Darknet sites operated by the hacker group LockBit have come under the control of the UK’s National Crime Agency, reports Bleeping Computer.
Authorities confirmed to the media the seizure of resources as part of the ongoing Operation Cronos, involving the FBI, Europol, and colleagues from 11 countries. They promised to provide further details later.
A representative of the group, known as LockBitSupp, claims that the FBI hacked them using a PHP vulnerability. It is presumably related to the exploitation of CVE-2023-3824.
Lockbit ransomware group has issued a message to individuals on Tox.
“ФБР уебали сервера через PHP, резервные сервера без PHP не тронуты”
“The FBI fucked up servers using PHP, backup servers without PHP are not touched”
— vx-underground (@vxunderground) February 19, 2024
In addition to the leak site, police have disabled LockBit’s “affiliate” panel. According to the statement, law enforcement has access to “source code, victim data, ransom amounts, stolen data, chats, and much more.”
However, several other LockBit darknet resources, including sites for data hosting and private messaging, remain operational.
The LockBit group emerged in 2019 and is considered one of the most active. Its victims include tire manufacturer Continental, Boeing, fast-food chain Subway, Bank of America, the Italian tax service, and others.
In early 2020, hackers released user data from the cryptocurrency exchange BTC-Alpha and reported stealing information from over 100,000 clients of the PayBito platform.
According to Recorded Future, LockBit has conducted at least 2,300 attacks worldwide. The group extorted over $91 million from American companies alone, calculated by the CISA.
In November 2022, Canadian authorities arrested 33-year-old Russian Mikhail Vasiliev on suspicion of large-scale hacking attacks using the LockBit ransomware.
Later, the US Department of Justice announced the capture of 20-year-old Russian citizen Ruslan Astamirov for distributing the same ransomware.