The ransomware group Yanluowang appears to be on Twitter now, using its newly created account to announce that they have breached the systems of the messaging platform Matrix, a service that has compromised high-profile companies.
Yanluowang is one of several cybercrime groups that have been active on Twitter in recent months, and the platform's takeover by Elon Musk, who has promised a more laissez-faire approach to content moderation, could make it an even more attractive environment for cybercriminals to operate in.
It was recently reported that Yanluowang, the cyber security firm known for targeting financial services companies with its malware, had started tweeting. As far as we understand from the account, it appears that it has been used to display data that it steals from its victims. The first of these is Matrix, an open messaging protocol used by 60 million people worldwide. It was breached last week by the gang, which is claiming responsibility for the theft.
On Twitter's page, several links appear to provide access to leaked data from the Matrix messaging platform as well, including "chief coder and saint thread" and "master stealer task."
There are six links on Twitter's page, which appear to provide access to leaked data from the Matrix messaging platform. A member of the Tech Monitor team has reached out to Matrix for comment.
Tweets are a favorite of ransomware gangs
Ransomware gangs are not the first group of criminals to use Twitter as an outlet to promote the theft of data using ransomware.
Several groups, including Karakurt and BlackByte, have created Twitter profiles for themselves to make their illicit merchandise more widely known to the world. In terms of Yanluowang's page, it appears to be still up, though both appear to be suspended, at least for the time being. A website set up by Karakurt on the open web was also used to sell their data to the highest bidder at the time of the hack.
This method of data extortion is so common, even though it may prove to be short-lived and risky because cybercrime gangs experimenting with it need somewhere public and with a large reach that they can advertise their stolen data, according to Allen Liska, an intelligence analyst at Recorded Future.
Liska told Tech Monitor in August that "Not everyone has a Tor browser, and Karakurt needs to be able to earn money as much as it can whether or not it can make any money from where it's getting its data," if it wants to succeed. Essentially, if you are trying to extort someone, you cannot make it difficult for them to obtain the data if your aim is extortion."
A hacker could be attracted to Elon Musk's Twitter account in the wake of Elon Musk's acquisition of Twitter for $44 billion, Twitter is currently experiencing a period of upheaval that might last for years to come.
It has been confirmed that Tesla CEO Elon Musk is now working for Twitter as their "Chief Twit" after completing the takeover of the company on Friday, which occurred after several months of legal proceedings. Musk expressed his intention to make Twitter into an environment where freedom of speech is a flourishing characteristic in the very public wranglings that preceded the deal, referring to himself as a "free speech absolutist" during the public debate that preceded the deal. The site is believed to change its approach to the way it moderates content shortly as a result of this change in approach. Before Musk's takeover, there was reportedly an increase in hate speech on the platform in the days leading up to his takeover.
In this respect, hackers could reap the benefits of this, as they would be able to maintain accounts to advertise their illegal activities on the internet. CISO at cybersecurity vendor Recorded Future, Jason Steer, says that this is a possibility that can be just as easily nailed down. In his opinion, "hackers will continue to exploit other platforms like Telegram to promote their work and sell stolen data for decades to come, but he does believe that [Twitter's current issues] could be an opportunity for them."