Data Breach

Arctic Wolf Confirms Certain Discoveries

Parker Bytes January 10, 2024

Fancy a bit of a mystery? A recent investigation by Arctic Wolf Labs uncovered a rather intriguing case of cyber trickery. Let me spin you the tale, and brace yourself, because it’s a bit of a tangled web.

Imagine you’re a company just recovering from a ransomware attack, paid the ransom, and managed to breathe easy. Out of the blue, not one but two chaps coyly waving the white hat of ‘ethical hacking’, suddenly barge into the scene. They offer to give your misfortune a silver lining by hacking into the culprit’s server and deleting your data. Trust me, mate, it’s as dodgy as it sounds.

Ethical professionals indeed! Arctic Wolf reckons these so-called ‘saviours’ are more likely partners in crime. Smells fishy to me, that these two shady blokes might be in league with the ransomware gangs known as Royal and Akira.

Enter the character calling himself “xanonymoux”. Curiously enough, this moniker matches one that’s been ruffling feathers with the folks at DataBreaches. Incidentally, DataBreaches too had been receiving strange offers from this chappie claiming to be an independent, ethical security researcher.

These security men, quite the storytellers they are, started off painting a rather chilling picture of how OneDiversified, a company that provides convergent solutions, fell victim to the ruthless villains, Akira and Karakurt. However, when DataBreaches attempted to verify the tale by reaching out to OneDiversified, they were met with nothing but tumbleweeds.

The drama thickens as the fictional ‘ethical hacker’, xanonymoux, then drew attention to another ‘noble’ act in course. Apparently, the Michael Garron Hospital in Canada was in negotiations with him after falling prey to Akira’s nefarious cyber antics. However, the negotiations fell apart with no explanation.

Quite conveniently, xanonymoux got his hands on some sensitive data, indicating a possible breach at Michael Garron Hospital, affiliated to Covid information. The case took an odd twist when the apparent extraction claim fell short. The hospital’s representative confirmed that although the data had indeed been exfiltrated, there was no sign of encryption. Suddenly, sans explanation, the hospital disappeared off Akira’s leak site.

Another intriguing puzzle piece is the mention of TommyLeaks, a notorious malware strain. It was brought up by “xanonymoux” to DataBreaches but not reported by Arctic Wolf during their investigation. Yet another link in the chain is the ‘coincidence’ of Akira and Karakurt sharing the same server, as claimed by our enigmatic rogue hacker.

Despite his pompous claims of being on the ‘white side’, xanonymoux’s activities reeked more of extortion than anything resembling ethical behaviour. He was quick to justify his actions as merely ‘services for payment’. When pressed further, he claimed he’s not interested in the data, but in earning a reward! Unsurprisingly, none of his ‘victims’ took the bait.

Remarkably, this individual also imagined scoring a meeting with the FBI to negotiate terms for his ‘services’. When DataBreaches suggested he should go ahead and present his supposed evidence to the FBI and wait for a reward, to no one’s shock, he declined.

So, did xanonymoux get his reward? Did he offer the FBI any valuable server information? To this day, it’s a mystery. However, the parallels between xanonymoux’s claims to DataBreaches and Arctic Wolf’s reports are uncanny. The single variance perhaps, would be the differing ransomware culprits in question.

As our gripping story concludes, the question hanging in the air, among others, is whether our suspect ‘ethical hackers’ were in cahoots with the original ransomware gangs, mere spectators in the cyber-crime circus, or perhaps, an entirely different breed of villain on their own. One thing is clear though – this murky world of cyber threats continues to evolve, and it’s our job in the healthcare and cybersecurity sectors to stay vigilant and prepared.

by Parker Bytes