Login

**milos_rs** · 12-21-2023, 08:17 PM

CERT je na zadatku ali ne može da deli nikakve informacije:

Quote:The National Center for the Prevention of Security Risks, CERT, told BIRN that the incident related to EPS was reported to them on December 18. CERT works according to international Traffic Light Protocol, TLP, standards, which also defines how sensitive information should be shared, it explained.

“As the information received, when reporting the incident, is marked as TLP:AMBER+STRICT, it is not possible to share it with the general public” CERT answered.

izvor https://balkaninsight.com/2023/12/21/hac...of-action/

Quote:TLP:Amber+Strict
When should it be used? Sources may use TLP:AMBER+STRICT when information requires support to be effectively acted upon, yet carries risk to privacy, reputation, or operations if shared outside of the organization.
How should it be shared? Recipients may share TLP:AMBER+STRICT information only with members of their own organization on a need-to-know basis to protect their organization and prevent further harm.

izvor https://www.cisa.gov/news-events/news/tr...-and-usage

1van · 12-22-2023, 10:20 AM

Evo šta možemo možda da zaključimo iz ove email poruke "Delivery has failed to these recipients or groups.":

Quote:A restricted entity is a user account or a connector that's blocked from sending email due to indications of compromise, which typically includes exceeding message receiving and sending limits.

Detalji: https://learn.microsoft.com/en-us/micros...users-list

Quote:Sometimes after sending an email, you may encounter the delivery has failed to these recipients or groups error while using the Exchange Server. The most common reason for this error that your email address is flagged as spam or it is no longer allowed to send messages outside of your organization. Contact your email admin for assistance.
As the error message indicates, it can occur if your account is flagged for sending spam or if it is blocked.

Detalji: https://windowsreport.com/delivery-faile...ts-groups/

Dakle moguće je da su sa EPS naloga krenuli sa šalju SPAM i da su automatski blokirani?

Dalje vidimo da ima više HOP-ova i u internoj mreži pre nego što je mejl odbijen?

Filename: EPS_HOPS_1.png Size: 386.85 KB 12-22-2023, 10:19 AM

**milos_rs** · 12-26-2023, 10:26 PM

neki komentari koje sam našao po internetu...

Filename: twicko.png Size: 43 KB 12-26-2023, 10:21 PM

Filename: comm1.png Size: 34.14 KB 12-26-2023, 10:23 PM

Filename: comm2.png Size: 33.88 KB 12-26-2023, 10:23 PM

Filename: comm3.png Size: 17 KB 12-26-2023, 10:25 PM

napad preko lično donetog USBa?

Filename: comm4.png Size: 10.54 KB 12-26-2023, 10:25 PM

naravno ovo je sve neprovereno

***y0d4*** · (This post was last modified: 12-27-2023, 03:03 PM by y0d4.)

Imaju CB, Avast, Symantec cak se i javno hvale (2019a god. objava) :>

Радници задужени за ИТ
безбедност су ангажовани и
у другим огранцима, где су
значајно помогли инсталацију
Avast и Carbon black заштите.
https://www.eps.rs/cir/SiteAssets/Pages/...202019.pdf

cak i za ostalo:
https://www.eps.rs/cir/Documents/KD%20JN...-2018.docx

***maxxa*** · 12-27-2023, 04:33 PM

Evo sa zvanicne stranice Qilin rans grupe

Filename: qilin_eps.png Size: 594.12 KB 12-27-2023, 04:32 PM

Quote:The joint stock company "Electric Power Industry of Serbia" is the largest company in Serbia, the economic and energy support of the country. The main activities of EPS AD are production, supply and trade of electricity. EPS is fully committed to achieving its mission, which is to securely supply customers with electricity, under the most favorable market conditions, with constant raising of the quality of services, improving environmental care and increasing the well-being of the community in which it operates. EPS strives to be a socially responsible, market-oriented and profitable company, competitive on the European market and with a significant impact in the region, recognized as a reliable partner to domestic and international companies. Organization: The founder and sole shareholder of EPS JSC is the Republic of Serbia, and the rights of the founder are exercised by the Government of the Republic of Serbia. The share capital of the Company is 100% share capital and is divided into 36,510,509 ordinary shares with voting rights, each with a nominal value of RSD 10,000.00. All ordinary shares are issued and are owned by the founder. The bodies of the Joint Stock Company "Electric Power Industry of Serbia" are the Assembly, the Supervisory Board and the Executive Board. The Assembly appoints the members of the Supervisory Board, while the Supervisory Board appoints the Director General and Executive Directors who make up the Executive Board. The company "EPS Trading" d.o.o. Ljubljana was founded on July 1, 2014 as the first PD established by EPS abroad for the purpose of trading electricity. EPS is a vertically organized company, which has founding rights in two subsidiaries and three public companies in Kosovo and Metohija. Since June 1999, EPS has been unable to manage its capacities in Kosovo and Metohija. This company was successfully attacked by our forces. This company did not take care of its Internet security and the safety of its customers and partners. The company does not get in touch with us and does not want to resolve the issue quickly, without losses and reputational risks. In addition to the blocked servers, we stole a huge part of the company's private data. Private agreements, contracts with partners inside and outside the country, financial documents, loan agreements, reports, balance sheets, a huge number of private email correspondence. And much, much, much more. In the event that the company does not come to an agreement with us, the entire date will be available for public download after 10 days.

VincaSec · 12-27-2023, 05:36 PM

Jel imaju podatke o potrošačima?

***y0d4*** · 12-27-2023, 06:05 PM

"And much, much, much more." :>

**milos_rs** · (This post was last modified: 12-27-2023, 07:40 PM by milos_rs.)

Bukvalno sam sinoć gledao qillin stranicu da vidim da li su nešto objavili.
Sad više nema skrivanja, zamisli ni jednu jedinu komunikaciju nisu objavili iz EPSa samo "hakovali nas ništa nije u opasnosti" lol, dopustili su napadačima da vode narativ, koje dileje

**milos_rs** · (This post was last modified: 12-27-2023, 08:38 PM by milos_rs.)

evo ceo skrinšot

Filename: skrin.png Size: 695.78 KB 12-27-2023, 08:22 PM

evo jedna od zanimljivijih slika barem sa aspekta naše analize ovde. Ovo je verovatno pretraga fajlova urađena na tom PC-u iz skrinšota za samo MSG fajlove (Outlook Message Item File), kojih ima kao što se vidi na donjem levom delu skrinšota 3696 komada. Nepoznato je da li je ovo računar nekoga iz EPSa ili računar napadača posle prebacivanja svih fajlova.

Filename: 9a4e62a9f2a6e5fc746e7cae7a1df518.jpg Size: 236.5 KB 12-27-2023, 08:22 PM

ostale slike su razni ugovori, fakture, verovatno je sve to već javno jer je javno preduzeće? Možda za javne nabavke je sve javno ali ovi neki ugovori oko kredita sa raznim bankama možda i nije javno? Zaista ne znam

**milos_rs** · 12-27-2023, 09:29 PM

komentar sa reddita

Login
Username/Email:
Password:	Lost Password?
	Remember me