Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

Analysis of the BlackJack group: techniques, tools, and similarities with Twelve

Sept. 25, 2024, 8:11 p.m.

Description

The report examines the BlackJack hacktivist group targeting Russian organizations, focusing on their tools, techniques, and connections to the Twelve group. BlackJack employs freely available software like the Shamoon wiper and LockBit ransomware. Significant overlaps with Twelve include similar malware samples, identical file paths, and shared tactics. Both groups use network directories for malware distribution and scheduled tasks for execution. The analysis reveals a potential unified cluster of hacktivist activity against Russian targets, with no financial motives but aiming to cause maximum damage through data encryption, deletion, and theft.

Date

Published: Sept. 25, 2024, 7:49 p.m.

Created: Sept. 25, 2024, 7:49 p.m.

Modified: Sept. 25, 2024, 8:11 p.m.

Indicators

535e0dbd97cb9ea66f375400b550dd3bcad0788a89fb46996a651053a2df07c3

Attack Patterns

Disttrack

Shamoon - S0140

Lockbit

BlackJack

T1561.002

T1021.002

T1078.002

T1569.002

T1021.001

T1078.003

T1053.005

T1490

T1561

T1136

T1552

T1021

T1486

T1105

T1570

T1047

T1036

T1485

T1078

T1003

Additional Informations

Telecommunications

Government

Russian Federation