Category | Details |
---|---|
Threat Actors | CyberVolk (formerly Gloriamist India, leader known as Hacker-K, potentially of Indian origin). |
Campaign Overview | Hacktivist group targeting state and public entities in countries opposing Russian interests, deploying ransomware and info-stealing malware. |
Target Regions | Japan, France, U.K. |
Targeted Sectors | Critical infrastructure facilities, scientific institutions, government entities. |
Malware Reference | CyberVolk’s ransomware derived from AzzaSec’s leaked source code, includes info-stealing malware. |
Tools Used | Ransomware (derived from AzzaSec), info-stealing malware, DDoS attacks, HexaLocker, Parano, LockBit, Chaos. |
Vulnerabilities Exploited | No specific vulnerabilities mentioned in the text. |
TTPs | – DDoS attacks – Ransomware deployment – Info-stealing via Discord – Cryptocurrency wallet data exfiltration |
Attribution | Hacktivist group possibly based in India, aligned with pro-Russian and anti-Israel hacktivist movements. |
Recommendations | – Monitor for ransomware attacks targeting critical sectors. – Block Discord traffic to prevent data exfiltration. – Use behavioral analysis to detect unusual ransomware activity. |
Source | The Record |
Read full article: https://therecord.media/cybervolk-india-hacktivists-russia-ransomware
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply