Researchers have uncovered the true identity of servers hosting one of the most notorious ransomware operations active today. The Medusa Ransomware Group, which has operated with relative anonymity through Tor hidden services, has had its cover blown through a sophisticated exploitation of vulnerabilities in their own infrastructure. This exposure represents a rare instance where cybercriminal […] The post Researchers Deanonymized Medusa Ransomware Group’s Onion Site appeared first on Cyber Security News.
While specific exploit code cannot be shared for ethical reasons, …
What wound be unethical about that/how could one exploit that unethically?
Also:
Covsec researchers identified a critical vulnerability in Medusa’s ransomware blog platform that allowed them to bypass the protections afforded by the Tor network.
By exploiting this high-severity vulnerability, the security team was able to execute a privilege escalation attack that revealed the actual IP address of the hidden service: 95.143.191.148.
The exposure provides unprecedented insight into the infrastructure supporting Medusa’s operations.
The server is hosted on a network routed via SELECTEL in Russia (AS49505) and runs Ubuntu Linux with OpenSSH 8.9p1. The server exposes three services: SSH on port 22, HTTP on port 80, and an additional HTTP service on port 3000.