“Major Nelson” Claims Sony Data Leak Alleging RansomedVC Lied


In a recent cybersecurity news development, a user on a hacker forum made a startling statement about the Sony data breach. Based on the names of the data samples released on the hacker forum, it could be said that the user was referring to the Sony data leak which was first claimed by RansomedVC. The hacker forum user going by the alias Major Nelson then released data allegedly from the Sony data breach.

RansomedVC ransomware group posted links to the data exfiltrated from the multinational conglomerate, Sony Corporation. The hacker from the ransomware group mentioned that they had quality assurance division documents from the Sony Corporation data leak.

Series of Events Relating to Sony Cyber Attack

One of the most exhaustive malware repository providers, VX-Underground tweeted the below screenshot from the dark web. They tweeted, “Today someone operating under the name “Major Nelson,” a nod to the former Director of Programming for the Microsoft gaming network Xbox Live, asserts RansomVC is lying.”

Hacker forum post by ‘Major Nelson’ (Photo: VX-Underground/ Twitter)

“He then released all the content RansomVC claimed to have into the general public,” they further added.

"Major Nelson" Claims Sony Data Leak Alleging RansomedVC Lied

Major Nelson is the name adopted by the much-admired Larry Hryb of Microsoft. Larry is a former software developer known for his work as a Director of Programming for the Microsoft gaming network Xbox Live.

About the Sony data leak, the hacker forum user, Major Nelson put the following internal system data online on September 9, 2023 –

  1. SonarQube
  2. Creators cloud
  3. Sony certificates
  4. Device emulator for generating licenses
  5. Qasop security
  6. Incident response policies

Based on the recent joining of Major Nelson on the hacker forum, it looks uncertain whether their Sony data leak claims are genuine. They joined the hacker forum in September itself and the Sony breach post was the first and only one made by them.

Previous Sony Data Leak Claims

Sony was also allegedly breached by the Clop ransomware group. A member of RansomedVC, which is a ransomware group turned to their dark web portal with data claimed to be from Sony.com.

They wrote, “We have successfully compromised all of Sony systems. We won’t ransom them! We will sell the data.”

Sony data leak
Sony data leak claim by RansomedVC (Photo: Falcon Feeds/ Twitter)

After boasting of having breached Sony, and possessing its data, the hackers denied wanting to continue demanding a ransom due to the denial of the telecommunications giant.

Sony data leak
Information samples from the Sony data leak (Photo: Hack Read)

They put the data on sale with a link to the data for buyers on their website post. In an interview, a hacker from the group said that to target an organization with ransomware, they make sure the revenue of the same is at least 5 million.

Sony data leak
RansomedVC’s Twitter account (Photo: Dominic Alvieri/ Twitter)

RansomedVC also recently joined Telegram on August 15, 2023 after having their account suspended on Twitter.

Interpersonal Conflict Between Hackers and Forum Members

There have been several instances of hackers joining hands and then leaving each other for unspecified reasons. When asked about the collaboration between RansomedVC and the Everest ransomware group, the Ransomed member said that they were friends.

Another question asked Ransomed to comment on Exposed Forum. To this, the operator replied by saying, “I have seen the news yeah, idk what I can say about it, never been in their forum neither will I ever be.’

The statement reflects discord between the RansomedVC group and the Exposed Forum.

Likely due to a conflict, in May, a user of the Raid Forum released data stolen from Expose Forum. Both are dark web platforms that sees data breaches and leaks announced on them.

The recent tweets made by Cybersecurity Analyst Dominic Alvieri further solidify the claim of a rift between groups. Dominic tweeted on September 12 that a cybercriminal USDoD joined the RansomedVC group.

However, on September 18, news came out that USDoD left the group. Moreover, a spokesperson from TransUnion confirmed that the claim made by USDoD about its data breach was false. The American consumer credit monitoring and reporting agency checked the data samples posted by the cybercriminals and confirmed to The Cyber Express that they did not match. This also suggests that not all data leak posts are authentic.

 

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.





Source link