Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Azim Profile picture
@AShukuhi
Jan 31, 2022 10 tweets 5 min read Read on X
A major civil war going on the Russian cyber-criminal underground between the #Lockbit #Blackmatter #ransomware groups and other threat actors! @TalosSecurity
After alleging for a long time that Kajit, the former owner of RAMP is a cop, LockBittSupp posted a massive bombshell t0 XSS(DaMaGe LaB) Russian hacking forum screenshot of the 30+ scree...
LockBitSupp (#lockbit #ransomware) just shared proof of conversations between vx-underground and Kajit proving that Kajit was the one who leaked the BlackMatter admin panel. What is interesting is that the admin panel was shared with wazawaka/boriselicin
wazawaka/boriselcin is a prolific ransomware operator that we interviewed blog.talosintelligence.com/2021/02/interv… tied to LockBit, BlackMatter among other RaaS partnerships. He has admitted to several ransomware attacks.
The leaked conversations are between LockBitSupp and Kajit, Kajit and a username named smelly from presumably vx-underground, between a self described #0day broker Kelegen and smelly and arbitration between boriselcin, admin, kajit and LockBitSupp on XSS.
in the conversations between LBS and vx-underground LBS wanted vx to claim that #revil was the one who leaked it to him
S this implies that Kajit leaked a #BlackMatter panel that was only shared between him and wazawaka/boriselcin/uhodi with the intent to implicate REvil. LBS figured all of this out and in the process has proved himself to be a determined investigator collecting evidence 4 months
smelly insisted with Kajit that their purpose with them is to only collect and share information and to remain neutral. They did not appear to be a part of any coordinated actions with Kajit based on the screenshots. The timing of the screenshots is in line with vx's posts abt BM Image
In total, there were 30 + screenshots in both Russian and English shared by LockBitSupp. What is interesting to this linguist is the several snippets of perfect colloquial and conversational English demonstrated by LockBitSupp while at the same time clearly speaking native Rus.
All of this has been brewing for about 8 months (since #revil shut down) but three things have finally forced a spillover:
1. #revil arrests in January
2. Reintroduction of convicted spammer Peter Severa aka Severa into the XSS forum last week.
3. wazawaka's insane video rant

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Azim

Azim Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @AShukuhi

Azim Profile picture
Dec 16, 2022
1/5 A post on XSS by a self described script kiddy's stressful life as a cybercriminal had the infamous Bassterlord ransomware operator chime in and give us insight into their own reaction to recent measures against ransomware groups Image
2/5 Bassterlod tells us that the REvil arrests spooked them at first. They shut down operators for a bit and claimed to have moved to their hometown. After getting a call from the FSB, they were sure that their end has come. However, the FSB meeting was benign and ...
3/5 after having a period of stress and anxiety, it fully stopped worrying and came back to their normal life. They pointed out that it was around this time that they asked for their username to be unbanned from XSS. Bassterlord claimed "they would have made a good pentester"...
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(