The Scariest GLOBAL Cyberattack Just Happened...

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

today's video is brought to you by our friends over at expressvpn ladies and gentlemen do you connect to the internet without a VPN well you probably should start using any type of VPN and my go-to is expressvpn personally because ladies and gentlemen connecting to a public Wi-Fi network without any VPN service out there is just cost for concern there's so much traffic being floated around and all of this is ripe for any bad actor to be taking so if I can just send my data through an encrypted tunnel that would be better than nothing ladies and gentlemen one of the reasons why I use expressvpn is when it comes to uh streaming services on the internet Netflix Amazon you know who you are they have a lot of geo-restricted content meaning that if I'm a Canadian I can't watch content from the United States but thankfully to expressvpn and their magical amount of servers all over the world you can absolutely pretend to be from anywhere the United States the United Kingdom Japan South Korea heck the world is your oyster within a matter of seconds you can absolutely teleport or to another point in the world ladies and gentlemen if I want to pretend to be an American to watch that American Netflix clicking the United States and expressvpn makes me teleport and the streaming service is none the wiser that's actually one of the many reasons that I use it the others is generally to hide IP addresses from websites that I don't generally trust I don't want them to know that I've connected to their systems but of course ladies and gentlemen expressvpn is also reliable because of their trust or server technology Ram based servers that absolutely will protect you because they do not store caches on actual traditional hard drives and of course ladies and gentlemen if you want to experience some of these protections like me definitely check it out at expressvpn.com SOG you even get three months of expressvpn all for free ladies and gentlemen that's www.expressvpn.com sog hello guys and gals me moodahar and today's video is all about a global Cyber attack that just happened now ladies and gentlemen this is one of the largest global cyber attacks so we've seen in a while and if you wonder why I didn't cover it immediately as soon as it happens well that's because these situations develop and it's not as cut and dry as what it seems in like the first 12 hours so to understand what's been going on is a lot of agencies have been hacked okay so for instance in the United States uh it appears that the department of energy was one of the many agencies that was impacted there were two doe entries that were compromised and of course that wasn't the only organization out there there are other targeted agencies but the government ain't listing them you've also got other scenarios where other large key profile players have been hacked so to give you an idea of the arousing crew of large organizations that have been hit you've got shell the gas company all right not a small Indie you know group out there not on a small business so to speak you've got the BBC the British Airways John Hopkins University the state of Minnesota oh man ladies and gentlemen they've been attacked because uh ladies and gentlemen how so well it all came down to a zero day exploit a vulnerability in a very commonly used application you might notice in the last year that's pretty common muda it just seems to be the case but uh let's get down to just what's been going on so now that you know who's been attacked let's get down to who's actually done the attack so far now according to the government over here the FBI and sisa put out and I put out a joint cyber security advisory about the klop ransomware gang now I know there's some Bronies in the audience that are getting there right you know where feathers all rustled but no it's not that klopp is a gang out there that actually uh basically attacked a bunch of organizations using something known as a move it move it vulnerability move it being the software the vulnerability obviously being the second half of that whole point but of course ladies and gentlemen they are also known as ta-505 for those of you don't know ta-505 according to Blackberry yes Blackberry is a cyber security company now not the phone manufacturer that your grandpa or dad used to have ta-505 is a prolific financially motivated cyber crime group active since 2014 and a significant player in the global cyber crime scene ta-505 has taken many different roles including as both in ransomware as a service operator and as an affiliate of other Apex Ross operators as an initial access broker and as a customer of other IAB selling access to compromise corporate networks so for those of you wondering what rasses ransomware as a service basically these individuals sell their services their toolkit to actual criminals out there so for instance if you wanted to use or if you wanted to you know initiate a ransomware attack against somebody you could either do it yourself or you could pay these experts to do it for you they would do it for you and so on and so forth they're basically like digital arms companies in the in the black market of the internet okay you go to them when you want something bad done and that's just how mafia works I take a little bit of a cut off the top now to understand this is a pretty serious hack in the last few days it appears the government has put out a 10 million dollar reward for any information regarding klop so to speak now of course to understand I want to show you what exactly this organization is showcasing on their own website now for those of you wondering uh why I mentioned shell earlier they're actually another victim that refused to pay the ransom see the way that these attacks work is once a cyber crime group hacks you they steal your information if you don't pay the ransom amount to them they're just going to publicize this information out there and of course ladies and gentlemen I went to the dark web now I'm not going to show you the link to any of this because I'm not here to basically get this information out or or lead you down a path to figure it for yourself there's a lot of Publications that have covered it finding this information necessarily isn't difficult for me because I've been a dark web browser for a long time as you've known according to the information that they revealed yeah some of this is in fact leaked information from Shell and of course they've released this in an entire list of multiple other breaches that they've done datasite.com putnam.com legit.com uga.edu nothing is safe from these individuals so for instance right here we got a lot of emails about government data we don't have any government data and anything directly residing on exposed and bad protected not encrypted file transfer we still do the polite thing and delete all media speaking about this yeah you can imagine English isn't their first word this is probably written by chat GPT Dash meth but of course if you look down here deer companies klopp is one of the top or organizations offering penetration testing services after the fact this is announcement to educate companies who use progress move it product that chance is that we download a lot of your data as part of exceptional exploit we're the only one who performs such attack and relax because your data is safe we are to proceed as follow and you should pay attention to avoid Extraordinary Measures to impact your company so of course I've got a multi-step process over here step one if you had Move It software continue to step two and of course move it is what we're going to be getting into but to show you what is over here obviously shell didn't want to negotiate so they posted their data bishelbissell.com 50 terabyte of company data get ready for something interesting Emerald DX emeraldx.com 100 terabytes of company data get ready for something interesting and of course some of the files get published some individuals will pay and their information won't get released that's how these criminal ransomware gangs work you pay the ransom your information doesn't get revealed to the public that doesn't stop these criminal scumbags from sharing it back to other organizations but you get the idea but don't worry they have some soul inside them attention we have never attacked hospitals orphanages nursing homes charitable foundations and we will not commercial pharmaceutical organizations are not eligible for this list they're the only ones who benefit from the current pandemic if an attack mistakenly occurs on one of the foregoing organizations we will provide the decrypter for free so somebody uses their software against like a children's hospital they'll just decrypt it for free again you know there is some level of morality and ethics even within criminal organizations like this that's not to say these are good people they're still criminals so again that's just their leak website that was discussing this information so again you know this information is unfortunately flowing around freely for a lot of interested parties that want to look at this leaked information as sad as it is so you might be wondering how does as one organization one sneaky group like this absolutely get away with the hack this massive so to understand there's been some accusations thrown around for instance some would say that this might be the Russians behind this and there is no complete evidence obviously there is no proof to that statement uh it could easily be the Chinese the North Koreans hell it could even be an American agency too you never really know who's really behind these situations especially with the lack of information we have so far but what's more interesting is how they actually attacked this so according to the government what they were using was a software known as moveit now move it for a lot of you wondering what it is it's uh basically managed file transfer software move it as the leading manage file transfer mft used by thousands of organizations around the world to provide complete visibility and control over file transfer activities you might be like but muda wouldn't it be easier if they just didn't use software from third parties and just did something basic themselves yeah that sounds in a perfect world obviously you would love to have all of your Solutions in-house in reality land obviously if you want to do something like this it's actually a lot easier to pay a professional Enterprise grade company for a subscription service and just deploy this yourself the problem with doing this is in certain cases we've seen this with solar winds other software sometimes there is a vulnerability in this case a zero day that was used for quite a long time to exploit actual big players see the thing is if 9 000 big companies buy this software and the exploit is floating around well hackers can hack all of those 9 000 companies without anybody really being the wiser on what's going on in their chain Intel of course zero day hits until somebody realizes but at that point the damage is already done as we've seen in this case so the federal bureau are releasing this to basically identify uh you know investigations in June 2023 so right now according to open Source information beginning on May 27 2023 klopp ransomware gang also known as ta-505 began exploiting a previously known SQL injection vulnerability in progress software's manage file transfer solution known as move it transfer so what we've just seen internet facing move it transfer web applications so again something that you could open up in your web browser from what I understand they were infected with a web shell appearing in February 2019 and evolving into crypto mix ransomware variant klopp was real or at leveraged as a Ross ransomware as a service in large-scale sphere fishing campaigns Sphere phishing for those of you who don't know is basically the ability for these organizations to send out Mass emailers all around a company basically fishing and hoping that somebody in that entire transfer chain clicks on a scam email clicks on a scam document and it serves as an intrusion point for them so again quap was previously known for its use of double extortion tactic of stealing and encrypting victim data refusing to restore the victim access and Publishing exfiltrated data on tour via the klopp leaks website what I just showed you in 2019 ta-505 actors leveraged klopp ransomware as the final payload of a phishing campaign involved in macro enabled document so a macro enabled virus that we've seen plenty of times on this channel where you know once you open up a document an Excel spreadsheet and it contains macros scripts some of those scripts can be used to launch nefarious programs that exfiltrate your data from your computer to a command somewhere a command server somewhere out in in the open world so again ladies and gentlemen to look further down into it this is the ransom note that a lot of these companies got so at some point someone somebody woke up and was given this information hello this is the clock hacker group as you may know we recently carried out a hack which was reported in the new site on site redacted we want to inform you that we have stolen important information from your go anywhere mft resource and I've attached a full list of files as evidence we deliberately did not disclose your organization and wanted to negotiate with you and your leadership first if you ignore us we'll sell your information on the black market and publish it in our blog which receives Thirty to fifty thousand unique visitors per day you can read about us on redacted by searching for clock hacker group you can contact us using the following contact information so yeah this is something somebody woke up to and when they realized and they looked at the file manifest they were like oh [ __ ] we're [ __ ] I shouldn't be laughing there's a lot there are millions of users who've had their personal information unfortunately leaked out because of this information that is very easily downloadable because ransomware groups weren't paid and they just released data out there again one of the problems also lies in companies not taking your security seriously see when it comes to security you can only do so much if the companies you rely on to host and store your data aren't putting in you know the Bare Bones of effort then uh yeah you can only do so much right so again the toolkit that they had Coop contains several malware types so for instance they had flawed Amy flawed Grace which was a remote access Trojan which collects information and attempts to communicate with the command and control server then of course I had SD bot which is another remote access Trojan which propagates the infection basically spreads it even further exploits more vulnerabilities and drops copies of itself through removable drives and network share and then of course you've got true bot which is a stage downloader module that collects your system information some screenshots and and whatnot some of them you may recognize like Cobalt strike which is used for both good and bad uh which is used to expand network access after getting access to an active directory server so again what was the actual you know vulnerability the zero day was the move it transfer vulnerability so basically move it is typically used to manage an organization's file transfer protocols and has a web application that supports MySQL Microsoft SQL and Azure SQL so the web shell was initially observed with the name human2.aspx in an effort to masquerade as the legitimate file human.aspx so upon installation the web shell creates a random 36 character password to be used for authentication the web shell interacts with its operators by awaiting HTTP requests containing a header Field named XC lock comment which must have a value designed equal to the password established upon the installation of the web shell so once they authenticated with the web shell operators pass the command to the web show that can retrieve Microsoft as your system settings and enumerate the underlying SQL database story strings sent by the operator and then retrieve a file with the name matching the string from the move it transfer system and while there are some actual detection methods that you know people have finally identified now unfortunately it is just too late all that can really happen at this point is uh companies realize that if they're using move it to absolutely be on guard be in Red Alert you know check their networks check if they've been infected but or check if they've been you know at all hit by this organization which they probably most likely have anyways once they grabbed this they actually found some exploitable like emails for instance obviously you've seen the emails that they had communicating so RSV box and whatnot they had malicious domains like girostrolgood.com and then of course connect zoomdownload.com yeah you can see elements of sphere fishing right over here but of course ladies and gentlemen they also had various IP addresses that were all logged all cataloged by the government and uh it is what it is again it's too late now that this has happened and all this information has been sent out all you can really do is plug up the holes after the ship has already leaked but to understand what they were doing effectively they exploited that move it application with a zero day vulnerability that again like last time we looked into what a zero day was if you don't know that you've been infected and people are taking advantage of a vulnerability again who knows if they've been taking advantage for weeks for months for years in this case would look like a very long time and then of course fear phishing so as we saw earlier with that Zoom URL and emails that they sent out they were literally trying to get people who weren't tech savvy to click on something by mistake and effectively launch a payload that would just send every cyber security agent cringing at the thought of what just happened now of course for a lot of companies out there wondering if they should pay or not the FBI and sisa do not encourage paying Ransom as payment does not guarantee victim files will be recovered absolutely not you can't trust criminals okay there's no honor Amongst Thieves furthermore payment may also embolden adversaries who Target additional organs that is true if you end up actually paying the ransom which unfortunately a lot of people do it's what causes this to keep happening so yeah ladies and gentlemen this is probably one of the largest global cyber attacks that have happened in quite a long time and I know that I keep saying the biggest hack keeps happening but the reason that I have to title the videos like that is because it's actually true every other month it seems like it gets bad and in this case this kind of a hack is pretty unprecedented and obviously you've got plenty of organizations freaking out right now and wondering what are we gonna do you got a lot of individuals you know who have their information stored through plenty of these firms who are wondering what happened to my information the reality is if you're somebody like me who's sitting inside in a company that you work with gets hacked your information's out there and there's nothing that you can do for a organization that has been hacked there are Avenues you can work with law enforcement you can choose not to pay Ransom and you can choose to not panic and follow their carefully crafted Solutions and mitigate as much as you can at the end of the day once you've been hacked the only word you can hear is mitigations that's it other than that you have been [ __ ] and trying to unfuck yourself is now the next puzzle now if you use move it for instance you probably already receiving a patch which you should apply immediately and also disable all HTTP and https traffic to your move it transfer environment for now because you don't know how bad things have gotten this may not even be the only vulnerability that they have access to what's scary about this is obviously some websites have been reporting that klopp pulled off its latest breach and some of the actual agencies Beyond just the US Department of energy you got Oak Ridge Associated universities which manage a contract with several of the Department's National Laboratories and the national nuclear Security Administration the agency armed that the U.S that maintains the U.S nuclear stockpile received the request but didn't respond so again ladies and gentlemen I don't believe that you know the US national nuclear Security Administration has been hacked even if so a lot of those actual nuclear weapons or anything of serious danger it is most definitely not connected to the internet in fact from what I understand you pretty much have to be locally present for any of that stuff to happen it would be a seriously seriously scary situation if like such weapons of mass destruction were even connected to the internet whatsoever the government does not take a chance nor should they when it comes to it now with the list that's growing this hard I think the only question to ask is how long is it going to be before these guys get raided and destroyed you know if you look in what's happening with Poland right now this is the cbzc which is a Central Bureau for combating cyber crime the amount of nerdiness you're about to see for just a few people that were literally associated with DDOS Services yeah this is them getting raided I'm not even joking the Polish group has like you got the aces do not disturb get out of here dude yeah this is a yeah they got Anonymous masks and everything man I can tell you right now surviving in prison right now is just not going to happen in their case but of course if the Polish Community if the if polish cops are acting like this in regards to a bunch of ddosers ladies and gentlemen ain't no knife in the world gonna stop the United States government from knocking down your doorstep and putting two in the chest and one in the head do I believe the U.S government is going to make an example out of these people absolutely and I don't think it's just the US government I think it's most governments around the world you know if it's one thing that's kind of a little surprising here is I haven't really seen a Russian organization get hacked through this nor have I seen a Chinese company get hacked to it usually when it's only targeting the Western world like this it's probably the case of a nation-state hack so again it's time to see if this was actually a group of real hardcore criminals or if it might have just been a nation-state hacking group all right I know there's a lot of allegations to be thrown around but I think the next steps is seeing the law enforcement response and honestly the hack has already happened for all the information that's floating out there it's sad to say but if you have interacted with any of these organizations all I can tell you right now is start changing your passwords start making sure your security is up to date do not rely on the Goodwill of any of these organizations they don't give a [ __ ] about you you have to start giving a [ __ ] about yourself but ladies and gentlemen this was a massive Global Cyber attack and I wanted to make sure I got all the facts straight so ladies and gentlemen if you like what you saw please like comment and subscribe just like if you dislike it I am out

Info

Channel: SomeOrdinaryGamers

Views: 505,628

Rating: undefined out of 5

Keywords:

Id: V7pP3fbX8Mc

Channel Id: undefined

Length: 22min 37sec (1357 seconds)

Published: Mon Jun 19 2023