Tag: russian-speaking

6 Attack Reports | 0 Vulnerabilities

Attack reports

Unleashing the Kraken ransomware group

The Kraken ransomware group, emerging from the remnants of the HelloKitty cartel, has been observed conducting big-game hunting and double extortion attacks. Utilizing SMB vulnerabilities for initial access, they employ tools like Cloudflared for persistence and SSHFS for data exfiltration. Kraken'…
ransomware
encryption
cross-platform
data leak
russian-speaking
double extortion
2025-11-13
kraken
underground forum
Published: November 13, 2025
Downloadable IOCs: 11

Unmasked: Salat Stealer – A Deep Dive into Its Advanced Persistence Mechanisms and C2 Infrastructure

Salat Stealer, also known as WEB_RAT, is a sophisticated Go-based infostealer targeting Windows systems. It exfiltrates browser credentials, cryptocurrency wallet data, and session information while employing advanced evasion techniques. The malware uses UPX packing, process masquerading, registry …
evasion
windows
infostealer
cryptocurrency
persistence
malware-as-a-service
maas
russian-speaking
browser credentials
2025-09-06
salat stealer
web_rat
go-based
2025-09-10
Published: September 10, 2025
Downloadable IOCs: 14

Exposing the Deception: Russian EFF Impersonators Behind Stealc & Pyramid C2

A threat group impersonating the Electronic Frontier Foundation (EFF) is targeting Albion Online players through phishing messages and decoy documents. The campaign uses malware such as Stealc stealer and Pyramid C2 to compromise player accounts. Analysis of an exposed directory revealed PowerShell…
phishing
stealc
russian-speaking
gaming
2025-03-04
pyramid c2
Published: March 4, 2025
Downloadable IOCs: 0

Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans

A new phishing campaign targeting Russian-speaking users employs the open-source Gophish framework to deliver DarkCrystal RAT and a novel remote access trojan called PowerRAT. The attack utilizes modular infection chains, either through malicious Microsoft Word documents or HTML files with embedded…
phishing
dcrat
html smuggling
darkcrystal rat
russian-speaking
remote access trojan
2024-10-22
powerrat
gophish
Published: October 22, 2024
Downloadable IOCs: 2

Key Group uses leaked builders of ransomware and wipers

Key Group, also known as keygroup777, is a financially motivated ransomware group primarily targeting Russian users. The group has been active since 2022, using various leaked ransomware builders and wipers, including Xorist, Chaos, Annabelle, Slam, RuRansom, UX-Cryptor, Hakuna Matata, and Judge/No…
phishing
ransomware
persistence
njrat
wiper
telegram
chaos
2024-10-02
xorist
slam
hakuna matata
annabelle
ruransom
ux-cryptor
multi-stage loaders
leaked builders
russian-speaking
judge/nocry
Published: October 2, 2024
Downloadable IOCs: 24

Key Group: another ransomware group using leaked builders

Key Group is a financially motivated ransomware group primarily targeting Russian users. They use various leaked ransomware builders including Chaos, Xorist, Annabelle, Slam, RuRansom, UX-Cryptor, Hakuna Matata, and Judge/NoCry. The group's activity has been tracked since April 2022, with their tac…
ransomware
persistence
njrat
wiper
github
telegram
chaos
financially motivated
2024-10-01
xorist
slam
hakuna matata
annabelle
ruransom
ux-cryptor
multi-stage loaders
leaked builders
russian-speaking
judge/nocry
Published: October 1, 2024
Downloadable IOCs: 0
Click here to see more Attack Reports