Category | Details |
---|---|
Threat Actors | Crypt Ghouls |
Campaign Overview | Targeted Russian businesses and government agencies with ransomware. |
Target Regions (Or Victims) | Russian businesses and government agencies |
Methodology | VPN access through contractor login, WMI, RDP, PowerShell, DLL sideloading |
Product targeted | Windows systems (LockBit 3.0, Babuk), ESXi servers (Babuk) |
Malware Reference | LockBit 3.0 (Windows), Babuk (Linux, ESXi) |
Tools Used | Mimikatz, XenAllPasswordPro, PingCastle, AnyDesk, PsExec, resocks, RDP |
Vulnerabilities Exploited | Unpatched vulnerabilities, contractor VPN services |
TTPs | VPN exploitation, credential dumping, WMI, RDP, network scanning |
Attribution | Suspicion of Russian-hosted infrastructure and contractor VPN access |
Recommendations | Patch vulnerabilities, monitor contractor access, deploy multi-factor authentication |
Source | Securelist by Kaspersky |
Read full article : https://securelist.com/crypt-ghouls-hacktivists-tools-overlap-analysis/114217/
The above summary has been generated by an AI language model
Leave a Reply