Telephone: 1-844-NETIZEN
Tel: 1-844-NETIZEN
Email: team (at) Netizen.net
slider

Netizen: Monday Security Brief (5/12/2024)

Posted on 12 May 2025 at https://www.Netizen.net/news Source Link: https://blog.netizen.net

Today’s Topics:

  • LockBit Admin Panel Hacked: Leaked Data Offers Rare Insight into Ransomware Operations
  • Google to Pay $1.375 Billion in Texas Settlement Over Unauthorized Location and Biometric Tracking
  • How can Netizen help?

LockBit Admin Panel Hacked: Leaked Data Offers Rare Insight into Ransomware Operations

On May 7, an administration panel belonging to the LockBit ransomware-as-a-service (RaaS) operation was compromised, resulting in the public release of internal communications, attacker infrastructure details, and affiliate negotiation records—information with immediate value to law enforcement, incident response teams, and threat intelligence researchers.

The attacker defaced a LockBit admin domain with the message: “Don’t do crime, crime is bad xoxo from Prague,” along with a link to a compressed archive containing data extracted from the compromised server. This includes:

  • Bitcoin wallet addresses tied to affiliate transactions
  • Chat logs between affiliates and victims
  • TOX IDs, usernames, and passwords for 76 registered users
  • Indicators of infrastructure, malware, and operational procedures

Rapid7’s Christiaan Beek confirmed that the Bitcoin wallet addresses could aid law enforcement in tracing transactions and identifying actors involved in LockBit’s affiliate network. Searchlight Cyber’s Luke Donovan reported that 22 of the leaked user accounts were associated with TOX IDs—metadata commonly reused across dark web forums. Researchers were able to correlate some of these to known threat actor aliases, potentially enabling further attribution or linking affiliate activity across campaigns.

The chat logs—spanning December 2024 to April 2025—expose negotiation tactics in detail. According to Beek, affiliates pressured victims with rapid ransom demands that varied significantly, sometimes requesting amounts as low as $5,000 and in other cases demanding six-figure payments. This range of tactics provides valuable insight for incident responders and negotiators working on live ransomware cases.

Donovan noted similarities between this attack and a prior defacement of the Everest ransomware group’s infrastructure, suggesting the breach may stem from infighting or retaliation within the cybercriminal ecosystem. Though attribution remains speculative, the reused messaging indicates the same threat actor may be behind both compromises.

LockBit has acknowledged the breach but claimed no victim data or decryptors were exposed. The group’s figurehead, known as LockBitSupp—identified by law enforcement as Russian national Dmitry Yuryevich Khoroshev—has publicly offered a reward for information on the identity of the attacker responsible.

While LockBit infrastructure was dealt a significant blow in coordinated takedowns last year, this leak is one of the most substantial windows into their internal operations to date. For security teams and intelligence analysts, the exposed records offer a rare opportunity to better understand affiliate dynamics, operational workflows, and negotiation strategies used in active ransomware campaigns.

Security teams should review the leaked indicators, monitor for reused TOX IDs or wallet addresses, and remain alert to opportunistic attacks or impersonation attempts stemming from the breach.

Google to Pay $1.375 Billion in Texas Settlement Over Unauthorized Location and Biometric Tracking

Google has agreed to pay $1.375 billion to the state of Texas to settle two major lawsuits alleging the unauthorized tracking of users’ physical location and the collection of biometric data, including facial recognition and voiceprints—without user consent. The figure represents the largest privacy-related settlement Google has made with a single U.S. state and far exceeds the amounts it previously paid in similar lawsuits across other jurisdictions.

Filed in 2022 by Texas Attorney General Ken Paxton, the lawsuits accused Google of violating state privacy laws by tracking users’ movements even when location history was turned off, recording incognito searches, and capturing biometric identifiers such as facial geometry and voice profiles without explicit user permission. These practices were allegedly performed through core services like Google Maps, Search, and Photos.

“For years, Google secretly tracked people’s movements, private searches, and even their voiceprints and facial geometry through their products and services,” said Attorney General Paxton. “This $1.375 billion settlement is a major win for Texans’ privacy and tells companies that they will pay for abusing our trust.”

The magnitude of this settlement not only surpasses Google’s $391 million payout to 40 states in 2022, but also its $93 million agreement with California in 2023 and a $29.5 million resolution involving Indiana and Washington. It is on par with the $1.4 billion settlement Meta reached with Texas over similar biometric privacy violations.

In response to regulatory and public pressure, Google has made incremental privacy changes. These include storing Maps Timeline data locally on users’ devices rather than in the cloud and introducing auto-deletion controls for location data when tracking features are enabled.

With increasing regulatory scrutiny from both U.S. and international authorities, this settlement further intensifies pressure on Google, which is already facing antitrust calls to break up key areas of its business. Privacy professionals should view this as a signal to review data handling practices—particularly those involving sensitive categories such as biometrics and geolocation—and ensure compliance with both existing and emerging state-level regulations.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

News and Updates

Sign up to get the latest news and threat briefs:

Get in Touch

Telephone: 1-844-NETIZEN
Email: Team (at) Netizen.net
Office Locations:
Allentown, PA (Headquarters)
 Arlington, VA (DC Region)
 Charleston, SC (Southeast Region)

Connect With Us

    Facebook
    Twitter
    LinkedIn
    Instagram
    GitHub
    YouTube

Copyright © Netizen Corporation. All Rights Reserved.