Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
View Regular
Azim Khodjibaev Profile picture
Azim Khodjibaev
@AShukuhi
Threat intel @TalosSecurity

Jan 31, 2022, 10 tweets

A major civil war going on the Russian cyber-criminal underground between the #Lockbit #Blackmatter #ransomware groups and other threat actors! @TalosSecurity

After alleging for a long time that Kajit, the former owner of RAMP is a cop, LockBittSupp posted a massive bombshell t0 XSS(DaMaGe LaB) Russian hacking forum

LockBitSupp (#lockbit #ransomware) just shared proof of conversations between vx-underground and Kajit proving that Kajit was the one who leaked the BlackMatter admin panel. What is interesting is that the admin panel was shared with wazawaka/boriselicin

wazawaka/boriselcin is a prolific ransomware operator that we interviewed blog.talosintelligence.com/2021/02/interv… tied to LockBit, BlackMatter among other RaaS partnerships. He has admitted to several ransomware attacks.

The leaked conversations are between LockBitSupp and Kajit, Kajit and a username named smelly from presumably vx-underground, between a self described #0day broker Kelegen and smelly and arbitration between boriselcin, admin, kajit and LockBitSupp on XSS.

in the conversations between LBS and vx-underground LBS wanted vx to claim that #revil was the one who leaked it to him

S this implies that Kajit leaked a #BlackMatter panel that was only shared between him and wazawaka/boriselcin/uhodi with the intent to implicate REvil. LBS figured all of this out and in the process has proved himself to be a determined investigator collecting evidence 4 months

smelly insisted with Kajit that their purpose with them is to only collect and share information and to remain neutral. They did not appear to be a part of any coordinated actions with Kajit based on the screenshots. The timing of the screenshots is in line with vx's posts abt BM

In total, there were 30 + screenshots in both Russian and English shared by LockBitSupp. What is interesting to this linguist is the several snippets of perfect colloquial and conversational English demonstrated by LockBitSupp while at the same time clearly speaking native Rus.

All of this has been brewing for about 8 months (since #revil shut down) but three things have finally forced a spillover:
1. #revil arrests in January
2. Reintroduction of convicted spammer Peter Severa aka Severa into the XSS forum last week.
3. wazawaka's insane video rant

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling