Today > | 2 Medium vulnerabilities   -   You can now download lists of IOCs here!

Analyzing the familiar tools used by the Crypt Ghouls hacktivists

Oct. 21, 2024, 9:54 a.m.

Description

The Crypt Ghouls group is targeting Russian businesses and government agencies with ransomware attacks. They utilize a toolkit including utilities like Mimikatz, XenAllPasswordPro, PingCastle, and others. The group employs LockBit 3.0 and Babuk ransomware as final payloads. Initial access is often gained through compromised contractor credentials. The attackers use various techniques to harvest login credentials, perform network reconnaissance, and spread laterally. There are overlaps in tools and tactics with other groups targeting Russia, suggesting potential collaboration or resource sharing among threat actors. Victims include Russian government agencies and companies in mining, energy, finance, and retail sectors.

Date

Published: Oct. 18, 2024, 2:09 p.m.

Created: Oct. 18, 2024, 2:09 p.m.

Modified: Oct. 21, 2024, 9:54 a.m.

Indicators

169.150.197.10

Attack Patterns

CobInt

LockBit 3.0

Vasa Locker

Babyk

Babuk - S0638

Crypt Ghouls

T1021.006

T1021.002

T1550.002

T1021.001

T1543.003

T1135

T1490

T1059.001

T1562.001

T1486

T1016

T1082

T1055

T1036

T1112

T1078

T1068

T1003

Additional Informations

Retail

Energy

Finance

Government

Russian Federation