Karakurt data thieves linked to larger Conti hacking group | #malware | #ransomware


An analysis of the cryptocurrency wallets tied to the Karakurt hacker group, combined with their particular methodology for data theft, suggests that the group’s membership overlaps with two other prominent hacking crews, according to an analysis published by cybersecurity firm Tetra Defense.

Tetra’s report details the experience of a client company that was hit with a ransomware attack by the Conti group, and subsequently targeted again by a data theft perpetrated by the Karakurt group. The analysis showed that the Karakurt attack used precisely the same backdoor to compromise the client’s systems as the earlier Conti attack.

“Such access could only be obtained through some sort of purchase, relationship, or surreptitiously gaining access to Conti group infrastructure,” Tetra wrote in its report.

It’s important to differentiate the two different types of cyberattack described here, according to Tetra. In a ransomware attack, key data is encrypted and the extortion money is paid in exchange for a decryption key, so that the target company can recover its data and resume operating. In a data theft, which has been the sole type of attack perpetrated by the Karakurt group, hackers steal sensitive corporate data and demand money in exchange for not releasing it to the world at large.

The Karakurt attacks of this type — there have been more than a dozen to date, according to Tetra — also used cryptocurrency wallets linked to Conti victim payment addresses, further strengthening the argument that the two groups’ membership may overlap significantly.

This pattern represents a departure from the Conti group’s normal pattern of business, according to Nathan Little, senior vice president of digital forensics and incident response at Tetra, 

Copyright © 2022 IDG Communications, Inc.



Original Source link

Leave a Reply

Your email address will not be published.

+ fifty one = sixty one