BleepingComputer reports that the Trigona ransomware gang had its operations taken down after its servers were compromised and wiped in an attack claimed by the Ukrainian Cyber Alliance hacktivist group.
Exploitation of a critical Confluence Data Center and Server vulnerability, tracked as CVE-2023-22515, enabled UCA hacktivists to infiltrate Trigona's ransomware infrastructure last week without being detected by the ransomware group. Despite moving to protect its publicly exposed infrastructure following the exposure of its internal support documents by a UCA hacker by the name of "herm1t," Trigona had hundreds of gigabytes of data from its admin and victim panels, internal systems, blog, and data leak site, as well as its source code, cryptocurrency hot wallets, developer environment, and database records stolen and later deleted by the hacktivists.
Prior to being dismantled, Trigona ransomware compromised Microsoft SQL servers and targeted 15 or more companies across various sectors, including manufacturing and finance.
BleepingComputer reports that Knight ransomware was observed by KELA threat analysts to have the third iteration of its source code posted for sale by the operation's representative, Cyclops, on RAMP forums.