Cybersecurity analyst disowns threat actor ‘twin’


Vx-Underground is a regular fixture on Twitter, aka X, regularly posting bulletins regarding threat actors. Now, the cybersecurity analyst has had to issue a rather unusual update – disavowing a ransomware group that has poached its name.

“We are aware a Threat Actor is framing us with the name ‘Vx-underground ransomware,’” tweeted (we hope) the real Vx-Underground. “We are not threat actors.”

However, most of Vx-Underground’s indignity seemed reserved for its dark doppelganger’s choice of attack kit, a package known as “phobos.”

“It is insulting that you'd think we'd stoop so low as to use Phobos,” spluttered Legit Vx. “Really? Phobos? Why would anyone use that hunk-of-junk?”

As jocular as its rebuttal may have been, there does appear to be a copycat Vx running around the dark web doing nefarious deeds – the analyst shared a post by the ransomware gang in which it announces: “All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to [sic] the email [email protected].”

Intriguingly, the ransom gang also includes a Twitter handle, @vxunderground. This is, character for character, the exact same as the real Vx’s platform moniker – suggesting that the intention could be to frame it or besmirch its reputation.

Whatever the truth of the matter, fellow X users were duly amused. “I told u guys vx-underground [sic] is rich!” tweeted Bass. “Guess someone is not happy about your work,” added Anni The Seal thoughtfully. “Perhaps that is the reason they decided to choose this name.”

Perhaps, Anni, perhaps.


More from Cybernews:

AutoZone adds self to list of MOVEit victims

Best botnet ad? An attack on OpenAI

Disaster fraud: you’ll never even know you were conned

Ukraine’s top two cybersecurity officials axed amid embezzlement probe

Fully functional robotic hand printed in one go

Subscribe to our newsletter