The head of the Lockbit cybercriminal collective posted an announcement on a hacker forum. He is looking for information on the member of another gang, against the backdrop of a cyberattack against a Russian company.
Tensions in cybercrime. Cyber threat analyst 3xp0rt spotted a surprising announcement on a Russian-speaking hacker forum. The post was published on January 25 by Lockbit, the most feared ransomware group of the moment.
In his message, the alleged gang leader seeks information about another cybercriminal, responsible for a cyberattack against Ansecurity, a major Russian company in the security sector. Not only are attacks against Russian entities rare, but the hacker in question reportedly used code from Lockbit’s malware.
In his announcement, the administrator of Lockbit states: “ Guys, I found out who organized all this, it’s a stupid and ridiculous revenge from one of the competitors under the nickname Signature. He also owns Clop, he takes revenge for the ban on the Exploit forum […].
Anyone who has any information on him please provide me with this information for money. If anyone in the FBI or FSB knows his identity please also provide me with that information before arresting him, I’m sure someone knows his identity for sure as he’s a veteran on the forums “.
Why hackers attack hackers
Some background: Lockbit is a cybercriminal group with a meteoric rise in ransomware attacks in less than four years. He is particularly known in France for his cyberattack against the Corbeil-Essonnes hospital. In September 2022, a disagreement over salary between the criminals and a developer of their software led to the leak of the “builder” – the creation kit – of their own malware onto the darknet.
This month, January 2024, Ansecurity, a Russian security services giant with over 6,000 employees, suffered a ransomware attack. However, a social pact exists in Russia between cybercriminals and the Kremlin. The latter lets them act with complete impunity, provided that they only target the West. Even more surprising, the person responsible for the attack would himself be Russian-speaking. According to the manager of Lockbit, a member of the Clop group used a derivative of its malware obtained thanks to the 2022 leak to carry out his attack.
Clop is a rival cybercriminal collective responsible for numerous cyberattacks, notably against Sony and PWC. Behind this attack hides a (stupid) story of ego between the two gangs, the banishment of Clop from a hacker forum would have led to this revenge.
Millions of euros for information on one’s own identity
In addition to his search for information against Clop, the Lockbit administrator challenges forum members to find his own identity. He promises 1 and 10 million dollars if someone can provide him with information and explains to him how he obtained this information. The cybercriminal assures that he will give more money than the FBI.
The identities of Lockbit executives are still unknown. Some Russian hackers linked to the group have been arrested or unmasked by American law enforcement, but the masterminds are still safe.
Do you want to know everything about the mobility of tomorrow, from electric cars to e-bikes? Subscribe now to our Watt Else newsletter!