| Category | Details |
|---|---|
| Threat Actors | Bassterlord (also known as AL3xL7, Fisheye, Sinner911) |
| Campaign Overview | Involved in ransomware operations, specifically with National Hazard Agency (NHA) and LockBit |
| Target Regions (Or Victims) | Companies worldwide, primarily in Russia and Ukraine |
| Methodology | HUMINT engagements, OSINT research, comparison of known events and threat data |
| Product Targeted | Ransomware (LockBit, REvil, Hive, RansomEXX, etc.) |
| Malware Reference | LockBit ransomware, other affiliated ransomware groups |
| Tools Used | OSINT tools, Maltego, email tracking, geolocation analysis |
| Vulnerabilities Exploited | No specific vulnerabilities mentioned |
| TTPs | Use of aliases, leveraging stolen identities, social engineering, working with multiple gangs |
| Attribution | Bassterlord and Ivan Kondratyev are the same person based on evidence (e.g., passport, IP data) |
| Recommendations | Ongoing vigilance against ransomware, collaboration with law enforcement |
| Source | Analyst1 |
Read full article: https://analyst1.com/ransomware-diaries-volume-6-lie-to-me-a-bassterlord-ransomware-story/
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply