LockBitSupp, a notorious cybercriminal, recently revealed that their servers were compromised due to a known vulnerability in the PHP version they were running. In a shocking turn of events, the hacker disclosed that their systems were accessed by authorities, leading to a complete wipeout of all information stored on the disks.
The hacker, known for swimming in money for five years and becoming lazy, admitted that they didn’t pay much attention to security measures. However, at 20:47, they noticed a new error on their site, leading them to discover that their server was inaccessible via SSH as the password no longer worked. It was later determined that the breach was due to a remote code execution vulnerability in PHP version 8.1.2, specifically CVE-2023-3824.
LockBitSupp acknowledged that the compromised servers housed critical data, including admin and chat panel servers, as well as a blog server. As a response to the breach, LockBitSupp assured that new servers are now running the latest version of PHP (8.3.3), mitigating the risk of future attacks on their infrastructure.
In light of the security incident, international law enforcement intervened, seizing control of a significant portion of LockBit’s infrastructure. This included 34 servers located in various countries such as the United States, the United Kingdom, the Netherlands, Germany, Finland, France, Switzerland, and Australia. Moreover, authorities confiscated 200 cryptocurrency accounts and 14,400 rogue email accounts linked to LockBit.
Apart from seizing servers and accounts, law enforcement also managed to obtain approximately 1000 decryption keys from “unprotected decryptors.” LockBitSupp downplayed the impact of losing these keys, stating that they only represented a small fraction of the total number issued over the years. Despite the setback, the hacker remained confident that the operation could continue without major disruptions.
The note shared by LockBitSupp highlighted the need for infrastructure adjustments in the wake of the security breach. While the hacker reassured that unaffected servers would continue to leak stolen data, the incident serves as a wake-up call for cybercriminals to strengthen their security protocols.
Overall, the breach of LockBit’s servers underscores the ever-present threat of cyber attacks and the importance of staying vigilant against vulnerabilities. As cybercriminals adapt and evolve their tactics, organizations must prioritize cybersecurity measures to safeguard their data and infrastructure from potential breaches.