Ukraine – Kyiv (Kiev) Hack traces
So, I have decided to start documenting my Cyber Security and Digital Forensics skills. This one is going to be a work in progress.
-Clocked in: 15OCT2020-08:00:00PM CST:
A client of mine is using GoDaddy and a SaaS for WordPress and has asked me to secure and monitor the site. For now, the area of focus for this will be just this one site and just this month. I was routinely checking in on the site but also checking to see if our Google Ad Sense to monitorize the site was approved for the site, but this was what I was greeted with. Slightly alarming.
So, you have to have some base knowledge if you are going to go down this rabbit hole with me… Tracert, now I like to use Open Visual Trace Route; it is rather slick. Download Visual Trace
Now installing that will not just be a “next->next->”, but that’s why you have me get involved from the start or when needed, right? Contact me for situations like this… But onward, buttercup!
Web Application Firewalls, “Blue Team”, “Red Team”, IDS/IDPS/HIDP, SaaS vulnerability scanning, and management have protected them thus far. But wait, we are not done yet.
So, I narrow this threat actor down…
No, wait… before I go on, remind you, it is best when playing hide and seek to not reveal who you are… I use Express VPN; if the attacker is looking for what is coming, it is NOW from a communistic state, China.
Quick check, who do they think I am coming from now?
That’s right, not from Chicago; we are the OG Gagsters, right? Al Capone, anyone?
Ok, so now let us find out more… Here is where the IP that has been attacking the site is located:
Slobozhenyuk Bogdan Yuriyovych is the person who is the legal identity with whom with international law I would go after:
FOP Slobozhenyuk Bogdan Yuriyovich UA Unit (Uaunit.com) Addresses: Svitlitsky, bud. 35, no. 9, m.Kiyiv, 04136 Postal address: Marshal Grechko, bud. 20 V, sq. 58, m.Kiyiv, 04136 Phone: +38 (044) 451 51 07 E-mail: tech. pіdtrimka firstname.lastname@example.org email@example.com firstname.lastname@example.org p / r 26005052626991 in KB PRIVATBANK, m.Kiyiv MFO 320649, ЄDRPOU 3404215492
Now that is the legal entity to where legal documents are signed and who is a legal entity for the shared provider. International Law will need to be with regard to Ukraine legislation. A Vikoristannya Zamovnik also has a relation to the physical location below.
The physical address of where the server hacks originate physically is:
Akad. Krymskogo str. 4a, office 339 03680 Kyiv UKRAINE
But along the way, I think I found out where the hacker is logging in from to the DATA CENTER, from his house to this shared provider… Here is his house:
Clocked out 15OCT2020 – 10:07 PM CST