Category | Details |
---|---|
Threat Actors | DarkRaaS and CornDB |
Campaign Overview | DarkRaaS emerged in October 2024, initially claiming affiliation with DarkSide; CornDB registered in November 2024 with similar targeting and operations. |
Target Regions (Or Victims) | Primarily Israeli entities (government and private sectors), with some targets in the UAE, Bulgaria, Pakistan, Colombia, Turkey, Argentina, Singapore, Malaysia, and the US. |
Methodology | Data theft, breach of cloud systems, and access to various organizations through targeted attacks. |
TTPs | Similar operational tactics including using forum posts with collective pronouns, identical cryptocurrency preferences (Bitcoin, Ethereum, Litecoin, Monero), and using TOX IDs for communication. |
Evidence of Connection | Shared TOX ID, similar phrasing in posts, operational overlap, and identical cryptocurrency preferences suggest a link between DarkRaaS/bashify and CornDB. |
Attribution | Likely the same actor or closely connected members of the same group. Evidence suggests a coordinated transition from DarkRaaS to CornDB. |
Recommendations | Monitor for similar attacks targeting high-profile entities, especially those with connections to Israeli sectors. Focus on TOX IDs and cryptocurrency transactions. |
Source | KELA Cyber |
Read full article:https://www.kelacyber.com/blog/darkraas-and-corndb-evidence-of-a-coordinated-network/
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply