Hacktivists attack Russian organizations using rare RATs

SUMMARY :

The Cyber Anarchy Squad (C.A.S) is a hacktivist group targeting Russian and Belarusian organizations since 2022. They exploit vulnerabilities in public services and use free tools to inflict maximum damage. The group employs rare remote access Trojans like Revenge RAT and Spark RAT, alongside common tools like Mimikatz. C.A.S focuses on data theft and reputational damage, often collaborating with other hacktivist groups. They use Telegram to spread information about attacks and victims. The group's tactics include initial access through exploit of public-facing applications, execution via PowerShell and cmd, persistence through registry keys and startup folders, defense evasion by disabling security tools, and credential access using various utilities. C.A.S encrypts victim infrastructure using leaked ransomware builders and can destroy data using system utilities.

OPENCTI LABELS :

ransomware,russia,telegram,lockbit,belarus,meterpreter,babuk,spark rat,hacktivist,data destruction,revenge rat


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Hacktivists attack Russian organizations using rare RATs