Analyzing the familiar tools used by the Crypt Ghouls hacktivists
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
The Crypt Ghouls group is targeting Russian businesses and government agencies with ransomware attacks. They utilize a toolkit including utilities like Mimikatz, XenAllPasswordPro, PingCastle, and others. The group employs LockBit 3.0 and Babuk ransomware as final payloads. Initial access is often gained through compromised contractor credentials. The attackers use various techniques to harvest login credentials, perform network reconnaissance, and spread laterally. There are overlaps in tools and tactics with other groups targeting Russia, suggesting potential collaboration or resource sharing among threat actors. Victims include Russian government agencies and companies in mining, energy, finance, and retail sectors.
OPENCTI LABELS :
ransomware,lateral movement,russia,lockbit,hacktivism,credential harvesting,babuk,lockbit 3.0,xenallpasswordpro,cobint
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Analyzing the familiar tools used by the Crypt Ghouls hacktivists