Ransomware gang Yanluowang has apparently joined Twitter, using its new account to announce it had breached the systems of messaging platform Matrix. Yanluowang is one of a number of cybercrime groups which have been active on Twitter in recent months, and the platform’s takeover by Elon Musk, who is promising a more laissez-faire approach to content moderation, could make it an even more appealing environment for criminals.
Yanluowang, which is known for targeting financial services companies with its malware, started tweeting yesterday and appears to be using its account to display data it lifts from its victims, the first of which is Matrix, the open messaging protocol used by 60 million people worldwide, which the gang claims it breached last week.
The Twitter page shows numerous links in posts with descriptions such as “chiefs ‘coder’ and ‘saint’ chat,” and “master ‘stealer’ taskings”. There are a total of six links on the Twitter page providing apparent access to leaked data from the Matrix messaging platform. Tech Monitor has reached out to Matrix for comment.
Ransomware gangs love Twitter
This is not the first time that ransomware gangs have used Twitter to advertise valuable stolen data. In August, two groups, Karakurt and BlackByte created Twitter profiles for themselves in order to publicise their illicit merchandise. Both currently appear to be suspended, but Yanluowang’s page is up at the time of writing. Karakurt also set up a website on the open web to hawk their data to the highest bidder.
The reason this technique is so popular, despite being potentially short-lived and risky, is that cybercrime gangs experimenting with data extortion need somewhere public with a large reach to advertise their stolen data, said Allen Liska, intelligence analyst at Recorded Future. “Not everybody has a Tor browser, so Karakurt has to have its data as accessible as possible if it’s going to be able to make any money,” Liska told Tech Monitor in August. “In other words, if your goal is extortion, you can’t make the data difficult to get to.”
Elon Musk’s Twitter could be appealing to hackers
Twitter is currently experiencing a period of upheaval following its acquisition by Elon Musk for $44bn. Tesla CEO Musk renamed himself as Twitter’s “Chief Twit” after completing the takeover on Friday, which followed months of legal back and forth. During the very public wrangling which preceded the deal, Musk expressed his intentions to make Twitter a platform where freedom of speech thrives, referring to himself as a “free speech absolutist”. Many believe this will lead to a change of approach on the way the site moderates content, and in the days following Musk’s takeover hate speech on the platform has reportedly spiked.
This could work to the advantage of hackers, who may be able to maintain accounts to promote their illegal activity. This is “absolutely” a possibility, says Jason Steer, CISO at cybersecurity vendor Recorded Future. He believes hackers will continue to exploit a variety of other platforms, such as Telegram, to promote their work and sell stolen data, but says: “[Twitter’s current issues] could be a change to their benefit.”