Threat Actor Masquerades as Hacktivist Group Rebelling Against AI
July 16, 2024, 2:56 p.m.
Tags
External References
Description
SentinelLabs identified a cybercriminal group, NullBulge, targeting AI- and gaming-focused entities. The group injects malware into public code repositories and gaming mods, leading victims to import malicious libraries. NullBulge uses tools like Async RAT and Xworm before delivering customized LockBit payloads. Despite projecting an anti-AI activism persona, the group's activities indicate a financial motive through data theft and ransomware attacks.
Date
Published: July 16, 2024, 2:51 p.m.
Created: July 16, 2024, 2:51 p.m.
Modified: July 16, 2024, 2:56 p.m.
Indicators
bb76f4d10ec2c1d24be904d2ee078f34a6b5bd11f3b40f295e116fea44824b89
8e83a1727696ced618289f79674b97305d88beeeabf46bd25fc77ac53c1ae339
0fb86a8ba8fdf57990c283080a671c1320cbcdfd0e8b5f5a250d9c38a6fce305
86.107.168.9
group.goocasino.org
nullbulge.se
nullbulge.com
nullbulge.co
nullblgtk7dwzpfklgktzll27ovvnj7pvqkoprmhubnnb32qcbmcpgid.onion
Attack Patterns
Async RAT
Xworm
LockBit
NullBulge
T1589.001
T1588
T1556
T1490
T1548
T1557
T1012
T1021
T1489
T1486
T1547
T1105
T1083
T1098
T1195
T1133
T1078
T1059
Additional Informations
Gaming
Technology
Defense