Conversation

Notices

1. Embed this notice
   Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 11-Feb-2025 00:27:29 JST Kevin Beaumont

   8base ransomware group has apparently been seized or done an exit scam.

   Two of its Tor portals say "This hidden site and the criminal content have been seized by the Bavarian State Criminal Police Office on behalf of the Office of the Public Prosecutor General in Bamberg"

   They had been hitting some high profile targets in recent times.

   #threatintel #ransomware

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 11-Feb-2025 00:33:13 JST Kevin Beaumont

     in reply to

     The text comes from the HTML source btw.

     8base weren't particular great at OPSEC, e.g. their Tor server was blatantly publicly visible on the plain internet for a while - it also had SSH running with the same host signature that LockBit 3.0 use.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 11-Feb-2025 00:36:28 JST Kevin Beaumont

     in reply to

     • BSI

     hey @bsi - did u seize 8base ransomware portal?

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 11-Feb-2025 00:48:40 JST Kevin Beaumont

     in reply to

     based on the timestamps, apparently the portal changed yesterday. Their last victim post was 10 days ago. Has gone from Nginx to Apache webserver on Debian.

   • Embed this notice
     Fernando (fernandomiguel@cyberplace.social)'s status on Tuesday, 11-Feb-2025 01:26:31 JST Fernando

     in reply to

     @GossiTheDog people running apache is a big red flag :D

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 11-Feb-2025 01:42:54 JST Kevin Beaumont

     in reply to

     • cR0w :cascadia:

     Law enforcement confirm they did a takedown of 8base ransomware group. You heard it here on Mastodon first thanks to @cR0w

     https://techcrunch.com/2025/02/10/global-police-operation-seizes-8base-ransomware-gang-leak-site/

     #threatintel #ransomware

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 11-Feb-2025 01:56:04 JST Kevin Beaumont

     in reply to

     4 people have been arrested over the 8base Ransomware takedown.

     In Thailand.

     https://www.bleepingcomputer.com/news/legal/police-arrests-4-phobos-ransomware-suspects-seizes-8base-sites/

   • Embed this notice
     BSI (bsi@social.bund.de)'s status on Tuesday, 11-Feb-2025 01:59:13 JST BSI

     in reply to

     @GossiTheDog Hi, no, the Bavarian State Criminal Police Office seized the portal on behalf of the Office of the Public Prosecutor in Bamberg, Germany. Best wishes from the BSI

   • Embed this notice
     BrianKrebs (briankrebs@infosec.exchange)'s status on Wednesday, 12-Feb-2025 01:10:59 JST BrianKrebs

     in reply to

     @GossiTheDog yeah their developers weren't too swift either:

     https://krebsonsecurity.com/2023/09/whos-behind-the-8base-ransomware-website/