Analysis of the BlackJack group: techniques, tools, and similarities with Twelve
Sept. 25, 2024, 8:11 p.m.
Description
The report examines the BlackJack hacktivist group targeting Russian organizations, focusing on their tools, techniques, and connections to the Twelve group. BlackJack employs freely available software like the Shamoon wiper and LockBit ransomware. Significant overlaps with Twelve include similar malware samples, identical file paths, and shared tactics. Both groups use network directories for malware distribution and scheduled tasks for execution. The analysis reveals a potential unified cluster of hacktivist activity against Russian targets, with no financial motives but aiming to cause maximum damage through data encryption, deletion, and theft.
Date
| Published | Created | Modified |
|---|---|---|
| Sept. 25, 2024, 7:49 p.m. | Sept. 25, 2024, 7:49 p.m. | Sept. 25, 2024, 8:11 p.m. |
Indicators
535e0dbd97cb9ea66f375400b550dd3bcad0788a89fb46996a651053a2df07c3
Attack Patterns
Disttrack
Shamoon - S0140
LockBit
BlackJack
T1561.002
T1021.002
T1078.002
T1569.002
T1021.001
T1078.003
T1053.005
T1490
T1561
T1136
T1552
T1021
T1486
T1105
T1570
T1047
T1036
T1485
T1078
T1003
Additional Informations
Telecommunications
Government
Russian Federation