An evaluation of the cryptocurrency wallets tied to the Karakurt hacker group, mixed with their specific methodology for data theft, means that the group’s membership overlaps with two different distinguished hacking crews, based on an evaluation revealed by cybersecurity agency Tetra Defense.
Tetra’s report particulars the expertise of a consumer firm that was hit with a ransomware assault by the Conti group, and subsequently focused once more by a data theft perpetrated by the Karakurt group. The evaluation confirmed that the Karakurt assault used exactly the identical backdoor to compromise the consumer’s techniques as the sooner Conti assault.
“Such access could only be obtained through some sort of purchase, relationship, or surreptitiously gaining access to Conti group infrastructure,” Tetra wrote in its report.
It’s essential to distinguish the 2 several types of cyberattack described right here, based on Tetra. In a ransomware assault, key data is encrypted and the extortion cash is paid in trade for a decryption key, in order that the goal firm can get well its data and resume working. In a data theft, which has been the only sort of assault perpetrated by the Karakurt group, hackers steal delicate company data and demand cash in trade for not releasing it to the world at giant.
The Karakurt assaults of this kind — there have been greater than a dozen up to now, based on Tetra — additionally used cryptocurrency wallets linked to Conti sufferer fee addresses, additional strengthening the argument that the 2 teams’ membership could overlap considerably.
This sample represents a departure from the Conti group’s regular sample of enterprise, based on Nathan Little, senior vp of digital forensics and incident response at Tetra,
“Historically, we’ve seen the criminals honor their deals,” he says. “Early on, when these [data theft attacks] started in 2019, it was common that companies were frightened enough that they’d pay, not to hide the incident, but to avoid the consequences.”
These days, nonetheless, data theft has grow to be widespread sufficient — and new regulatory regimes have made necessary disclosures extra seemingly — that firms are much less more likely to pay simply to have their data protected.
Nor is that that the one complicated factor in regards to the Karakurt assaults, based on Tetra. The assaults erode belief amongst sufferer firms that they will not be focused a number of instances by the identical sorts of assaults. Paying off a Conti ransom was often a comparatively strong assure that the group would transfer on and that no additional assaults can be forthcoming. If the 2 teams are linked, and victims are not directly being re-extorted by the identical folks, funds could grow to be tougher to return by.
‘It’s attention-grabbing the way it unfolds,” says Little. “It does appear to be slightly little bit of a facet hustle inside the Conti group.”
While the machinery of cybercrime is fantastically complicated, he added, the initial system compromise that makes these attacks possible is frequently quite simple, and can often be avoided with relatively basic protective measures.
“Cybersecurity is a giant downside that wants fixing, however many of those incidents, with some fairly primary cybersecurity controls, they would not occur,” Little says.
Copyright © 2022 IDG Communications, Inc.