Press ESC to close

Analysis of the Crypt Ghouls group: continuing the investigation into a series of attacks on Russia

CategoryDetails
Threat ActorsCrypt Ghouls
Campaign OverviewTargeted Russian businesses and government agencies with ransomware.
Target Regions (Or Victims)Russian businesses and government agencies
MethodologyVPN access through contractor login, WMI, RDP, PowerShell, DLL sideloading
Product targetedWindows systems (LockBit 3.0, Babuk), ESXi servers (Babuk)
Malware ReferenceLockBit 3.0 (Windows), Babuk (Linux, ESXi)
Tools UsedMimikatz, XenAllPasswordPro, PingCastle, AnyDesk, PsExec, resocks, RDP
Vulnerabilities ExploitedUnpatched vulnerabilities, contractor VPN services
TTPsVPN exploitation, credential dumping, WMI, RDP, network scanning
AttributionSuspicion of Russian-hosted infrastructure and contractor VPN access
RecommendationsPatch vulnerabilities, monitor contractor access, deploy multi-factor authentication
SourceSecurelist by Kaspersky

Read full article : https://securelist.com/crypt-ghouls-hacktivists-tools-overlap-analysis/114217/

The above summary has been generated by an AI language model

Related posts:

Unveiling LIMINAL PANDA: A Closer Look at China's Cyber Threats to the Telecom Sector TTP Today Fraud & Intelligence Insights Report Q1-Q3 2024 China’s Salt Typhoon hackers target telecom firms in Southeast Asia with new malware IT threat evolution in Q3 2024. Non-mobile statistics

Leave a Reply

Your email address will not be published. Required fields are marked *

Stay Updated with Our Newsletter

Filter Posts by Date

Explore Topics