Back

Threat Actor Masquerades as Hacktivist Group Rebelling Against AI

July 16, 2024, 2:56 p.m.

Tags

xworm
lockbit
hacktivism
2024-07-16
async rat

External References

https://www.sentinelone.com/

https://otx.alienvault.com/

Description

SentinelLabs identified a cybercriminal group, NullBulge, targeting AI- and gaming-focused entities. The group injects malware into public code repositories and gaming mods, leading victims to import malicious libraries. NullBulge uses tools like Async RAT and Xworm before delivering customized LockBit payloads. Despite projecting an anti-AI activism persona, the group's activities indicate a financial motive through data theft and ransomware attacks.

Date

Published Created Modified
July 16, 2024, 2:51 p.m. July 16, 2024, 2:51 p.m. July 16, 2024, 2:56 p.m.

Indicators

bb76f4d10ec2c1d24be904d2ee078f34a6b5bd11f3b40f295e116fea44824b89

8e83a1727696ced618289f79674b97305d88beeeabf46bd25fc77ac53c1ae339

0fb86a8ba8fdf57990c283080a671c1320cbcdfd0e8b5f5a250d9c38a6fce305

86.107.168.9

Attack Patterns

Async RAT

Xworm

LockBit

NullBulge

T1589.001

T1588

T1556

T1490

T1548

T1557

T1012

T1021

T1489

T1486

T1547

T1105

T1083

T1098

T1195

T1133

T1078

T1059

Additional Informations

Gaming

Technology

Defense