Connections that show the cybercriminal teams are working together signal shifts in their respective tactics and an expansion of opportunities to target victims.
Researchers have found financial and technological links between the Karakurt cybercriminal group and two high-profile ransomware actors that signal a shift in business operations and an expansion of opportunities for the threat actors to target victims, they said.
Karakurt—a financially motivated threat actor first identified last summer—now appears to be entangled with both the Conti and Diavol groups, researchers from Tetra Defense, an Artic Wolf company, and Chainalysis revealed in a report published Friday.
Researchers used forensics-based threat intel and blockchain analysis in its discovery that the two ransomware groups—which were believed to be operating independently—have now become part of the evolving Karakurt web, they said. The ties between Karakurt and Conti especially appear to be strong, with the former working off the latter’s resources, they said.
“Whether Karakurt is an elaborate side hustle by Conti and Diavol operatives or whether this is an enterprise sanctioned by the overall organization remains to be seen,” researchers said. “What we can say is this connection perhaps explains why Karakurt is surviving and thriving despite some of