Blog
Share This Post
[ad_1]
Newly emergent threat operation Crypto Ghouls has targeted Russian government, finance, mining, energy, and retail organizations’ Windows and VMware ESXi/Linux systems with attacks deploying LockBit 3.0 and Babuk ransomware strains, respectively, reports The Hacker News.
Initial access in a pair of intrusions part of the attack campaign involved Crypto Ghouls utilizing a VPN and a contractor’s login credentials, followed by the exploitation of NSSM and Localtonet for remote access, according to a report from Kaspersky. Additional malicious activity was then facilitated by Crypto Ghouls through the delivery of the XenAllPasswordPro, Mimikatz, MiniDump, PingCastle, PAExec, and AnyDesk tools, as well as the CobInt backdoor, dumper.ps1, and cmd.exe. Such tools have been previously observed in attacks by other Russia-targeting threat groups, including BlackJack, MorLock, Shedding Zmiy, and Twelve. “The shared toolkit used in attacks on Russia makes it challenging to pinpoint the specific hacktivist groups involved… This suggests that the current actors are not only sharing knowledge but also their toolkits. All of this only makes it more difficult to identify specific malicious actors behind the wave of attacks directed at Russian organizations,” said Kaspersky researchers.
[ad_2]
Source link
Subscribe To Our Newsletter
Get updates and learn from the best
More To Explore
US Charges Five People Over North Korean IT Worker Scheme
[ad_1] The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to
In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies
[ad_1] Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York
