Evidence of potential zero day exploit targeting Minecraft Forge
Live VOD recorded from Twitch on July 1, 2023
Log files available here:
Discord @Yoyoyopo5
EVENT LIST
0:00:18 devmods gets server ip
0:24:00 malicious user first joins server
0:34:10 raided by Rusenon (accomplice)
0:52:10 malicious user gets beacon achievement through exploited items (note here: nothing abnormal shows up in log files, such as /give commands or /gamemode)
0:54:58 hacked item base discovered
0:56:57 malicious user opped by server
1:01:53 PrimalCat (accomplice) mentions that Forge is compromised in Twitch chat
1:02:51 First user’s discord login info leaked (this was the first indication of RCE on client PCs)
1:06:50 devmods indicates exploit is zero-day in Twitch chat
1:08:18 Second user’s info is leaked in Twitch chat (indiciation that RCE was available on all connected clients)
1:09:22 devmods gives filesystem location of a node executable that was run remotely on everyone’s PC
1:09:25 PrimalCat (
7 months ago 00:00:00 1
7 months ago 08:28:05 1
7 months ago 05:02:16 1
7 months ago 00:51:50 1
7 months ago 00:03:35 1
7 months ago 01:19:54 1
7 months ago 00:10:10 1
7 months ago 00:39:43 1
7 months ago 00:10:28 1
7 months ago 00:01:35 3
7 months ago 00:30:40 1
7 months ago 00:11:04 1
7 months ago 00:01:32 1
7 months ago 00:55:49 1
7 months ago 01:27:50 1
7 months ago 00:00:17 1
7 months ago 00:03:23 1
7 months ago 00:56:25 1
7 months ago 00:03:34 1
7 months ago 00:25:18 1
7 months ago 01:47:46 4
7 months ago 00:17:00 1
7 months ago 00:01:46 1
7 months ago 00:08:03 4
