In a recent cybersecurity news development, a user on a hacker forum made a surprising statement about the Sony data breach. Based on the names of the data samples posted on the hacker forum, one could say that the user was referring to the Sony data leak that was first claimed by RansomedVC. The hacker forum user, known under the pseudonym Major Nelson, then posted data purportedly from the Sony data breach.
RansomedVC Ransomware The group published links to data exfiltrated from the multinational conglomerate Sony Corporation. THE pirate from the ransomware group mentioned that they had documents from the quality assurance division from the Sony Corporation data breach.
Series of events linked to the Sony cyberattack
One of the most comprehensive malware repository providers, VX-Underground, tweeted the screenshot below of the Dark web. They tweeted: “Today, someone operating under the name “Major Nelson,” a nod to the former director of programming for Microsoft gaming network Xbox Live, claims that RansomVC is lying.
“He then made public all of the content that RansomVC claimed to have,” they added.
Major Nelson is the name adopted by Microsoft’s much-admired Larry Hryb. Larry is a former software developer known for his work as director of programming for Microsoft gaming network Xbox Live.
Regarding the Sony data leak, hacker forum user Major Nelson posted the following internal system data on September 9, 2023:
- Creator Cloud
- Sony certificates
- Device emulator to generate licenses
- Qasop Security
- Incident Response Policies
Based on Major Nelson’s recent participation in the hacker forum, it does not appear certain that Sony’s data leak allegations are genuine. They joined the hacker forum in September itself and the post about the Sony breach was the first and only one posted by them.
Previous Sony data leak allegations
They wrote: “We have successfully compromised all Sony systems. We will not ransom them! We will sell the data.
After boasting of having hacked Sony and possessing its data, the hackers denied wanting to continue demanding a ransom due to the telecommunications giant’s refusal.
They put the data up for sale with a link to the data for buyers on their website post. In an interviewa hacker from the group said that to target an organization with ransomware, they ensure that the organization’s turnover is at least 5 million.
RansomedVC also recently joined Telegram on August 15, 2023 after his account was suspended on Twitter.
Interpersonal conflict between hackers and forum members
There have been several cases where hackers joined hands and then parted ways for unspecified reasons. When asked about the collaboration between RansomedVC and the Everest ransomware group, the Ransomed member said they were friends.
Another question asked Ransomed to comment on Exposed Forum. To this, the operator responded by saying: “I saw the news yeah, I don’t know what I can say about it, I’ve never been on their forum and I never will be either.
The statement reflects the discord between the RansomedVC group and Exposed Forum.
Probably due to conflict, in May a Raid Forum user leaked stolen data to Expose the forum. Both are dark web platforms where breaches and data leaks are announced.
Recent tweets from cybersecurity analyst Dominic Alvieri further reinforce the assertion of a divide between the groups. Dominic tweeted on September 12 that a cybercriminal USDoD joined the RansomedVC group.
However, on September 18, it became known that USDoD left the group. Furthermore, a spokesperson for TransUnion confirmed that USDoD’s claim regarding its data breach was false. The US Consumer Credit Reporting Agency checked the data samples posted by the cybercriminals and confirmed to The Cyber Express that they did not match. This also suggests that not all data leak messages are genuine.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only and users take full responsibility for their reliance on it. THE Cyber Express assumes no responsibility for the accuracy or consequences of the use of this information.