Alon Gal — Under the Breach

Jun 30, 2020

Is Zoom’s $500,000 RCE really not worth it?

Back in April it was revealed that a Zoom RCE 0-day went for sale for $500,000. This raised plenty of eyebrows in the Info-sec community as to whether the price was justified or not. Many believed the price was absurd and that there is no way in the world that…

Zoom

4 min read

Zoom

4 min read

Apr 30, 2020

The chronicles of Fortinet’s CVE-2020–9294

On April 20 I discovered a 0-day was being sold on a private Russian Cybercriminals forum. The 0-day, according to the actor selling it, was affecting all versions of Fortimail, granting the user ROOT access to any Fortimail server[1]: Of course, realizing the potential maliciousness of this exploit I…

Fortinet

4 min read

Fortinet

4 min read

Apr 5, 2020

Iran’s ban on Telegram that was intended to facilitate domestic spying backfired

by Under The Breach and Databreaches.net A recent report by Comparitech and Bob Diachenko concerning an exposed elasticsearch server with data scraped from a forked Telegram app was one of numerous leak reports during March. The leak had exposed data of more than 42 million Iranians, and by the time…

Iran

6 min read

Iran

6 min read

Feb 28, 2020

Confronting Fake News

On February 26, Under the Breach discovered that an Actor dumped the databases of 16 websites that left public S3 AWS buckets exposed to the internet, one of these sites is www.bgr.in, a huge Indian tech news site: We downloaded the database and…

Fake News

3 min read

Fake News

3 min read

Feb 13, 2020

How I found the hacker behind a 850,000 computers botnet

Back in August 2019 Avast anti-virus released a technical write-up about a malicious worm named “Retadup” that infected a total of 850,000 computers, mainly in South America[1] The researchers from Avast were able to locate the C&C server, hack it on behalf of the French National Gendarmerie, and drain…

Hacker

4 min read

Hacker

4 min read

Feb 10, 2020

Ulterior motives and influence operations

This write-up will be a little shorter, it is just an anecdotal evidence that sometimes things in Cybercrime aren’t as they seem to be, often a lot more sinister. Earlier this week I noticed an actor was trying to sell access to three of the largest mobile companies in Iraq:

Cybercrime

4 min read

Ulterior motives and influence operations

Cybercrime

4 min read

Feb 7, 2020

Hey Russia, your data is leaking!

The era of big data is upon us and it doesn’t seem like it is going away. This is evident in governments buying location data[1] : Large firms looking to capitalize on your information[2]:

Russia

5 min read

Russia

5 min read

Feb 3, 2020

Genesis market 2020 overview, a bazaar for buying data out of compromised computers.

So how did a group of individuals get their hands on 230,000 computers worldwide in the first place? Well we first have to understand how a mass virus spreading campaign works (if you’re already familiar with that, you can skip ahead). Granted, there are many ways one can use to…

Hacker

7 min read

Genesis market 2020 overview, a bazaar for buying data out of compromised computers.

Hacker

7 min read

Jan 30, 2020

Tracking Down REvil’s “Lalartu” by utilizing multiple OSINT methods

In recent months we’ve seen a spike in companies having their servers breached and files encrypted. in order for the company to decrypt the files, hackers are demanding a payment, typically in Cryptocurrencies, for which in return they will give the key to open the files. A specific highly talented…

Ransomware

7 min read

Tracking Down REvil’s “Lalartu” by utilizing multiple OSINT methods

Ransomware

7 min read