Ransomware Gangs Seek Pentesters to Boost Their Arsenal

Key Details	Information
Threat Actors	Ransomware groups like LockBit, RansomHub, PLAY, Hunters International, Akira; emerging groups recruiting skilled professionals for malware and AI model creation.
Campaign Overview	Cybercriminals are recruiting skilled individuals, including penetration testers, to secure their malware and improve their tools, mimicking corporate structures.
Target Regions (or Victims)	Southeast Asia (cybercriminal syndicates), global ransomware victims (2,600 breaches in the first half of 2024), organizations targeted by structured ransomware groups.
Methodology	Recruitment through underground forums and chats, such as RAMP and Telegram; specialization of roles including developers, mule recruiters, and penetration testers; use of modern languages like Rust and Go.
Product Targeted	Malware (ransomware) development and security, dark AI models, penetration-testing tools.
Malware Reference	LockBit, RansomHub, PLAY, Hunters International, Akira, ALPHV/BlackCat.
Tools Used	Programming languages like C/C++, Rust, and Go; underground recruitment platforms like RAMP; mule networks for financial fraud.
Vulnerabilities Exploited	Not specified; focus on securing ransomware and tools to prevent exploitation by defenders or law enforcement.
TTPs	Specialized recruitment, use of advanced development practices, role-based tasking, geographic specialization, rebranding of groups, evolving extortion tactics.
Attribution	Cybercriminal organizations mimicking corporate setups; geopolitically influenced recruitment (e.g., Eastern Europe affected by war).
Recommendations	Strengthen organizational defenses; track emerging ransomware tactics; improve law enforcement collaboration; monitor underground forums for recruitment patterns.
Source	Darkreading

Read full article:https://www.darkreading.com/threat-intelligence/ransomware-gangs-seek-pen-testers-boost-professionalism

Disclaimer: The above summary has been generated by an AI language model