Key Detail | Information |
---|---|
Threat Actors | CyberVolk/GLORIAMIST, a politically motivated hacktivist collective with pro-Russia leanings. |
Campaign Overview | CyberVolk launched ransomware attacks using its RaaS model, primarily targeting government and public entities, leveraging geopolitical tensions to justify its actions. |
Target Regions (Or Victims) | Japan (Japan Foundation, Japan Oceanographic Data Center, Japan Meteorological Agency, Tokyo Global Information System Centre); previously targeted multiple countries. |
Methodology | CyberVolk uses ransomware, DDoS, and defacement attacks. Ransomware payloads are based on AzzaSec and later modified by CyberVolk. |
Product Targeted | Government entities, public organizations, and geopolitical targets in Japan and other regions. |
Malware Reference | CyberVolk Ransomware, AzzaSec Ransomware, HexaLocker, Parano, DoubleFace. |
Tools Used | Ransomware-as-a-Service (RaaS) platforms, modified AzzaSec ransomware code, ChaCha20-Poly1305 + AES + RSA encryption, BTC/USDT payment systems. |
Vulnerabilities Exploited | Use of DDoS, ransomware to disrupt operations and extort organizations, but specific vulnerabilities not mentioned. |
TTPs (Tactics, Techniques, Procedures) | DDoS attacks, file encryption, decryption timers, ransomware payments in BTC or USDT, system disruption, file renaming (.CyberVolk extension). |
Attribution | CyberVolk, associated with pro-Russia hacktivist groups. |
Recommendations | Strengthen cybersecurity measures, monitor for ransomware activity, implement effective backup strategies, and employ multi-factor authentication. |
Source | Malware News |
Read full article: https://malware.news/t/cybervolk-a-deep-dive-into-the-hacktivists-tools-and-ransomware-fueling-pro-russian-cyber-attacks/88702
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply