BlackLock ransomware group, revealing critical operational security flaws and recruitment methods. A vulnerability in BlackLock's Data Leak Site allowed for the extraction of configuration files and command histories. BlackLock, a rebranded version of the Eldorado ransomware group, has aggressively targeted industries in multiple countries and launched an affiliate network to recruit traffers for early-stage attacks. Resecurity identified a misconfiguration in their web server, adding to their operational security risks and exposing sensitive information.
The flaw concerns a "certain misconfiguration in the Data Leak Site (DLS) of BlackLock Ransomware, leading to clearnet IP addresses disclosure related to their network infrastructure behind TOR hidden services."
Collection
[
|
...
]