The group under review has a toolkit that includes utilities such as Mimikatz, XenAllPasswordPro, and others. The final payload utilized was the well-known ransomware LockBit 3.0 and Babuk.
Victims of the malicious attacks span government agencies, as well as mining, energy, finance, and retail companies located in Russia. The group aims to disrupt operations and achieve financial gain.
The VPN connections are said to have originated from IP addresses associated with a Russian hosting provider's network and a contractor's network, showcasing an attempt to exploit trusted relationships.
It's believed that the contractor networks are breached by means of VPN services or unpatched security flaws, highlighting the sophistication of Crypt Ghouls' attack methods.
Collection
[
|
...
]