Exposing the Guccifer 2.0 "GRU-Connected" Enterprise - An OSINT Analysis

0
March 03, 2021
Dear blog readers,

I wanted to take the time and effort and elaborate more on the so called Guccifer 2.0 enterprise which basically represent a single lone hacker who basically made a high-profile Web site compromise and actually launched a social media account behind it for the purpose of communicating the purpose of attacking and actually making the information publicly accessible online for free.

In this post I'll provide actionable intelligence on the Guccifer 2.0 enterprise which basically represent a single lone hacker that actually distributed a high-profile data leak and build a social media account behind it.

Sample Personal URLs: https://guccifer2.wordpress.com; https://twitter.com/GUCCIFER_2

Sample personal email: Guccifer20@aol.fr

Sample IPs known to have been involved in the campaign: 95.13.15.34; 95.130.9.198; 212.117.164.35; 95.211.168.139

Sample VPN service provider which was used by the Guccifer 2.0 enterprise:

hxxp://ns1.vpn-service.us - 176.9.89.229 - Email: sec.service@mail.ru

hxxp://ns2.vpn-service.us - 85.17.139.9

hxxp://ns3.vpn-service.us - 212.117.164.35

hxxp://ns1.vpn-service.us - 212.32.234.134

hxxp://ns2.vpn-service.us - 37.48.92.139

hxxp://ns3.vpn-service.us - 193.161.87.105

Sample screenshots of conversation with the Guccifer 2.0 enterprise:






Stay tuned!

About Dancho Danchev

Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com

0 Comments:

Subscribe to: Post Comments (Atom)