The Krybit ransomware group claims to have breached the infrastructure of a rival threat actor, the 0APT ransomware group. A recently published defacement page—warning 0APT not to “play with the big boys”—and leaked chat logs indicate a retaliatory attack stemming from a dispute over reputation and leaked encryption keys. The chat transcript between representatives of both groups reveals Krybit’s intent to exact revenge, destroy 0APT’s operations, and potentially expose the true identities of its operators.
According to the actor, the allegedly compromised data includes:
-
Server access logs (
access.log,access.MGnLeHGS.log.part) -
System configuration and credential files (
passwd,shadow,gshadow,hosts,hostname) -
Cryptographic keys (
hs_ed25519_public_key,hs_ed25519_secret_key) -
Command line history (
bash_history) -
Backend PHP scripts (
cochat.php,contact.php,cosend.php,download.php,index.php,krybitkey.php)
Daily Dark WebRead More
T1
