| Category | Details |
|---|---|
| Threat Actors | CyberVolk (formerly Gloriamist India, leader known as Hacker-K, potentially of Indian origin). |
| Campaign Overview | Hacktivist group targeting state and public entities in countries opposing Russian interests, deploying ransomware and info-stealing malware. |
| Target Regions | Japan, France, U.K. |
| Targeted Sectors | Critical infrastructure facilities, scientific institutions, government entities. |
| Malware Reference | CyberVolk’s ransomware derived from AzzaSec’s leaked source code, includes info-stealing malware. |
| Tools Used | Ransomware (derived from AzzaSec), info-stealing malware, DDoS attacks, HexaLocker, Parano, LockBit, Chaos. |
| Vulnerabilities Exploited | No specific vulnerabilities mentioned in the text. |
| TTPs | - DDoS attacks - Ransomware deployment - Info-stealing via Discord - Cryptocurrency wallet data exfiltration |
| Attribution | Hacktivist group possibly based in India, aligned with pro-Russian and anti-Israel hacktivist movements. |
| Recommendations | - Monitor for ransomware attacks targeting critical sectors. - Block Discord traffic to prevent data exfiltration. - Use behavioral analysis to detect unusual ransomware activity. |
| Source | The Record |
Read full article: https://therecord.media/cybervolk-india-hacktivists-russia-ransomware
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply