Security News > 2021 > December > ‘Karakurt’ Extortion Threat Emerges, But Says No to Ransomware

The threat group, first identified in June, focuses solely on data exfiltration and subsequent extortion, and has already targeted 40 victims since September.

There is a new financially motivated threat group on the rise and for a change, it doesn't appear to be interested in deploying ransomware or taking out high-profile targets.

Researchers said they expect that Karakurt will turn out to be a bit of a trendsetter and that in the future, other groups will move away from targeting massive corporations or critical-infrastructure providers with ransomware to adopt a similar exfiltration/extortion approach.

Researchers outside of Accenture Security first identified Karakurt in June as it began setting up its infrastructure and data-leak sites, Accenture CIFR researchers told Threatpost.

Accenture Security's collection sources and intrusion analysis identified the first victim of the group in September; two months later, the group revealed its victim on the karakurt.

Karakurt's tactics, techniques and procedures for infiltrating victim networks, achieving persistence, moving laterally and stealing data are similar to many threat actors, and the group often takes a "Living off the land" approach depending on the attack surface, researchers said - i.e., using tools or features that already exist in the target environment.

News URL

https://threatpost.com/extortion-karakurt-threat-ransomware/176911/