A Russian-speaking cybercriminal forum has recently announced a forum-wide competition with a $15k prize pool up for grabs sponsored by operators of the Sodinokibi ransomware. First place in the competition gets $5,000, with the prize decreasing by $1,000 for second through fifth place. Participants for the competition must submit articles for the following topics to be deemed eligible for prizes:
- Searching for 0-day and 1-day vulnerabilities. Developing exploits for them.
- APT attacks. Hacking LAN, elevating rights, hijacking domain controller, attack development.
- Interesting combinations, algorithms. Writing your own crypto algorithms and hacking other people’s.
- Innovative functionality, reviews, analysis of interesting algorithms that are used, development prospects.
- Forensics. Digital forensics. Software, tricks, methods.
On top of the possibility to win prize money, one “suitable” finalist will also be given the chance to work with the Sodinokibi team under “mutually beneficial conditions.” So far, reactions to the competition have been mixed in the replies. Late last month, the forum operator also revealed that the competition had not received many entries. Sodinokibi recently announced that they will begin dumping stolen data from ransom victims that refuse to pay. The competition is another new tactic for the group. Binary Defense will be keeping a close eye on the Sodinokibi ransomware for any possible changes that may arise due to the competition and its specific topics.
Analyst Notes
Attackers are constantly looking for new and innovative ways to compromise their victims. Sponsored competitions have the potential to motivate some threat actors to share their research results. However, due to the relatively low value of the prizes offered compared to the typical value of 0-day exploits on criminal forums, Binary Defense analysts assess that it is unlikely this competition will directly result in new exploits being developed. The greater cause for concern is seeing a high-profile criminal group using competition to recruit more people to join their team, which could increase the number of companies targeted. It is recommended to monitor threat actor communication on criminal forums to be aware of new threats. Binary Defense provides a Counterintelligence service that searches for threat information targeting clients and provides advance warning of threats.
Source: https://www.digitalshadows.com/blog-and-research/competitions-on-russian-language-cybercriminal-forums-sharing-expertise-or-threat-actor-showboating/
