Security News > 2021 > December > Karakurt: A New Emerging Data Theft and Cyber Extortion Hacking Group
A previously undocumented, financially motivated threat group has been connected to a string of data theft and extortion attacks on over 40 entities between September and November 2021.
The hacker collective, which goes by the self-proclaimed name Karakurt and was first identified in June 2021, is capable of modifying its tactics and techniques to adapt to the targeted environment, Accenture's Cyber Investigations, Forensics and Response team said in a report published on December 10.
"Based on intrusion analysis to date, the threat group focuses solely on data exfiltration and subsequent extortion, rather than the more destructive ransomware deployment."
The goal, the researchers noted, is to avoid drawing attention to its malicious activities as much as possible by relying on living off the land techniques, wherein the attackers abuse legitimate software and functions available in a system such as operating system components or installed software to move laterally and exfiltrate data, as opposed to deploying post-exploitation tools like Cobalt Strike.
Rather than deploy ransomware after gaining initial access to victims' internet-facing systems via legitimate VPN credentials, the actors focuses almost exclusively on data exfiltration and extortion, a move that's less likely to bring the targets' business activities to a standstill and yet enable Karakurt to demand a "Ransom" in return for the stolen information.
Besides encryption data at rest wherever applicable, organizations are recommended to turn on multiple-factor authentication to authenticate accounts, disable RDP on external-facing devices, and update the infrastructure to the latest versions to prevent adversaries from exploiting unpatched systems with publicly-known vulnerabilities.
News URL
https://thehackernews.com/2021/12/karakurt-new-emerging-data-theft-and.html