Showing posts with label Data Breach. Show all posts

Exposing High Tech Brazil Hack Team Mass Web Site Defacement Group - An OSINT Analysis

December 27, 2019
It's been a while since I've last posted on quality update further detailing the inner workings of a high-profile and prominent Web Site Defacement group that has managed to successfully compromise thousands of Web sites internationally that also includes Bulgaria's National Security Agency (DANS) - hxxp://dans.org Web site.

In this post I'll provide actionable intelligence including personally identifiable information on the people and the gang behind the campaign including an in-depth analysis of their tactics techniques and procedures including personal photos and social media accounts of the infamous High Tech Brazil Hack Team whose responsible for having successfully defaced over 5,000 legitimate Web Sites internationally.

Team Members Include:
- crazyduck - Real Name: Fabian de Souza Peralazzo
- otrasher - Email: Otrasher@live.com - Social Media Account - https://twitter.com/b1tchx_
- l34NDR0
- wicked
- live
- Smoker

Sample Photos of High Tech Brazil Hack Team Team Members:









































Twitter Social Media Accounts known to have participate in the campaign:
https://twitter.com/xFellipeCT
https://twitter.com/Kouback_TR_
https://twitter.com/b1tchx_
https://twitter.com/synchr0n1ze
https://twitter.com/aceeeeeeeer
https://twitter.com/HADESUnsekurity
https://twitter.com/slayer_owner
https://twitter.com/Whiskpentest
https://twitter.com/LulzSecRoot
https://twitter.com/unknown_br
https://twitter.com/Atena_Unknown
https://twitter.com/MandrivaL

Personally Identifiable Information on High Tech Brazil Hack Team Team Members:
  • synchr0n1ze
Real Name: Bruno Maglia

Facebook Account Profile: https://www.facebook.com/brunoaqnp ; https://www.facebook.com/brunao.maglia

Related Facebook Account Profiles: https://www.facebook.com/paulasouzzaa; https://www.facebook.com/francine.maglia - https://www.facebook.com/caio.favaratogalvao - https://www.facebook.com/keli.favarato - https://www.facebook.com/fabiano.galvao.18
  • aceeeeeeeer
Real Name: Gustavo Gemen
Personal Photos: http://imgur.com/zdRoh33 - http://imgur.com/mQfN8jk,49aNcs6,dCQYCgc,XPtKSAB ; http://imgur.com/eKWbZDn,lOiHr7A,HKu5Jw8; http://imgur.com/eKWbZDn,lOiHr7A,HKu5Jw8

Facebook Account Profile: https://facebook.com/gustavo.gemen

Related photos:
http://imgur.com/hZDJSNb,PXjcBsR
http://imgur.com/V6YuIBs,B6CgXKo
http://imgur.com/8wmqbGg,ZKUjM1Q,vKECfQf
http://imgur.com/GTliRuI,GLtvIZl,vfyAhuu

Related URLs:
https://www.youtube.com/channel/UCBgeuuT9sdFOOkFoGnt1p6w
https://koubacktr.wordpress.com/

I'll be soon posting an additional set of details on the High Tech Brazil Hack Team and I'll be definitely looking forward to sharing the necessary details with the Security Industry and Law Enforcement in an attempt to track down and prosecute the individuals behind these campaigns.

Stay tuned! Continue reading →

Who's Behind the Syrian Electronic Army? - An OSINT Analysis

July 28, 2019
Continuing the "FBI Most Wanted Cybercriminals" series I've decided to continue providing actionable threat intelligence on some of the most prolific and wanted cybercriminals in the World through the distribution and dissemination of actionable intelligence regarding some of the most prolific and wanted cybercriminals.

Following a series of high-profile Web site defacement and social media attack campaigns largely relying on the utilization of good-old-fashioned social engineering attack campaigns - it appears that the individuals behind the Syrian Electronic Army are now part of FBI's Most Wanted Cyber Watch List which means that I've decided to conduct an OSINT analysis further sharing actionable intelligence behind the group operators with the idea to assist law enforcement and the U.S Intelligence Community with the necessary data which could lead to a successful tracking down and prosecution of the team behind these campaigns.

In this post I'll provide actionable intelligence on the group behind the Syrian Electronic Army including actionable intelligence on the infrastructure on some of their most prolific social engineering driven campaigns.

Sample Personal Photo of Ahmad Al Agha:


Sample Personal Photo of Firas Nur Al Din Dardar:


Sample Web Site Defacement Screenshot courtesy of "The Shadow":


Sample Screenshots of the Syrian Electronic Army Web Site Defacement Activity:








Related domains known to have participated in the campaign:
hxxp://quatar-leaks.com
hxxp://net23.net
hxxp://secureids.washpost.net23.net
hxxp://mail.hrw.net84.net
hxxp://soul.websitewelcome.com
hxxp://blog.conservatives.com/wp=content/uploads/cnn.php
hxxp://ikhwansuez.net/cnn.php
hxxp://klchr-pshr.com/bo.php
hxxp://gloryshipsghana.com/wh.php
hxxp://centriplant-dev.coreware.co.uk/wp-content/blogs.dir/ob.php
hxxp://deliveryroutes.co.uk/ch.php
hxxp://sws-schulen.de/gn.php
hxxp://sws-schulen.de/ut.php
hxxp://kulalars.com/jwt.php
hxxp://karisdiscounts.com/nasa.php

Related IPs known to have participated in the campaign:
hxxp://91.144.20.76
hxxp://194.58.88.156
hxxp://88.212.209.102
hxxp://141.105.64.37
hxxp://213.178.227.152
hxxp://82.137.248.2
hxxp://82.137.200.5
hxxp://94.252.249.94
hxxp://5.149.101.187
hxxp://82.137.248.3
hxxp://76.73.101.180
hxxp://82.137.248.3
hxxp://81.137.248.4
hxxp://82.137.248.5
hxxp://82.137.248.6
hxxp://91.144.18.219
hxxp://178.52.134.163
hxxp://78.46.142.27/~WH
hxxp://78.46.142.27/~syrian
hxxp://46.17.103.125
hxxp://46.57.135.14
hxxp://188.139.245.9
hxxp://82.137.250.235

Social Media Accounts:
hxxp://twitter.com/Official_SEA
hxxp://twitter.com/ThePro_Sy
hxxp://instagram.com/official_sea3/
hxxp://pinterest.com/officialsea/
hxxp://www.facebook.com/sea.theshadow.716
hxxp://linkedin.com/pub/th3pr0-sea
hxxp://plus.google.com/116471187595315237633
hxxp://flickr.com/photos/th3pr0
hxxp://foursquare.com/user/29524714

Skype account IDs known to have participated in the campaign: 
syria.sec
koteba63
koteba
sea.shadow3
the.shadow21
tiger.white20
nana.saifo10
nana.saifo

Related emails known to have participated in the campaign:
th3pr0123-ap2@gmail.com
th3pr0123@gmail.com
whitehouse-online@hotmail.com
whitehouse_online@hotmail.com
sea.the.shadow@gmail.com
leakssyrianesorg@gmail.com
leaks.syrianes.org@gmail.com
syrian.es.sy@gmail.com
syrianessy@gmail.com
sea.wr4th@gmail.com
pr0@hotmail.nl
sy@hotmail.com
sy34@msn.com
killboy-1994@hotmail.com
jl0@hotmail.com
cf3@hotmail.com
zq9@msn.com
doom.ceasar@gmail.com
y8p@hotmail.com
rq1@hotmail.com
cf3@hotmail.com
wassemkortab@yahoo.com
sf0725zq0330@dressmall.com
adam.magdissi@hotmail.com
bf6@hotmail.es
b-6f@hotmail.com
bg_@hotmail.com
asdelylord@hotmail.com
i-8u@hotmail.com
b-8q@hotmail.com
tiger.tiger248@gmail.com
nagham_saifo@hotmail.com
edwinjouhansyah@gmail.com
sea.coders@hotmail.com

We'll continue monitoring the campaign and post updates as soon as new developments take place. Continue reading →
Subscribe to: Comments (Atom)