CyberNiggers Group Allegedly Breaches HSBC and Barclays Banks, Compromising Extensive Databases and Source Code
Threat Actor: CyberNiggers Group
Victim: HSBC and Barclays Banks
🌟 The CyberNiggers group, allegedly orchestrated by members Sanggiero and IntelBroker, breached the security systems of HSBC and Barclays banks.
🌟 The databases contain crucial information about banking operations, such as transaction records, account details, and user notifications.
🌟 The hackers also accessed additional files, including security certificates, PIX keys, JKS files, security signing keys, and compiled .Jar files.
🌟 Source code extracted from the GitLab repository was acquired by the threat actors, increasing the severity of the breach.
🌟 The hackers claim control over miscellaneous unsorted documents, indicating a comprehensive infiltration into the banks’ digital infrastructure.
MITRE ATT&CK Techniques that could potentially apply
T1190: Exploit Public-Facing Application
The hackers might have exploited vulnerabilities in public-facing applications to gain initial access. This technique could explain how they accessed the banks' systems to extract databases and sensitive files.
T1566: Phishing
If the breach began with deceptive emails to trick employees into providing access or downloading malicious software, this technique would be relevant.
T1059: Command and Scripting Interpreter
The attackers could have used scripting to execute malicious commands once inside the network, allowing them to move laterally and access various databases and files.
T1098: Account Manipulation
By creating or manipulating accounts within the banks' systems, attackers could maintain access over time, explaining how they managed to exfiltrate such a vast amount of data.
T1068: Exploitation for Privilege Escalation
To access restricted databases and sensitive files, the attackers likely exploited vulnerabilities to escalate their privileges within the banks' networks.
T1027: Obfuscated Files or Information
The use of .Jar files and possibly obfuscating the stolen data could indicate efforts to avoid detection by security tools.
T1552: Unsecured Credentials
The acquisition of security certificates, signing keys, and JKS files suggests the attackers accessed unsecured credentials, enabling further access and exfiltration.
T1083: File and Directory Discovery
Discovering and cataloging the specific databases and files for exfiltration would require extensive knowledge of the banks' file and directory structures.
T1567: Exfiltration Over Web Service
If the data was exfiltrated to an external server controlled by the attackers, this technique would be used, especially for the large volumes of data described.
T1485: Data Destruction
While not explicitly mentioned, attackers having access to such sensitive data could potentially manipulate or delete it to cause harm or cover their tracks.