Karakurt: Another Threat Actor Group on the Cyberthreat Landscape

Accenture’s team of researchers has identified a threat actor group dubbed Karakurt, as the group calls itself. The hacking gang was first discovered during the month of June this year. Its modus operandi changes depending on the environment it targets, as the researchers say.

A previously unconfirmed, financially motivated threat group operating under the self-proclaimed name, “Karakurt” started ramping up attacks late in the third quarter of 2021 and continued into the fourth quarter. The presence of Karakurt was first identified in June 2021 as it registered its apparent dump-site domains: karakurt[.]group and karakurt[.]tech, followed by their Twitter handle “karakurtlair” in August 2021. Accenture Security first observed Karakurt intrusion clusters in September 2021, when multiple sightings occurred within a short timeframe. The threat group has claimed to have impacted over 40 victims across multiple industries between September 2021 and November 2021.

Source

Karakurt and Its Tactics

The researchers described how this new threat actor group named Karakurt uses to operate:

its motivation has a financial nature; it uses Lotl techniques (living off the land) to avoid being observed; it uses to target and abuse legitimate software; the malicious actors also can abuse system functions as the components of the

Read More: https://heimdalsecurity.com/blog/karakurt-another-hacking-group-was-identified/