A previously undocumented, financially motivated threat group has been connected to a string of data theft and extortion attacks on over 40 entities between September and November 2021.
The hacker collective, which goes by the self-proclaimed name Karakurt and was first identified in June 2021, is capable of modifying its tactics and techniques to adapt to the targeted environment, Accenture’s Cyber Investigations, Forensics and Response (CIFR) team said in a report published on December 10.
“The threat group is financially motivated, opportunistic in nature, and so far, appears to target smaller companies or corporate subsidiaries versus the alternative big game hunting approach,” the CIFR team said. “Based on intrusion analysis to date, the threat group focuses solely on data exfiltration and subsequent extortion, rather than the more destructive ransomware deployment.”
95% of the known victims are based in North America, while the remaining 5% are in Europe. Professional services, healthcare, industrial, retail, technology, and entertainment verticals have been the most targeted.
The goal, the researchers noted, is to avoid drawing attention to its malicious activities as much as possible by relying on living off the land (LotL) techniques, wherein the attackers abuse legitimate software and functions available in a system such as operating system components or installed software to move laterally and exfiltrate data, as opposed to deploying post-exploitation tools like Cobalt Strike.
images from Hacker News