Security News > 2022 > June > FBI, CISA: Don't get caught in Karakurt's extortion web

FBI, CISA: Don't get caught in Karakurt's extortion web
2022-06-03 00:01

In a joint advisory [PDF] this week, the FBI, CISA and US Treasury Department outlined technical details about how Karakurt operates, along with actions to take, indicators of compromise, and sample ransom notes.

Karakurt doesn't target any specific sectors or industries, and the gang's victims haven't had any of their documents encrypted and held to ransom.

Once they've obtained access to a system, Karakurt then deploys tools such as Cobalt Strike, Mimikatz, and AnyDesk to establish backdoors, pull credentials, elevate privileges, and move laterally within networks.

Karakurt actors likely purchased or otherwise obtained previously stolen data," the agencies surmise about the former.

In research published in April, they reported a "High degree of confidence that the Karakurt extortion group is operationally linked" to Conti.

The security teams then called in Chainalysis, which helped analyze cryptocurrency transactions carried out by Conti and Karakurt and did find a financial connection between the two.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/06/03/fbi_cisa_warn_karakurt_extortion/