From September to November, the Karakurt hacker group hit 40 companies by extorting sensitive data. Their method is particular since they do not come to implant a viral load. They hide the necessary time in the network to get their hands on the most confidential information.
They have wasted no time but are rather patient. Created in June and active since September, the pirate group called was already at at least 40 known attacks on organizations at the end of November. Karakurt is not a group of pirates like any other. Its members target small and medium-sized businesses rather than large organizations. Likewise, they do not inject potentially destructive malware such as , but only focus on data exfiltration.
Once the data is recovered, they go blackmail for ransom not to release it publicly or to competition. This method allows both not to hamper the commercial activity of the targets and also to avoid drawing attention to the attack. This techniquethe name of living off the land (or “LotL”). This type of attack is now one of the most formidable threats. With them, cybercriminals can take all their time while remaining perfectly invisible.
They play the watch
The key is to succeed in penetrating the network. For this, the privileged entry point remains the. Then they manage to implant a which masquerades as a trusted tool with high access privileges. No risk of being detected by a security solution, because there is no malicious payload. The objective is to progress quietly in the network by gradually assigning additional privileges by collecting identifiers to access the strategic databases of the company.
According to , including the teams of have discovered this group, so far 95% of known victims are based in North America, while the remaining 5% are in Europe. Targeted sectors revolve around healthcare, industry, entertainment and retail.
The whole problem remains to be able to identify the presence of hackers in the network since they are quite simply invisible. For the moment, besides thesecurity updates, the only solution remains the use of security systems. to protect sensitive data.