New York (AFP)
The noose seemed to tighten Friday around the Darkside hackers behind the cyberattack on U.S. oil pipeline operator Colonial Pipeline: Experts say its servers have been taken out of service and its messages have even been deleted by a large community of Russian cybercriminals.
According to cybersecurity firm Recorded Future, the hacker who demanded a ransom from Colonial Pipeline admitted that his Darkside group had lost access to several of the servers used to host his blog or to get paid.
Accessible via the TOR browser on the dark web, the underground version of the internet, the Darkside site was inaccessible Friday morning.
"A few hours ago, we lost access to the public part of our infrastructure, namely our blog, our payment server and our DoS servers", wrote in an article a hacker using the pseudonym Darksupp, quoted by Recorded Future.
Denial of Service (DoS) attacks aim to shut down a website by overloading it with traffic.
Darksupp also indicated that cryptocurrency funds, used to pay ransoms demanded by the hacker group, had been withdrawn.
A Recorded Future analyst, however, believes that Darskide's confession may be a subterfuge allowing the group to shut down its infrastructure itself to avoid having to pay its associates.
This tactic is known as an "exit scam" in the cybercrime community.
- Darskide banned from a Russian forum -
Earlier this week, US President Joe Biden accused "Russia-based" hackers of carrying out the attack on Colonial Pipeline last week without claiming that Moscow was directly involved.
Biden said Thursday he was "in direct communication with Moscow about the need for the responsible countries to take decisive action against these ransomware rings."
According to researchers at the Dark Shadows digital risk protection platform, all of Darkside's posts on the Russian-speaking XXS cybercriminals forum have been removed.
In contrast, the criminal group's recruitment announcements on another popular Russian-language hacker platform, Exploit, were still live, but they haven't been updated since April and make no reference to the attack on them. Colonial Pipeline.
According to information from Bloomberg, Colonial Pipeline would have paid 5 million dollars to the hackers, information which contradicts that of the Washington Post, which affirms that the company did not pay money.
Asked by AFP, a spokesperson for Colonial Pipeline did not comment, only indicating that there was an ongoing investigation.
The Biden administration also refrained from commenting while stressing that companies should strengthen their IT security.
The attack on the computer systems of Colonial Pipeline, which transports nearly half of America's petroleum products from the Gulf of Mexico to the east coast of the United States, forced the operator to shut down all of its operations.
This caused a wave of panic among many motorists, fearing a shortage of gasoline and rushing to gas stations.
Colonial Pipeline, however, said Thursday evening to have restarted its entire system and restarted the delivery of fuels.
© 2021 AFP