Blog
Share This Post
[ad_1]
Cataclysmic cyberattacks involving public tools have been launched by the Twelve hacktivist operation against Russia since its emergence in April 2023, according to The Hacker News.
After obtaining initial access via local or domain account exploitation, Twelve proceeds to leverage Remote Desktop Protocol to facilitate further infrastructure penetration, as well as utilize other tools, including Cobalt Strike, Chisel, Mimikatz, Advanced IP Scanner, and PsExec to steal credentials, map networks, and escalate privileges, a report from Kaspersky revealed. Attacks by the hacktivist group also involved the delivery of several webshells with arbitrary command execution, file transfer, and email distribution capabilities, as well as a number of PowerShell scripts enabling Access Control List modifications and Sophos security software process termination, before launching a LockBit 3.0 ransomware variant and a Shamoon malware-like wiper that terminated processes and overwritten file contents, respectively. Further analysis of the operation discovered similarities with the DARKSTAR ransomware gang, also known as Shadow or Comet. “…[W]hereas Twelve’s actions are clearly hacktivist in nature, DARKSTAR sticks to the classic double extortion pattern. This variation of objectives within the syndicate underscores the complexity and diversity of modern cyber threats,” researchers added.
[ad_2]
Source link
Subscribe To Our Newsletter
Get updates and learn from the best
More To Explore
US Charges Five People Over North Korean IT Worker Scheme
[ad_1] The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to
In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies
[ad_1] Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York
