Pretty sure our situation is identical and it is government

Omg my exact issue… an have had it a while, I believe everything you said… my printer man in the middled me trying ti get clean os at a public accesspoint on a new phone bought for just this purpose it was infected but has been in my trunk for month’s unplugged… i spotted ghost rat payload logs as well… so i got a nee motherboard and gpu. Ram and drive… they are very good I bet it is russia government for sure… soke of those payloads are not known outside state actors. My xbox… network devices… second attempt to purge them… my mistake was thinking flashing my bios and a new ssd was enough… i saw after a bios flash… with no usb bootmedia my new ssd get setup and partitioned from the bios… with a linux.sys file if i recall… my windows boot usb have the sane fike injected as soon as i plugged it in… so did a fix me stick… well and got all its device identifiers found the sight it requested resources for redirected and got other files… in seconds… an was the first time my pc had ever seen a fix it stick… im suspecting possibly automated ai botnet like setup with oversight… an yes all my audio and visuak devices were turned on silently by duplicating the application which is hidden from me… after fight for control my windiws user account was no longer admin… and most the tools built in were either just removed or access denied and the tools to force priviledge escalation also missing those commands… lol btw for me they were using a remote connection with my ipv6 booting me from pxe prolly with that tiny Linux os and running biometrics and hello face again not installed locally but running locally with my hardware… they have to know who i am… so biometrics kinda scare… they could surely feed it to an ai to mimick you… id what other purpose biometrics woukd be useful if not to identify the speaker which isnt necessary here. You gotta trash your machines… all wifi and radio enabled devices at the very least… no cross contamination… I know this isnt target bc even isolated it trying to worm indiscriminately… its in several local businesses and neighbors i carry comoromised devices in faraday weave bags now to not infect… but this is prolly way more prevalent than i thought at first. Not sure how to diagnose on linux yet as i havent lost a linux so far… but ive kept them cold since… windows is hard for a layman or impossible. My first tip off was opening a drive manger and seeing accessing virtual disk flash… ran disk part no vdisk found… so either corruption or i am the vm… netstatr revealed a long list of hops asterisked out befire my isp… network analyzers found every device with wifi or bluetooth had virtual network adapters lol… fairly sure we are in a cyber war here… it stays perfectly hidden till you poke the bear. Devices look for hidden device you know were never there aside frok the duplicate hid devices hahaha

Bios flash failed for me with new drive and new os… had to trash the hardware… pretty sure our situation is identical and it is government.

@Rampage2323 Unfortunately your text is not well structured and hard to read. It also does not help anyone; you just claim that everything is hacked (by “Russians” of course). Please read relevant topics:

2 Likes

Well idk where he is but I have seen at least a few dozen devis hacked… only reason i say russia is the masked ipv6 was to the area… but I cant be sure of anything except that if its not a government they sure put a ton of effort in getting into systems and not stealing money or accounts over months… no lone hacker cares about mass data more than financial gain from private citizens. Could be the usa or china… all speculative, but there is no way ill believe a black hat is compiling biometrics when they definately have enough to defraud you. Also some of the upload sources for the data are asf business account servers… which require capital so they would be losing money if financial gain was the goal. Im just saying same symptoms dint waste money with piecemeal replacements and dont connect thru a compromised device, doesnt matter how secure the system is if its likely government… they dont have mediocre cyber security teams. You would just trash the hardware again. Its the most difficult compromise ive ever ran into. An it adapts so fast to attempts at removing it… novel software, different built in utilities only work once and obviously not deeply enough to do much but reduce future attempts. Seems crazy but if it is someone like russia you have take the chance however small into consideration as the number of windows users who would never even know their on a virtual os at home is enormous and mostly windows users. You gotta understand mass use of proprietary operating systems always implies a backdoor… regardless of what government or the companies say… government can force them to place it, can threaten prison for anyone who talks about it… and has a history of doing it… and it must be a serious issue as microsoft tpm rules for windows 11… they would put extra burden on people to use their os if it wasnt a serious problem… my windows on another machine has a tpm installed an on that device they have severed connextion to microsoft servers but have not been able to force it to boot to their servers… nor have they implanted tons of server settings into the motherboard like my old one had. I had a software security company looking at me for a while for this reason till i called them and let them know what was happening that I was stealing firmware and software from like cisco and such but it had been placed and utilized on my device from a hacker. An I my typing is terrible hahaha but I have add so if i dont type as i think i have to back up and try to get into the flow of thoughts again lol.

I know @fsflover will be unhappy with this and maybe other mods will disagree with me, but in it’s current rambling form this is spam/FUD/delusion. Closing and unlisting this thread.

@Rampage2323 you are welcome to the forum and we are open to understand your concerns and help you, but please put a bit more effort in your post. @fsflover linked respective instructions.

1 Like

In this case, I think its good if @Rampage2323 checks out some of the links @fsflover kindly provided.

I also recommend that future posts follow the Discussion guidelines, specifically this part:

“Be Concise. Include only essential information. Most of your readers lead busy lives and have precious little time. We want to spend some of that time helping you, if we can. But if you ramble, it will be easier to skip over you and help someone else who gets right to the point.”

I also recommend you read an earlier post of mine, which gives a pointer to how the security research community deals with analysis of alleged compromises.

You must be someone very very very important for a nation state actor to be burning so many 0-days across so many platforms as you allege. That nation state must also be pretty poor opsec to be doing it all in a way thats visible to you in real time as you are literally ‘eyes on’ the machine. Not only does that give their game away immediately, but it gives you an opportunity to grab all of their 0days in real time and then either release them to the world or sell them for millions. They must be the worst team ever, what shall we call them? how about ‘not-so-fancy bear’?

So, i would recommend that your posts are concise and that you back up your assertions with actual data (pcaps, dd images of disks, dumps of firmware) that show these compromises. If you can gather this evidence, them im sure many people in the security research community will be happy to assist you in analysis, for the chance to get their hands on your adversary’s poor opsec revealing, expensive 0days

Also, please follow code of conduct with regards to communications to other members. Swearing, being generally rude and throwing unfounded allegations about other members around breaks the rules. consider this as a warning.

2 Likes