Press ESC to close

DarkRaaS & CornDB: Evidence of a Coordinated Network?

Category Details
Threat Actors DarkRaaS and CornDB
Campaign Overview DarkRaaS emerged in October 2024, initially claiming affiliation with DarkSide; CornDB registered in November 2024 with similar targeting and operations.
Target Regions (Or Victims) Primarily Israeli entities (government and private sectors), with some targets in the UAE, Bulgaria, Pakistan, Colombia, Turkey, Argentina, Singapore, Malaysia, and the US.
Methodology Data theft, breach of cloud systems, and access to various organizations through targeted attacks.
TTPs Similar operational tactics including using forum posts with collective pronouns, identical cryptocurrency preferences (Bitcoin, Ethereum, Litecoin, Monero), and using TOX IDs for communication.
Evidence of Connection Shared TOX ID, similar phrasing in posts, operational overlap, and identical cryptocurrency preferences suggest a link between DarkRaaS/bashify and CornDB.
Attribution Likely the same actor or closely connected members of the same group. Evidence suggests a coordinated transition from DarkRaaS to CornDB.
Recommendations Monitor for similar attacks targeting high-profile entities, especially those with connections to Israeli sectors. Focus on TOX IDs and cryptocurrency transactions.
Source KELA Cyber

Read full article:https://www.kelacyber.com/blog/darkraas-and-corndb-evidence-of-a-coordinated-network/

Disclaimer: The above summary has been generated by an AI language model

Source: Kela Cyber

Published on: December 2, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *