Ravie Lakshmanan reports:
A nascent threat actor known as Crypt Ghouls has been linked to a set of cyber attacks targeting Russian businesses and government agencies with ransomware with the twin goals of disrupting business operations and financial gain.
“The group under review has a toolkit that includes utilities such as Mimikatz, XenAllPasswordPro, PingCastle, Localtonet, resocks, AnyDesk, PsExec, and others,” Kaspersky said. “As the final payload, the group used the well-known ransomware LockBit 3.0 and Babuk.”
Victims of the malicious attacks span government agencies, as well as mining, energy, finance, and retail companies located in Russia.
Read more at The Hacker News.