Pronico: Difference between revisions

From Enlace Hacktivista
Jump to navigation Jump to search
No edit summary
No edit summary
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
Pronico operates the Fenix mine in Guatemala, which has a long history of human rights abuses, environmental damage, and resistance by the surrounding communities.
Pronico operates the Fenix mine in Guatemala, which has a long history of human rights abuses, environmental damage, and resistance by the surrounding communities.


== News ==
== Media Coverage ==
English:
English:
* https://ddosecrets.com/wiki/Mining_Secrets
* https://ddosecrets.com/wiki/Mining_Secrets
Line 9: Line 9:


Spanish:
Spanish:
* https://www.prensacomunitaria.org/2022/03/diez-claves-para-leer-la-investigacion-miningsecrets/
* https://forbiddenstories.org/es/case/mining-secrets/
* https://forbiddenstories.org/es/case/mining-secrets/
* https://elpais.com/internacional/2022-03-06/asi-se-compra-un-estado-como-una-minera-rusa-corrompio-a-todos-los-poderes-en-guatemala.html
* https://elpais.com/internacional/2022-03-06/asi-se-compra-un-estado-como-una-minera-rusa-corrompio-a-todos-los-poderes-en-guatemala.html
* https://www.prensacomunitaria.org/2022/03/solway-la-minera-senalada-de-espionaje-a-periodistas-rechaza-acusaciones/
* https://www.prensacomunitaria.org/2022/03/solway-la-minera-senalada-de-espionaje-a-periodistas-rechaza-acusaciones/
* https://www.prensacomunitaria.org/2022/03/secreto-minero-una-investigacion-sobre-las-estrategias-de-una-mina-rusa-en-guatemala6/
* https://www.prensacomunitaria.org/2022/03/secreto-minero-una-investigacion-sobre-las-estrategias-de-una-mina-rusa-en-guatemala6/
* https://elfaro.net/es/202203/centroamerica/26055/Filtraci%C3%B3n-de-documentos-confirma-cooptaci%C3%B3n-del-Estado-guatemalteco-por-empresa-minera.htm
* https://storeproject.squarespace.com/secretos-mineros/espionaje-y-criminalizacion
* https://desinformemonos.org/la-version-caribena-de-una-red-criminal-entre-rusos-suizos-y-chapines-en-guatemala/
* https://desinformemonos.org/%d0%b3%d0%b2%d0%b0%d1%82%d0%b5%d0%bc%d0%b0%d0%bb%d0%b0-los-senores-del-polvo-rojo-y-los-senores-del-polvo-blanco/
* https://desinformemonos.org/%d0%b3%d0%b2%d0%b0%d1%82%d0%b5%d0%bc%d0%b0%d0%bb%d0%b0-guatemala-se-escribe-en-ruso/


== Hack ==
== Hack ==
Line 22: Line 28:
=== Video ===
=== Video ===
The hackers published a video showing in detail how they hacked Pronico, downloaded files and emails to leak, and then repeatedly sabotaged the company's computers over the course of 6 months. It can be downloaded [https://enlacehacktivista.org/hackback.webm here] or watched [https://kolektiva.media/w/twJjCTkvumnugRy61BjD3T here.] Credits for the video's soundtrack is available [https://enlacehacktivista.org/guacamaya_soundtrack.txt here]
The hackers published a video showing in detail how they hacked Pronico, downloaded files and emails to leak, and then repeatedly sabotaged the company's computers over the course of 6 months. It can be downloaded [https://enlacehacktivista.org/hackback.webm here] or watched [https://kolektiva.media/w/twJjCTkvumnugRy61BjD3T here.] Credits for the video's soundtrack is available [https://enlacehacktivista.org/guacamaya_soundtrack.txt here]
==== Video Timeline ====
<nowiki>
0:51    Introduction
2:05    ProxyLogon
5:35    Other methods of initial access
7:15    Get Domain Admin via dumping LSA secrets
13:35  Lateral movement onto other servers
15:40  Backdooring a switch
21:42  Golden Tickets
25:08  Eternal Blue
32:56  Enabling wdigest and dumping passwords with mimikatz
33:53  Grabbing VPN and saved browser passwords of sysadmin
40:26  Scanning for SMB shares
42:45  Exfiltrating files
49:09  Enabling file sharing via group policy
54:35  Exfiltrating email
1:03:22 Wiping company's storage servers
1:11:31 Wiping computers with Kaspersky
1:13:07 Wiping servers using diskpart
1:14:46 Wiping Office 365
1:24:16 Wiping windows domain with Bitlocker
1:40:28 Stealthy persistence and avoiding AV with dnscat2
1:45:28 Avoiding AV with mimikatz
1:47:03 Wiping storage servers via iscsi
2:06:18 Avoiding AV to exploit PrintNightmare
2:13:35 Wiping windows domain with sdelete
</nowiki>
[[Category:Hacks]]

Revision as of 18:01, 12 March 2022

Pronico operates the Fenix mine in Guatemala, which has a long history of human rights abuses, environmental damage, and resistance by the surrounding communities.

Media Coverage

English:

Spanish:

Hack

The hack was done by a group calling themselves 'Guacamaya'

Video

The hackers published a video showing in detail how they hacked Pronico, downloaded files and emails to leak, and then repeatedly sabotaged the company's computers over the course of 6 months. It can be downloaded here or watched here. Credits for the video's soundtrack is available here

Video Timeline

0:51    Introduction
2:05    ProxyLogon
5:35    Other methods of initial access
7:15    Get Domain Admin via dumping LSA secrets
13:35   Lateral movement onto other servers
15:40   Backdooring a switch
21:42   Golden Tickets
25:08   Eternal Blue
32:56   Enabling wdigest and dumping passwords with mimikatz
33:53   Grabbing VPN and saved browser passwords of sysadmin
40:26   Scanning for SMB shares
42:45   Exfiltrating files
49:09   Enabling file sharing via group policy
54:35   Exfiltrating email
1:03:22 Wiping company's storage servers
1:11:31 Wiping computers with Kaspersky
1:13:07 Wiping servers using diskpart
1:14:46 Wiping Office 365
1:24:16 Wiping windows domain with Bitlocker
1:40:28 Stealthy persistence and avoiding AV with dnscat2
1:45:28 Avoiding AV with mimikatz
1:47:03 Wiping storage servers via iscsi
2:06:18 Avoiding AV to exploit PrintNightmare
2:13:35 Wiping windows domain with sdelete