Pronico: Difference between revisions

From Enlace Hacktivista
Jump to navigation Jump to search
No edit summary
No edit summary
 
Line 1: Line 1:
Pronico operates the Fenix mine in Guatemala, which has a long history of human rights abuses, environmental damage, and resistance by the surrounding communities.
Pronico operates the Fenix mine in Guatemala, which has a long history of human rights abuses, environmental damage, and resistance by the surrounding communities.


== News ==
== Media Coverage ==
English:
English:
* https://ddosecrets.com/wiki/Mining_Secrets
* https://ddosecrets.com/wiki/Mining_Secrets
Line 16: Line 16:
* https://elfaro.net/es/202203/centroamerica/26055/Filtraci%C3%B3n-de-documentos-confirma-cooptaci%C3%B3n-del-Estado-guatemalteco-por-empresa-minera.htm
* https://elfaro.net/es/202203/centroamerica/26055/Filtraci%C3%B3n-de-documentos-confirma-cooptaci%C3%B3n-del-Estado-guatemalteco-por-empresa-minera.htm
* https://storeproject.squarespace.com/secretos-mineros/espionaje-y-criminalizacion
* https://storeproject.squarespace.com/secretos-mineros/espionaje-y-criminalizacion
* https://desinformemonos.org/la-version-caribena-de-una-red-criminal-entre-rusos-suizos-y-chapines-en-guatemala/
* https://desinformemonos.org/%d0%b3%d0%b2%d0%b0%d1%82%d0%b5%d0%bc%d0%b0%d0%bb%d0%b0-los-senores-del-polvo-rojo-y-los-senores-del-polvo-blanco/
* https://desinformemonos.org/%d0%b3%d0%b2%d0%b0%d1%82%d0%b5%d0%bc%d0%b0%d0%bb%d0%b0-guatemala-se-escribe-en-ruso/


== Hack ==
== Hack ==
Line 53: Line 56:
2:13:35 Wiping windows domain with sdelete
2:13:35 Wiping windows domain with sdelete
</nowiki>
</nowiki>
[[Category:Hacks]]

Latest revision as of 18:01, 12 March 2022

Pronico operates the Fenix mine in Guatemala, which has a long history of human rights abuses, environmental damage, and resistance by the surrounding communities.

Media Coverage

English:

Spanish:

Hack

The hack was done by a group calling themselves 'Guacamaya'

Video

The hackers published a video showing in detail how they hacked Pronico, downloaded files and emails to leak, and then repeatedly sabotaged the company's computers over the course of 6 months. It can be downloaded here or watched here. Credits for the video's soundtrack is available here

Video Timeline

0:51    Introduction
2:05    ProxyLogon
5:35    Other methods of initial access
7:15    Get Domain Admin via dumping LSA secrets
13:35   Lateral movement onto other servers
15:40   Backdooring a switch
21:42   Golden Tickets
25:08   Eternal Blue
32:56   Enabling wdigest and dumping passwords with mimikatz
33:53   Grabbing VPN and saved browser passwords of sysadmin
40:26   Scanning for SMB shares
42:45   Exfiltrating files
49:09   Enabling file sharing via group policy
54:35   Exfiltrating email
1:03:22 Wiping company's storage servers
1:11:31 Wiping computers with Kaspersky
1:13:07 Wiping servers using diskpart
1:14:46 Wiping Office 365
1:24:16 Wiping windows domain with Bitlocker
1:40:28 Stealthy persistence and avoiding AV with dnscat2
1:45:28 Avoiding AV with mimikatz
1:47:03 Wiping storage servers via iscsi
2:06:18 Avoiding AV to exploit PrintNightmare
2:13:35 Wiping windows domain with sdelete