Oleg

217 posts

Oleg

@Cyber_0leg

#Cybercrime #CTI #OSINT #Cybersecurity https://t.co/b3uWuDBEVs

France Katılım Kasım 2023

523 Takip Edilen868 Takipçiler

Sabitlenmiş Tweet

Oleg@Cyber_0leg·13 Haz

💸 From dirty crypto to clean money: how Russophone cybercriminals launder illicit crypto profits? Fake inheritances, shady casinos, fake businesses, and shell companies. The real bottleneck? Legalization. 🔗 Link in comments #CTI #CryptoLaundering #DarkWeb

English

104

49.5K

Oleg retweetledi

Who said what?@g0njxa·25 Mar

Footage of the detention of the administrator of LeakBase forum in Taganrog, Rostov Region, Russia 🇷🇺. Via MVD representatives Report: "According to available information, the platform hosted hundreds of millions of user accounts, bank details, logins and passwords, as well as corporate documents obtained as a result of hacking. Over 147 thousand users registered on the forum could buy and sell this data, as well as use it to commit fraudulent actions against citizens. During the search at the detainee's residence, technical equipment and other items of evidentiary significance were seized. A criminal case has been initiated by the investigator of the Main Investigative Department of the Ministry of Internal Affairs of Russia in Moscow on the grounds of crimes provided for in parts three and six of Article 272.1 of the Criminal Code of the Russian Federation. A preventive measure in the form of detention has been chosen against the defendant."

English

185

54.2K

Oleg retweetledi

0x6rss@0x6rss·24 Mar

My blog is now live: "The Close Relationship Between Telegram Bots and Threat Actors" new stealers, their log structures, telegram bot C2 infrastructure, and threat actors who hacked themselves while building their own 👉 cti.monster/blog/2026/03/2… happy hunting!

0x6rss@0x6rss

vibecoder threat actors, threat actors who end up hacking themselves, and many more undiscovered stealers along with their logs… I’ve started writing my blog post..

English

162

18.4K

Oleg retweetledi

Ryan Moran (remo)@rmoskovy·19 Mar

(EXCLUSIVE) New investigation: Who runs Cl0p ransomware? Months of reporting, cross-referencing forum records, dossiers, and confidential sources identifies the group's operators, developers, access brokers, and infrastructure. rmoskovy.github.io/posts/who-runs… #Ransomware #Cl0p #ThreatIntel #osint #clop #security #research

English

10.7K

Oleg retweetledi

Group-IB Threat Intelligence@GroupIB_TI·19 Mar

The Gentlemen is a newly emerged Ransomware-as-a-Service (RaaS) operation consisting of approximately 20 members. Originating from a #Qilin payment dispute, the operator "hastalamuerte" had already developed a locker while still an affiliate. Their primary initial access? A database of ~14,700 compromised FortiGate devices (CVE-2024-55591) and over 900 brute-forced VPN credentials ready for deployment. #Ransomware #DFIR

Group-IB Threat Intelligence tweet media

English

189

13.7K

Oleg retweetledi

Samuel Bendett@sambendett·18 Mar

Telegram fights back in Russia: "Telegram proxies are currently launching a counter-attack against Roskomnadzor’s (RKN) censorship infrastructure, flooding its filters with junk data and overloading them to a critical state. As a result, not only is Telegram suffering, but so is a host of other services—including those the authorities had intended to leave alone. Consequently, service disruptions are being observed nationwide, even affecting platforms that were never targeted for blocking—such as websites on RKN’s "whitelist," certain government services, and occasionally even VKontakte. An interesting side effect has emerged: in several regions, WhatsApp (specifically voice and video calls) has suddenly sprung back to life. This occurred because the TSPU (Technical Means of Countering Threats) system temporarily "eased up" on certain filters in an attempt to cope—however imperfectly—with the massive primary load generated by Telegram. This is currently one of the most widely discussed instances of "technical trolling" directed at RKN in recent years. I have a feeling that Durov’s team is going to make life very difficult for RKN in the future—especially when comparing the skill levels and salaries of Durov’s programmers against those of RKN’s mediocre coders, who are scraping by on peanuts. (After all, the truly talented programmers have either emigrated or are working for private companies.) t.me/borisenkoD/336…

English

120

492

52.4K

Oleg retweetledi

Цитатник босса с рублевки 🇷🇺@DutyFrutti·14 Mar

LEAKED: Chucky's private cloud wiped and dumped — 4TB, 10,000+ files exposed forum.duty-free.cc/threads/6751/ @RussianPanda9xx @sky31337 #leak #dataleak #leaked #chucky #leakbase

Цитатник босса с рублевки 🇷🇺 tweet media

English

1.2K

Oleg@Cyber_0leg·22 Şub

@uiasdsud @IntelOpsV3 Nothing interesting for now.

English

kisin@uiasdsud·21 Şub

@IntelOpsV3 this forum is empty i guess

English

152

IntelOps@IntelOpsV3·20 Şub

Interview of TierOne admin. "This is a business ... We strive to be a welcoming space, especially for ransomware-related discussions." justpaste.it/tieroneintervi…

English

3.5K

Oleg retweetledi

3xp0rt@3xp0rtblog·11 Şub

As part of the SYS initiative, @PRODAFT is notifying users affected by the RAMP forum database leak. Threat actors are being encouraged to assist with the de-anonymization of some of the most active cybercriminals and ransomware operators — developments that are expected to make headlines. Choose a better path for yourself. x.com/PRODAFT/status…

English

9.1K

Oleg retweetledi

Rapid7@rapid7·12 Şub

What happens when stolen credit card data is sold like a service? 💳 Dump shops have evolved into carding-as-a-service (CaaS) marketplaces bundling stolen card data, tools, and support. A new blog explores how these illegal marketplaces operate: r-7.co/4bX0oet

English

8.4K

Oleg retweetledi

PRODAFT@PRODAFT·7 Şub

RAMP Forum User Intelligence Available for Our Platform (U.S.T.A. & Catalyst) Members 🫶Our SYS initiative remains highly active, as a well-known forum member voluntarily contacted us. We are grateful for their contribution. Even when admins attempt to dox each other for 10 BTC, it's good to see some members doing it voluntarily for us. 🔍As a result, our team has acquired intelligence associated with 7,709 RAMP forum users, including the following high-value investigative datasets: 📧Private messages exchanged between threat actors, enabling reconstruction of operational planning and coordination; 👾Attachments sent and received between threat actors, supporting malware, tooling, and infrastructure attribution; 🔐Authentication and login activity, facilitating access-pattern analysis and operational security assessment; 🌌Forum search history, providing insight into intent, targeting, and operational focus; 🧐Profile information, including but not limited to registered email addresses, supporting identity correlation and cross-platform attribution; 🗣️Chat room and group communication metadata, indicating collaboration structures and coordinated activity across specific operations and campaigns. We will be correlating these datasets to support and advance multiple previously unsolved investigations. #cyberintelligence #ramp #LockBitSupp <3

English

7.4K

Oleg retweetledi

club1337@club31337·28 Oca

ZXX

12.3K

Oleg retweetledi

Will@BushidoToken·10 Oca

New Blog! Analysing Carding Infrastructure 💳💰 team-cymru.com/post/analysing…

English

5.9K

Oleg retweetledi

Fox_threatintel@banthisguy9349·17 Oca

Sharing indicators with the boys! This blog is definitely a solid write up! @0xOZ/how-to-get-scammed-by-dprk-hackers-b2f7588aea76" target="_blank" rel="nofollow noopener">medium.com/@0xOZ/how-to-g… The C2 indicator shared is interesting because it sets the c2 on standard port of MongoDB. In the comments I will share 6 IPs that are serving as a C2 as of today!

English

117

11.5K

Oleg@Cyber_0leg·8 Ara

@SttyK Very cool, how did you create the graph?

English

249

男性(27)@SttyK·7 Ara

I have been to trying a mapping North Korean IT workers internal networks. ipmsg logs are useful to understand them 😼😼 Ref: chollima-group.io/posts/insights…

English

9.3K

Oleg retweetledi

Will@BushidoToken·1 Ara

🇷🇺 FSB-linked APT based in Crimea launched a wiper attack 👀

ClearSky Cyber Security@ClearskySec

A new wiper attack has been identified by ClearSky Cyber Security affecting Ukraine. We named this wiper "GamaWiper" (VBS-based wiper). The intrusion chain begins with the exploitation of a vulnerable WinRAR version (CVE-2025-80880). We assess with moderate confidence that this activity is linked to the Gamaredon APT group. This marks the first observed instance of Gamaredon conducting destructive operations rather than its traditional espionage activities. Related IoCs: 95262c4094a9a5e589a218e354ef54b3800aa0abc3b6a343bbcfdcbf021fc04f – initial ZIP with vulnerability CVE-2025-80880 68e21d7599d20444232415a7e74214ce50d7b4643215d83b8320e74c95a9dfd3 – downloaded VBA aafa4c206495163a5e408aa5c296139fe9f330a9f819a226c6934921493de9c6 – downloaded (padded+base64) wiper d4ce4776bdad9b741a1e8345b41737245b80f4cf8d361ebb1ae5415c7a4fe1eb – base64 encrypted wiper 9a39423ec90dc06a3058279cd744c08d83252d1c7096633b9853e435cc205755 – deobfuscated wiper Network: dears[.]serveirc[.]com whitesalad[.]zzrak08526[.]workers[.]dev

English

135

19.7K

Oleg retweetledi

Recorded Future@RecordedFuture·7 Kas

Our new Insikt Group research exposes how German hosting provider aurologic GmbH has become a central hub for high-risk networks. It’s a revealing look at the tension between neutrality and accountability in the global hosting ecosystem. 👇 bit.ly/4qG2MLj #threatintelligence #cybersecurity

GIF

English

1.8K

Oleg retweetledi

☠ Bluetouff@bluetouff·8 Eki

Discord se fait racketer suite à la compromission de leur instance Zendesk, on parle de 2.1 millions de pièces d'identité subtilisées grâce aux gros génies qui imposent la vérification d'identité. Que l'on arrête cette folie maintenant.

vx-underground@vxunderground

Chat, we are cooked Discord is being extorted by the people who compromised their Zendesk instance They've got 1.5TB of age verification related photos. 2,185,151 photos tl;dr 2.1m Discord users drivers license and/or passport might be leaked. Unknown number of e-mails

Français

159

426

33.3K

Oleg retweetledi

Whiteintel@whiteintel_io·13 Eyl

A threat actor allegedly selling data of IntelX. 17TB of ULP appears to be somehow extracted from their datasets🧐

English

29.8K

Oleg retweetledi

xoxofromprague@xoxofromprague·11 Eyl

LockBit is down again —XOXO from Prague LockBit's 5.0 panel just got wrecked lockbitfbinpwhbyomxkiqtwhwiyetrbkb4hnqmshaonqxmsrqwg7yad[.onion] #LockBit #Ransomware

English

296

104.7K

Oleg retweetledi

club1337@club31337·7 Eyl

🚨 Ransomware Alert 🚨 Shimao Group 🇨🇳 📣Shimao Group Holdings Ltd., formerly Shimao Property Holdings Ltd., is adiversified real estate development company that specializes in property development, property investment, and hotel operations in the People's Republic of China., has fallen victim to #Devman #ransomware. Devman 2.0 claims to have accessed 12 TB of the company’s data. 🔍Key Details: 📍 Location: Hong Kong, China 🏢 Industry: Real Estate Development, Property Investment, Hotels 🔗 Website: shimaogroup.hk, shimaogroup.com 🛡Threat Actor: Devman 📅 Published date: Not yet disseminated to the public

Devman@Inifintyink

Looks so good @club31337 @AlvieriD @joetidy @RussianPanda9xx

English

29.3K

Keşfet

@RussianPanda9xx @sky31337 @uiasdsud @IntelOpsV3 @PRODAFT @SttyK @elonmusk @BarackObama