lswcap
The website of the Russian cybercriminal organization REvil, known for its tech company and infrastructure ransomware attacks, has been taken offline by the US and its allies in a hacking operation, reports have emerged. Reville suddenly disappeared from the dark web in July 2021 and was revived in September.
Revil, a hacker group based in Russia, is known to have attacked Taiwanese PC maker Acer, Brazilian meat giant JBS and Massachusetts ferry company Steamship with ransomware and demanded ransom. In July 2021, a large-scale supply chain attack on Kaseya, an IT management service, affected more than 1,500.
Reville was running a website called Happy Blog on the Dark Web to leak stolen information and collect ransom money. But right after the Kaseya attack, the happy blog suddenly disappeared. It temporarily disappeared from the Internet, but it turned out that the Happy Blog was back online in September. At first, there was speculation that Reville didn’t bring it online, but that law enforcement agencies revived it for some reason, but according to Reville, a ransomware attack occurred and the resurrection was caused by Reville’s own intentions.
However, on October 17th, Happy Blog went offline again. A security researcher (Dmitry Smilyanets) found on a dark web hacker forum, according to the 0_neday record of the Revil operator, that the server was compromised by accessing it using the key of a former member of the Revil, and the Happy Blog went offline.
According to the report, a civilian cyber expert and former government agency employee who made the report said that the offline Happy Blog was carried out by several national teams, including intelligence agencies such as the FBI and the U.S. Cyber Command. It is said that the FBI succeeded in hacking Reville immediately after the attack on Kaseya to take control of part of the network infrastructure. According to Reville, which was closed in July, the Happy Blog in September was already under FBI control, and the FBI was able to close the Happy Blog after rebooting using the internal system.
A person familiar with the operation said it was a US ally partner who broke into the Reville computer architecture and carried out the hack. Others said the operation against Reville was still ongoing. A spokesperson for the White House National Security Council declined to comment directly before the FBI prepared comments on the operation. Instead, simply put, the entire government is committed to ransomware, which includes destroying ransomware infrastructure and working with the private sector to upgrade defenses, and building a United Nations that holds the state behind the ransomware accountable. have. Related information can be found here.
Add comment