| Category | Details |
|---|---|
| Threat Actors | Rostislav Panev (LockBit developer), NetWalker ransomware affiliates, Mark Sokolovsky (Raccoon Stealer), Vitalii Antonenko |
| Campaign Overview | Development and deployment of ransomware (LockBit, NetWalker), malware (Raccoon Stealer), and credit card trafficking |
| Target Regions/Victims | Global (LockBit: 2,500 entities across 120 countries, including 1,800 in the U.S.), healthcare sector (NetWalker), general victims (Raccoon Stealer, SQL injection attacks) |
| Methodology | - LockBit: RaaS model, ransomware deployment, data exfiltration, and encryption - NetWalker: Targeted healthcare during COVID-19 pandemic - Raccoon Stealer: Malware-as-a-Service (MaaS), phishing - SQL injection for data theft and laundering |
| Product Targeted | - LockBit: Multinational corporations, critical infrastructure, government entities - NetWalker: Healthcare organizations - Raccoon Stealer: Individual systems for data theft - SQL Injection: Payment systems, sensitive databases |
| Malware Reference | LockBit ransomware, NetWalker ransomware, Raccoon Stealer |
| Tools Used | - LockBit Builder, StealBit tool - Raccoon Stealer malware - SQL injection attacks |
| Vulnerabilities Exploited | Not specified for LockBit and NetWalker; Raccoon Stealer used phishing; SQL Injection targeted vulnerable database systems |
| TTPs | Lateral movement, disabling antivirus software, mass malware deployment, phishing campaigns, SQL injection |
| Attribution | LockBit: Panev and other arrested affiliates NetWalker: Romanian and Canadian affiliates Raccoon Stealer: Sokolovsky (developer) SQL Attacks: Vitalii Antonenko |
| Recommendations | Improve network monitoring, enforce MFA, regularly update systems, train users on phishing risks, implement WAF to prevent SQL injection attacks |
| Source | The Hackers News |
Read full article: https://thehackernews.com/2024/12/lockbit-developer-rostislav-panev.html
The above summary has been generated by an AI language model
Leave a Reply