Security News > 2023 > December > Surprise! Email from personal. [email protected] is not going to contain good news

Karakurt, a particularly nasty extortion gang that uses "Extensive harassment" to pressure victims into handing over millions of dollars in ransom payments after compromising their IT infrastructure, pose a "Significant challenge" for network defenders, we're told.

So to help organizations avoid getting caught by this crew, the FBI, and the US government's Cybersecurity and Infrastructure Security Agency, Treasury Department, and Financial Crimes Enforcement Network released an extensive list of vulnerabilities and methods the gang exploits and uses for initial access, the software tools they abuse to snoop around and steal data, and the payment wallets and even email addresses used in the group's extortion attacks.

Karakurt doesn't encrypt victims' assets after breaking into their IT environments nor target particular sectors.

"Some Karakurt victims have reported that initial intrusion may have occurred thanks to compromised Cisco AnyConnect VPN user accounts," the security bulletin warns.

Once Karakurt breaks in, it deploys Cobalt Strike beacons for further malicious activities, installs Mimikatz to steal plain-text credentials, and use AnyDesk to maintain remote access and control.

"Although Karakurt's primary extortion leverage is a promise to delete stolen data and keep the incident confidential, some victims reported Karakurt actors did not maintain the confidentiality of victim information after a ransom was paid," the US government warned, noting that it "Strongly" discourages payment to any cyber criminals promising to delete stolen files in exchange for payment.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/12/14/karakurt_defense_advice/