Today > 1 Critical | 3 Medium vulnerabilities   -   You can now download lists of IOCs here!

FunkSec – Alleged Top Ransomware Group Powered by AI

Jan. 10, 2025, 4:12 p.m.

Tags
ransomware
ddos
rust
hacktivism
double extortion
2025-01-10
ai-assisted
External References
Description

FunkSec, an emerging ransomware group, gained prominence in late 2024 with over 85 claimed victims in December. The group's activities blend hacktivism and cybercrime, using AI-assisted malware development to quickly produce advanced tools despite apparent inexperience. FunkSec offers custom ransomware, DDoS tools, and other hacking utilities, often recycling data from previous hacktivist campaigns. The group's core operations seem conducted by inexperienced actors, likely based in Algeria. Their ransomware, written in Rust, shows signs of AI assistance and contains redundant code. FunkSec's rapid rise highlights the evolving threat landscape where low-skill actors can leverage accessible tools to create significant impact.

Date

Published: Jan. 10, 2025, 1:59 p.m.

Created: Jan. 10, 2025, 1:59 p.m.

Modified: Jan. 10, 2025, 4:12 p.m.

Indicators

e622f3b743c7fc0a011b07a2e656aa2b5e50a4876721bcf1f405d582ca4cda22

dd15ce869aa79884753e3baad19b0437075202be86268b84f3ec2303e1ecd966

dcf536edd67a98868759f4e72bcbd1f4404c70048a2a3257e77d8af06cb036ac

c233aec7917cf34294c19dd60ff79a6e0fac5ed6f0cb57af98013c08201a7a1c

b1ef7b267d887e34bf0242a94b38e7dc9fd5e6f8b2c5c440ce4ec98cc74642fb

66dbf939c00b09d8d22c692864b68c4a602e7a59c4b925b2e2bef57b1ad047bd

7e223a685d5324491bcacf3127869f9f3ec5d5100c5e7cb5af45a227e6ab4603

5226ea8e0f516565ba825a1bbed10020982c16414750237068b602c5b4ac6abd

20ed21bfdb7aa970b12e7368eba8e26a711752f1cc5416b6fd6629d0e2a44e5d

Download all indicators here!

Attack Patterns

FunkSec

T1562.002

T1078.001

T1543.003

T1070.001

T1490

T1059.001

T1562.001

T1204.002

T1489

T1486

T1016

T1082

T1057

T1083

T1055

T1112

T1078

Additional Informations

Algeria

India

Indonesia

United States of America