Thursday, July 3, 2025
Law And Order News
  • Home
  • Law and Legal
  • Military and Defense
  • International Conflict
  • Crimes
  • Constitution
  • Cyber Crimes
No Result
View All Result
  • Home
  • Law and Legal
  • Military and Defense
  • International Conflict
  • Crimes
  • Constitution
  • Cyber Crimes
No Result
View All Result
Law And Order News
No Result
View All Result
Home Cyber Crimes

CyberVolk analysis explores ransomware, hacktivism interconnections

CyberVolk analysis explores ransomware, hacktivism interconnections


CyberVolk, a ransomware-as-a-service (RaaS) supplier and pro-Russia hacktivist group, shares a number of similarities and connections to different pro-Russia menace teams, revealing an intertwined community of menace actors that blur the road between politically and financially motivated cybercrime, SentinelOne’s SentinelLabs described in a report printed Monday.

CyberVolk, previously often called GLORIAMIST and Solntsevskaya, first emerged below its present identify in Could 2024 and started claiming ransomware victims in June 2024. The India-based group most not too long ago focused Japanese entities, claiming assaults in opposition to The Japan Basis, Japan Oceanographic Information Heart, Japan Meteorological Company and Tokyo International data System Centre.

Assaults performed by CyberVolk, together with a number of different teams it associates itself with, mirror a mix of economic and political motives, with such teams usually citing geopolitical points as a justification for concentrating on sure international locations with ransomware, SentinelLabs famous.

Teams inhabiting this ecosystem have additionally been shifting focus from distributed denial-of-service (DDoS) assaults to RaaS schemes and different kinds of malware-as-a-service (MaaS), representing an evolution within the toolsets utilized by this assortment of hacktivists.

CyberVolk associates share motives, code

CyberVolk has aligned itself with different hacker teams selling pro-Russian pursuits, equivalent to NONAME057(16), and has additionally promoted different RaaS choices together with Invisible/Doubleface, HexaLocker and Parano.

CyberVolk’s personal ransomware can also be primarily based on the code of a earlier hacktivists-turned-RaaS group known as AzzaSec, which held pro-Russia, anti-Ukraine and anti-Israel beliefs. AzzaSec’s ransomware supply code was leaked in June 2024 and the group was disbanded in August 2024.

The AzzaSec-derived CyberVolk malware targets Home windows machines and is written in C++; it beforehand used AES for file encryption and SHA512 for key era earlier than switching to “ChaCha20-Poly1305 + AES + RSA + Quantum resistant algorithms,” in response to the group’s claims.

When the ransomware is executed, encrypted recordsdata are given the “CyberVolk” file extension and the person’s wallpaper is modified to a picture exhibiting the CyberVolk brand, together with a window displaying a countdown timer and the gang’s cryptocurrency addresses. The ransom demand is usually $1,000 in Bitcoin or USDT with the timer counting down from 5 hours since payload execution.

The Invisible/Doubleface ransomware, which is related to each CyberVolk and the anti-Israel group Moroccan Black Cyber Military, was discovered to have an identical wallpaper and timer performance right down to the identical five-hour time restrict, in response to SentinelLabs. It was decided that Invisible/Doubleface was additionally derived from the leaked AzzaSec code, with Invisible/Doubleface’s personal supply code additionally being leaked not too long ago.

Cybervolk has additionally promoted the HexaLocker RaaS, which was related to the LAPSUS$ hacker group and a hacktivist alliance known as The Holy League, the latter of which is tied to assaults in opposition to Spain after the arrests of NONAME057(16) members by Spanish authorities. Nevertheless, HexaLocker’s developer shut down the operation in October and subsequently supplied to place the ransomware code and infrastructure up on the market.

Hacktivist infighting results in Telegram ousters

CyberVolk, which beforehand performed a lot of its communications with associates and victims by way of Telegram, was banned from the platform in early November 2024 amid rising tensions between numerous hacktivist teams, as is now utilizing X as its important public communications channel. Rival teams aiming to take down or extort each other turned to weaponizing Telegram’s phrases of service and threatening others with experiences and bans, SentinelLabs present in its investigation.

The state of affairs was possible exacerbated by elevated scrutiny on the platform after Telegram CEO Pavel Durov’s arrest. SentinelLabs noticed alleged former members of AzzaSec and one other group known as APTZone claiming accountability for the bans of different teams together with CyberVolk and Doubleface. Additionally they discovered a November put up by RipperSec accusing former members of AzzaSec and Doubleface of extorting and reporting teams related to CyberVolk.

The complicated net of connections between hacktivists and ransomware actors, in addition to conflicts and rivalries between teams, particular person members and former members, paints a sophisticated image of those blended political and financially motivated cybercrime teams.

In the meantime, these teams’ ways and toolsets solely proceed to evolve, with CyberVolk not too long ago creating a webshell and infostealer together with its RaaS providing.

“As teams like CyberVolk leverage brazenly accessible commodity instruments with excessive potential for inflicting harm, they proceed so as to add extra layers of complexity, increasing and revising the instruments as they’re handed round throughout the collective. Ransomware operations will get muddier and improve how a lot cybersecurity groups might want to monitor so as to keep updated on the happenings throughout the cybercrime ecosystem,” SentinelLabs concluded.

The blurring of strains between politically-motivated and financially-motivated teams has additionally been seen within the latest use of Play ransomware by North Korean nation-state actors, and partnerships between Iranian state-sponsored actors and ransomware gangs together with NoEscape, Ransomhouse and ALPHV/BlackCat.

The reuse of leaked ransomware code can also be a well-liked tactic amongst newer ransomware actors, with the widely-used leaked LockBit builder from 2022 not too long ago seen in assaults in opposition to 22 victims by the rising SafePay ransomware gang.



Source link

Tags: analysisCyberVolkexploreshacktivisminterconnectionsransomware
Previous Post

2024 Criminal Legislative Summaries – North Carolina Criminal Law

Next Post

Here's what the weather will be like in Southern California for Thanksgiving Day

Related Posts

China-linked hackers spoof big-name brand websites to steal shoppers' payment info
Cyber Crimes

China-linked hackers spoof big-name brand websites to steal shoppers' payment info

July 3, 2025
Live Network Traffic Analysis: The Shockwave That Warns Before the Cyber Tsunami
Cyber Crimes

Live Network Traffic Analysis: The Shockwave That Warns Before the Cyber Tsunami

July 2, 2025
Hackers stole data on 2.2 million people in cyberattack affecting American grocery chains
Cyber Crimes

Hackers stole data on 2.2 million people in cyberattack affecting American grocery chains

June 30, 2025
Redefining Cybersecurity In The Age Of Autonomous Agents
Cyber Crimes

Redefining Cybersecurity In The Age Of Autonomous Agents

June 29, 2025
Scam compounds labeled a 'living nightmare' as Cambodian government accused of turning a blind eye
Cyber Crimes

Scam compounds labeled a 'living nightmare' as Cambodian government accused of turning a blind eye

June 27, 2025
Passwords hacked worldwide: UAE companies urged to boost IT security
Cyber Crimes

Passwords hacked worldwide: UAE companies urged to boost IT security

June 26, 2025
Next Post
Here's what the weather will be like in Southern California for Thanksgiving Day

Here's what the weather will be like in Southern California for Thanksgiving Day

The Briefing: Turkey, Trademarks, Copyright, and Cranberry Sauce – IP and Recipes

The Briefing: Turkey, Trademarks, Copyright, and Cranberry Sauce - IP and Recipes

  • Trending
  • Comments
  • Latest
New Research: Do Armed Civilians Stop Active Shooters More Effectively Than Uniformed Police?

New Research: Do Armed Civilians Stop Active Shooters More Effectively Than Uniformed Police?

April 4, 2025
California 'teacher of the year' sexually assaulted elementary school boys. She gets 30-year term

California 'teacher of the year' sexually assaulted elementary school boys. She gets 30-year term

May 13, 2025
At Least Two Volunteer Church Staff Members Shot An Active Shooter and Stopped the Attack at Sunday Church Service

At Least Two Volunteer Church Staff Members Shot An Active Shooter and Stopped the Attack at Sunday Church Service

June 24, 2025
Basic Certificate Courses by ICPS

Basic Certificate Courses by ICPS

June 5, 2024
As Trump Abandons Police Reforms, These Local Officials Vow to Press On

As Trump Abandons Police Reforms, These Local Officials Vow to Press On

May 28, 2025
Missouri prison nurse poisoned husband so she could be with convicted killer: court

Missouri prison nurse poisoned husband so she could be with convicted killer: court

June 29, 2025
Robeco Institutional Asset Management B.V. Makes New $1.15 Million Investment in Live Nation Entertainment, Inc. (NYSE:LYV)

Robeco Institutional Asset Management B.V. Makes New $1.15 Million Investment in Live Nation Entertainment, Inc. (NYSE:LYV)

July 3, 2025
European Commission sets new 2040 climate target of emissions reduction

European Commission sets new 2040 climate target of emissions reduction

July 3, 2025
The Establishment of the International Organization for Mediation (IOMed) – Conflict of Laws

The Establishment of the International Organization for Mediation (IOMed) – Conflict of Laws

July 3, 2025
Webinar on ‘Legal Sanctions and Right to Privacy – Contemporary Challenges’ by Chanakya University [June 12; 12:30 pm – 2:00 pm]: Register Now!

Webinar on ‘Legal Sanctions and Right to Privacy – Contemporary Challenges’ by Chanakya University [June 12; 12:30 pm – 2:00 pm]: Register Now!

July 3, 2025
Brutal hammer attack during gay hookup site rendezvous leads to attempted murder charge – CWB Chicago

Brutal hammer attack during gay hookup site rendezvous leads to attempted murder charge – CWB Chicago

July 3, 2025
Update: Police Arrest Woman for Pratt Park Stabbing – SPD Blotter

Update: Police Arrest Woman for Pratt Park Stabbing – SPD Blotter

July 3, 2025
Law And Order News

Stay informed with Law and Order News, your go-to source for the latest updates and in-depth analysis on legal, law enforcement, and criminal justice topics. Join our engaged community of professionals and enthusiasts.

  • About Founder
  • About Us
  • Advertise With Us
  • Disclaimer
  • Privacy Policy
  • DMCA
  • Cookie Privacy Policy
  • Terms and Conditions
  • Contact Us

Copyright © 2024 Law And Order News.
Law And Order News is not responsible for the content of external sites.

No Result
View All Result
  • Home
  • Law and Legal
  • Military and Defense
  • International Conflict
  • Crimes
  • Constitution
  • Cyber Crimes

Copyright © 2024 Law And Order News.
Law And Order News is not responsible for the content of external sites.