Press ESC to close

Analysis of the Crypt Ghouls group: continuing the investigation into a series of attacks on Russia

CategoryDetails
Threat ActorsCrypt Ghouls
Campaign OverviewTargeted Russian businesses and government agencies with ransomware.
Target Regions (Or Victims)Russian businesses and government agencies
MethodologyVPN access through contractor login, WMI, RDP, PowerShell, DLL sideloading
Product targetedWindows systems (LockBit 3.0, Babuk), ESXi servers (Babuk)
Malware ReferenceLockBit 3.0 (Windows), Babuk (Linux, ESXi)
Tools UsedMimikatz, XenAllPasswordPro, PingCastle, AnyDesk, PsExec, resocks, RDP
Vulnerabilities ExploitedUnpatched vulnerabilities, contractor VPN services
TTPsVPN exploitation, credential dumping, WMI, RDP, network scanning
AttributionSuspicion of Russian-hosted infrastructure and contractor VPN access
RecommendationsPatch vulnerabilities, monitor contractor access, deploy multi-factor authentication
SourceSecurelist by Kaspersky

Read full article : https://securelist.com/crypt-ghouls-hacktivists-tools-overlap-analysis/114217/

The above summary has been generated by an AI language model

Leave a Reply

Your email address will not be published. Required fields are marked *