Aiming at domestic government and enterprises! Deeply revealed ransomware operator Rast gang

NetmanageIT OpenCTI - opencti.netmanageit.com

Aiming at domestic government and enterprises! Deeply revealed ransomware operator Rast gang



SUMMARY :

A new ransomware threat, dubbed Rast, has emerged targeting Chinese government and enterprises since December 2023. Written in Rust, Rast has infected over 6,800 terminals, successfully encrypting more than 5,700. The Rast gang, named after the ransomware, operates primarily between 20:00 and 05:00, suggesting a European base. Their attack method involves RDP brute-forcing and exploiting Nday vulnerabilities to access border servers, followed by manual deployment of ransomware components. The gang's tactics are reminiscent of operators distributing Buran, GlobeImposter, Phobos, and GandCrab ransomware. Rast ransomware has evolved through three versions, with the latest requiring manual operation via a console interface. Victim information is uploaded to a MySQL database, revealing a wide range of affected sectors including government, finance, and various industries.

OPENCTI LABELS :

china,ransomware,rdp,rust,government,phobos,gandcrab,buran,nday,globeimposter,rast,mysql,enterprises


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Aiming at domestic government and enterprises! Deeply revealed ransomware operator Rast gang