| Category | Details |
|---|---|
| Threat Actors | Maksim Yakubets, Igor Turashev, Aleksandr Ryzhenkov, members of GOLD DRAKE (Evil Corp) and their affiliates. |
| Campaign Overview | Phase 3 of Operation Cronos targeting LockBit ransomware and its affiliates, including sanctions and arrests. |
| Target Regions (Victims) | Global, particularly in the U.S. and UK. LockBit victims include large organizations. |
| Methodology | Arrests, sanctions, takedowns, and leak site exposure, aiming to disrupt ransomware operations and infrastructure. |
| Product Targeted | LockBit Ransomware-as-a-Service (RaaS), BitPaymer, WastedLocker, Hades, Phoenix CryptoLocker, Payload.Bin, Grief, and DoppelPaymer ransomware. |
| Malware Reference | LockBit, BitPaymer, WastedLocker, Hades, Phoenix CryptoLocker, and Grief. |
| Tools Used | Cobalt Strike, Dridex, SocGholish, PowerShell scripts, and various botnets like Cutwail and Emotet. |
| Vulnerabilities Exploited | Social engineering (spam, phishing), exploitation of software vulnerabilities, use of stolen credentials for initial access. |
| TTPs | Ransomware deployment, post-compromise tool usage, network reconnaissance, data exfiltration, and extortion. |
| Attribution | Linked to GOLD DRAKE (Evil Corp) and its evolution into UNC2165, with strong ties to Russian state interests. |
| Recommendations | Avoid paying ransoms, improve cybersecurity defenses, educate employees on phishing, and monitor for signs of ransomware infiltration. |
| Source | Secureworks |
Read full article :https://www.secureworks.com/blog/lockbit-links-to-evil-corp
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply