Threat Actor Masquerades as Hacktivist Group Rebelling Against AI

July 16, 2024, 2:56 p.m.

Description

SentinelLabs identified a cybercriminal group, NullBulge, targeting AI- and gaming-focused entities. The group injects malware into public code repositories and gaming mods, leading victims to import malicious libraries. NullBulge uses tools like Async RAT and Xworm before delivering customized LockBit payloads. Despite projecting an anti-AI activism persona, the group's activities indicate a financial motive through data theft and ransomware attacks.

External References

https://www.sentinelone.com/labs/nullbulge-threat-actor-masquerades-as-hacktivist-group-rebelling-against-ai/
https://otx.alienvault.com/pulse/669688f7ddc51e4228efb190
Tags
xworm
lockbit
hacktivism
2024-07-16
async rat

Date

  • Created: July 16, 2024, 2:51 p.m.
  • Published: July 16, 2024, 2:51 p.m.
  • Modified: July 16, 2024, 2:56 p.m.

Indicators

  • bb76f4d10ec2c1d24be904d2ee078f34a6b5bd11f3b40f295e116fea44824b89
  • 8e83a1727696ced618289f79674b97305d88beeeabf46bd25fc77ac53c1ae339
  • 0fb86a8ba8fdf57990c283080a671c1320cbcdfd0e8b5f5a250d9c38a6fce305
  • 86.107.168.9
  • group.goocasino.org
  • nullbulge.se
  • nullbulge.com
  • nullbulge.co
  • nullblgtk7dwzpfklgktzll27ovvnj7pvqkoprmhubnnb32qcbmcpgid.onion
Download all indicators here!

Attack Patterns

  • Async RAT
  • Xworm
  • LockBit
  • NullBulge
  • T1589.001
  • T1588
  • T1556
  • T1490
  • T1548
  • T1557
  • T1012
  • T1021
  • T1489
  • T1486
  • T1547
  • T1105
  • T1083
  • T1098
  • T1195
  • T1133
  • T1078
  • T1059

Additional Informations

  • Gaming
  • Technology
  • Defense