Pronico: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
(2 intermediate revisions by one other user not shown) | |||
Line 1: | Line 1: | ||
Pronico operates the Fenix mine in Guatemala, which has a long history of human rights abuses, environmental damage, and resistance by the surrounding communities. | Pronico operates the Fenix mine in Guatemala, which has a long history of human rights abuses, environmental damage, and resistance by the surrounding communities. | ||
== | == Media Coverage == | ||
English: | English: | ||
* https://ddosecrets.com/wiki/Mining_Secrets | * https://ddosecrets.com/wiki/Mining_Secrets | ||
Line 16: | Line 16: | ||
* https://elfaro.net/es/202203/centroamerica/26055/Filtraci%C3%B3n-de-documentos-confirma-cooptaci%C3%B3n-del-Estado-guatemalteco-por-empresa-minera.htm | * https://elfaro.net/es/202203/centroamerica/26055/Filtraci%C3%B3n-de-documentos-confirma-cooptaci%C3%B3n-del-Estado-guatemalteco-por-empresa-minera.htm | ||
* https://storeproject.squarespace.com/secretos-mineros/espionaje-y-criminalizacion | * https://storeproject.squarespace.com/secretos-mineros/espionaje-y-criminalizacion | ||
* https://desinformemonos.org/la-version-caribena-de-una-red-criminal-entre-rusos-suizos-y-chapines-en-guatemala/ | |||
* https://desinformemonos.org/%d0%b3%d0%b2%d0%b0%d1%82%d0%b5%d0%bc%d0%b0%d0%bb%d0%b0-los-senores-del-polvo-rojo-y-los-senores-del-polvo-blanco/ | |||
* https://desinformemonos.org/%d0%b3%d0%b2%d0%b0%d1%82%d0%b5%d0%bc%d0%b0%d0%bb%d0%b0-guatemala-se-escribe-en-ruso/ | |||
== Hack == | == Hack == | ||
The hack was done by a group calling themselves | The hack was done by a group calling themselves [[Guacamaya]] | ||
* [https://enlacehacktivista.org/comunicado_guacamaya.txt Statement by the hackers] | * [https://enlacehacktivista.org/comunicado_guacamaya.txt Statement by the hackers] | ||
* [https://forbiddenstories.org/the-struggle-of-one-territory-must-be-the-struggle-of-all/ Interview] | * [https://forbiddenstories.org/the-struggle-of-one-territory-must-be-the-struggle-of-all/ Interview] | ||
Line 41: | Line 44: | ||
42:45 Exfiltrating files | 42:45 Exfiltrating files | ||
49:09 Enabling file sharing via group policy | 49:09 Enabling file sharing via group policy | ||
54:35 Exfiltrating | 54:35 Exfiltrating e-mail | ||
1:03:22 Wiping company's storage servers | 1:03:22 Wiping company's storage servers | ||
1:11:31 Wiping computers with Kaspersky | 1:11:31 Wiping computers with Kaspersky | ||
Line 53: | Line 56: | ||
2:13:35 Wiping windows domain with sdelete | 2:13:35 Wiping windows domain with sdelete | ||
</nowiki> | </nowiki> | ||
[[Category:Hacks]] |
Latest revision as of 08:17, 27 November 2023
Pronico operates the Fenix mine in Guatemala, which has a long history of human rights abuses, environmental damage, and resistance by the surrounding communities.
Media Coverage
English:
- https://ddosecrets.com/wiki/Mining_Secrets
- https://forbiddenstories.org/case/mining-secrets/
- https://www.theguardian.com/global-development/2022/mar/06/indigenous-groups-oppose-restarting-guatemala-nickel-mine
- https://www.occrp.org/en/investigations/mining-secrets-major-nickel-producer-accused-of-polluting-guatemalas-largest-lake#
Spanish:
- https://www.prensacomunitaria.org/2022/03/diez-claves-para-leer-la-investigacion-miningsecrets/
- https://forbiddenstories.org/es/case/mining-secrets/
- https://elpais.com/internacional/2022-03-06/asi-se-compra-un-estado-como-una-minera-rusa-corrompio-a-todos-los-poderes-en-guatemala.html
- https://www.prensacomunitaria.org/2022/03/solway-la-minera-senalada-de-espionaje-a-periodistas-rechaza-acusaciones/
- https://www.prensacomunitaria.org/2022/03/secreto-minero-una-investigacion-sobre-las-estrategias-de-una-mina-rusa-en-guatemala6/
- https://elfaro.net/es/202203/centroamerica/26055/Filtraci%C3%B3n-de-documentos-confirma-cooptaci%C3%B3n-del-Estado-guatemalteco-por-empresa-minera.htm
- https://storeproject.squarespace.com/secretos-mineros/espionaje-y-criminalizacion
- https://desinformemonos.org/la-version-caribena-de-una-red-criminal-entre-rusos-suizos-y-chapines-en-guatemala/
- https://desinformemonos.org/%d0%b3%d0%b2%d0%b0%d1%82%d0%b5%d0%bc%d0%b0%d0%bb%d0%b0-los-senores-del-polvo-rojo-y-los-senores-del-polvo-blanco/
- https://desinformemonos.org/%d0%b3%d0%b2%d0%b0%d1%82%d0%b5%d0%bc%d0%b0%d0%bb%d0%b0-guatemala-se-escribe-en-ruso/
Hack
The hack was done by a group calling themselves Guacamaya
- Statement by the hackers
- Interview
- Screenshot of a statement posted to Pronico's website by the hackers
Video
The hackers published a video showing in detail how they hacked Pronico, downloaded files and emails to leak, and then repeatedly sabotaged the company's computers over the course of 6 months. It can be downloaded here or watched here. Credits for the video's soundtrack is available here
Video Timeline
0:51 Introduction 2:05 ProxyLogon 5:35 Other methods of initial access 7:15 Get Domain Admin via dumping LSA secrets 13:35 Lateral movement onto other servers 15:40 Backdooring a switch 21:42 Golden Tickets 25:08 Eternal Blue 32:56 Enabling wdigest and dumping passwords with mimikatz 33:53 Grabbing VPN and saved browser passwords of sysadmin 40:26 Scanning for SMB shares 42:45 Exfiltrating files 49:09 Enabling file sharing via group policy 54:35 Exfiltrating e-mail 1:03:22 Wiping company's storage servers 1:11:31 Wiping computers with Kaspersky 1:13:07 Wiping servers using diskpart 1:14:46 Wiping Office 365 1:24:16 Wiping windows domain with Bitlocker 1:40:28 Stealthy persistence and avoiding AV with dnscat2 1:45:28 Avoiding AV with mimikatz 1:47:03 Wiping storage servers via iscsi 2:06:18 Avoiding AV to exploit PrintNightmare 2:13:35 Wiping windows domain with sdelete