Several days ago Riot Games announced they were victim to a "social engineering attack". They stated they were being extorted for $10,000,000. Riot Games refused to pay the ransom

The source code to League of Legends is now up for sale online

We are currently speaking with the individual responsible for the breach on Riot Games.

They have informed us they have also stole Riot Games anti-cheat, Packman. Packman is the anti-cheat for both Valorant and League of Legends.

The individual responsible for the Riot Games breach has given us more information

- Social engineered an employee via SMS
- Initial goal was stealing Vanguard
- They pivoted through the network, was unable to get Domain Controller
- SOC detected them in approx. 36 hours

- They did not deploy any malware to the network
- Managed to escalate privileges by social engineering a company director
- They stated they would not give us more information at this time, more information will be shared in the following days

There is your free DFIR report

Last update for the Riot Games breach. Here is the file directory listing of (some) of the exfiltrated data.

Goodnight (or good morning to some of you).

Threat Intelligence the second a significant breach occurs

Why does vx-underground archive The Old New Thing? This is why:

Yesterday Yandex's Git repository was leaked. It has resulted in dozens of hardcoded credentials being exposed.

Since we shared news on the Riot games breach we have seen a flood of League of Legends players. They are funny.

HIVE ransomware group's Tor domain has been seized by EUROPOL

*No official announcement yet from United States Department of Justice or EUROPOL

The United States Department of Justice has stated in their official press conference, regarding the disruption of HIVE ransomware group infrastructure, that they "hacked the hackers" to disrupt their operations and infrastructure. They state they have decrypted 1,500 companies.

This is the 2nd time, that we are aware of, that the United States Department of Justice, has admitted to using offensive operations to take down, or disrupt, ransomware groups.

The DoJ has announced that they are now focusing their efforts on HIVE affiliates and developers.

The United States government has admitted, for the 2nd time, to utilizing offensive operations against ransomware groups

tl;dr ransomware group with 24/7 SOC

Conspiracy theories galore online right now as people speculate that the NSA used a 0day exploit to compromise HIVE. Others suggest it was an inside job - an admin at HIVE leaked information to EUROPOL agents.

Reality: Phishing (probably)

Ransomware group comment to the HIVE take down:

ALPHV: This would not work on us, we have too strong security and we do not store anything on our servers

BianLian: Too bad. I think they will be restored under a new name

Lockbit: Nice news. I love when FBI pwn my competitors

The Yandex leak has shown that Yandex uses racial slurs as variable names.

Text translation:

Github: We renamed Master to Main so it is not associated with racism

Yandex: