Category | Details |
---|---|
Threat Actors | Rostislav Panev (LockBit developer), NetWalker ransomware affiliates, Mark Sokolovsky (Raccoon Stealer), Vitalii Antonenko |
Campaign Overview | Development and deployment of ransomware (LockBit, NetWalker), malware (Raccoon Stealer), and credit card trafficking |
Target Regions/Victims | Global (LockBit: 2,500 entities across 120 countries, including 1,800 in the U.S.), healthcare sector (NetWalker), general victims (Raccoon Stealer, SQL injection attacks) |
Methodology | – LockBit: RaaS model, ransomware deployment, data exfiltration, and encryption – NetWalker: Targeted healthcare during COVID-19 pandemic – Raccoon Stealer: Malware-as-a-Service (MaaS), phishing – SQL injection for data theft and laundering |
Product Targeted | – LockBit: Multinational corporations, critical infrastructure, government entities – NetWalker: Healthcare organizations – Raccoon Stealer: Individual systems for data theft – SQL Injection: Payment systems, sensitive databases |
Malware Reference | LockBit ransomware, NetWalker ransomware, Raccoon Stealer |
Tools Used | – LockBit Builder, StealBit tool – Raccoon Stealer malware – SQL injection attacks |
Vulnerabilities Exploited | Not specified for LockBit and NetWalker; Raccoon Stealer used phishing; SQL Injection targeted vulnerable database systems |
TTPs | Lateral movement, disabling antivirus software, mass malware deployment, phishing campaigns, SQL injection |
Attribution | LockBit: Panev and other arrested affiliates NetWalker: Romanian and Canadian affiliates Raccoon Stealer: Sokolovsky (developer) SQL Attacks: Vitalii Antonenko |
Recommendations | Improve network monitoring, enforce MFA, regularly update systems, train users on phishing risks, implement WAF to prevent SQL injection attacks |
Source | The Hackers News |
Read full article: https://thehackernews.com/2024/12/lockbit-developer-rostislav-panev.html
The above summary has been generated by an AI language model
Leave a Reply