Security researchers have uncovered technological and financial links between the Karakurt cyber crime group and the Conti and Diavol ransomware gangs, allowing these threat actors to expand their operations and target additional victims. Karakhurt is a financially motivated threat actor, first identified last summer, and it was previously believed that the group focused exclusively on data exfiltration. However, the group’s link to Conti and Diavol suggest it is expanding its tactics and operations. Conti threat actors appear to be adjusting their tactics as well, having previously pledged to not target past victims, researchers observed one instance of Conti targeted victim being attacked again by a group that employed tactics, techniques, and procedures (TTPs) associated with Karakhurt. Additionally, researchers observed other shared TTPs between Karakhurt and and the Conti and Diavol ransomware groups. Lastly, all three threat actor groups have been linked to shared cryptocurrency infrastructure. Read more at ThreatPost.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!