Press ESC to close

CyberVolk | A Deep Dive into the Hacktivists, Tools and Ransomware Fueling Pro-Russian Cyber Attacks

Key DetailInformation
Threat ActorsCyberVolk/GLORIAMIST, a politically motivated hacktivist collective with pro-Russia leanings.
Campaign OverviewCyberVolk launched ransomware attacks using its RaaS model, primarily targeting government and public entities, leveraging geopolitical tensions to justify its actions.
Target Regions (Or Victims)Japan (Japan Foundation, Japan Oceanographic Data Center, Japan Meteorological Agency, Tokyo Global Information System Centre); previously targeted multiple countries.
MethodologyCyberVolk uses ransomware, DDoS, and defacement attacks. Ransomware payloads are based on AzzaSec and later modified by CyberVolk.
Product TargetedGovernment entities, public organizations, and geopolitical targets in Japan and other regions.
Malware ReferenceCyberVolk Ransomware, AzzaSec Ransomware, HexaLocker, Parano, DoubleFace.
Tools UsedRansomware-as-a-Service (RaaS) platforms, modified AzzaSec ransomware code, ChaCha20-Poly1305 + AES + RSA encryption, BTC/USDT payment systems.
Vulnerabilities ExploitedUse of DDoS, ransomware to disrupt operations and extort organizations, but specific vulnerabilities not mentioned.
TTPs (Tactics, Techniques, Procedures)DDoS attacks, file encryption, decryption timers, ransomware payments in BTC or USDT, system disruption, file renaming (.CyberVolk extension).
AttributionCyberVolk, associated with pro-Russia hacktivist groups.
RecommendationsStrengthen cybersecurity measures, monitor for ransomware activity, implement effective backup strategies, and employ multi-factor authentication.
SourceMalware News

Read full article: https://malware.news/t/cybervolk-a-deep-dive-into-the-hacktivists-tools-and-ransomware-fueling-pro-russian-cyber-attacks/88702

Disclaimer: The above summary has been generated by an AI language model

Leave a Reply

Your email address will not be published. Required fields are marked *