Hacktivists attack Russian organizations using rare RATs

Description

The Cyber Anarchy Squad (C.A.S) is a hacktivist group targeting Russian and Belarusian organizations since 2022. They exploit vulnerabilities in public services and use free tools to inflict maximum damage. The group employs rare remote access Trojans like Revenge RAT and Spark RAT, alongside common tools like Mimikatz. C.A.S focuses on data theft and reputational damage, often collaborating with other hacktivist groups. They use Telegram to spread information about attacks and victims. The group's tactics include initial access through exploit of public-facing applications, execution via PowerShell and cmd, persistence through registry keys and startup folders, defense evasion by disabling security tools, and credential access using various utilities. C.A.S encrypts victim infrastructure using leaked ransomware builders and can destroy data using system utilities.