Analyzing the familiar tools used by the Crypt Ghouls hacktivists
Oct. 21, 2024, 9:54 a.m.
Tags
External References
Description
The Crypt Ghouls group is targeting Russian businesses and government agencies with ransomware attacks. They utilize a toolkit including utilities like Mimikatz, XenAllPasswordPro, PingCastle, and others. The group employs LockBit 3.0 and Babuk ransomware as final payloads. Initial access is often gained through compromised contractor credentials. The attackers use various techniques to harvest login credentials, perform network reconnaissance, and spread laterally. There are overlaps in tools and tactics with other groups targeting Russia, suggesting potential collaboration or resource sharing among threat actors. Victims include Russian government agencies and companies in mining, energy, finance, and retail sectors.
Date
Published: Oct. 18, 2024, 2:09 p.m.
Created: Oct. 18, 2024, 2:09 p.m.
Modified: Oct. 21, 2024, 9:54 a.m.
Attack Patterns
CobInt
LockBit 3.0
Vasa Locker
Babyk
Babuk - S0638
Crypt Ghouls
T1021.006
T1021.002
T1550.002
T1021.001
T1543.003
T1135
T1490
T1059.001
T1562.001
T1486
T1016
T1082
T1055
T1036
T1112
T1078
T1068
T1003
Additional Informations
Retail
Energy
Finance
Government
Russian Federation