Cybersecurity Researchers from Accenture Security have found that a new hacking group is on the prowl and is into the method of data exfiltration and extortion. Dubbed as Karakurt, the said criminal gang has reportedly ramped up their motive since August 2021.
Accenture claims that the said group of threat actors has so far compromised nearly 40 victims and the count is still on- mainly targeting firms operating in North America, Europe and parts of Canada.
Modus operandi of Karakurt is simple, to buy credentials related to VPN networks from dark web or by launching phishing attacks and then compromise a corporate computer network. After entry, they drop a beacon such as Cobalt Strike and start accessing the functions, data, and applications from a targeted computer via a remote server.
It was found that Karakurt becomes aggressive when detected by anti-malware solutions and starts contacting ransomware gangs to turn the situation irreversibly worse for the victims.
Although the infection spread appears to be less destructive when compared to file encrypting malware attacks, it has the potential to wipe out backed-up data, turning detrimental.
Employing robust and routine awareness programs among users of all systems, having an incident response plan in place, patching and updating OS and other software from time to time, disabling RDPs, employing strong password policies, avoiding storage of unprotected credentials in files, folders and scripts in shared locations are some ways to mitigate the attacks launched by Karakurt hacking group.
Note- Accenture Security is yet to find out the fact that Karakurt is associated with a Russia-based ransomware-as-a-service group. Yet it suspects that itās affiliated with a malicious ransomware spreading group dubbed Conti.
