BI.ZONE: threat actors use leaked source code to attack Russian companies
Since early 2022, there have been tensions within many criminal groups. Moreover, due to the recent geopolitical events, adversaries have come under the spotlight of law enforcement and researchers. As a result, criminal infrastructures are being hacked more frequently. Competing groups resort to releasing each other’s data, techniques, and tools such as malware builders.
This is how the source codes for Babuk, Conti, and LockBit ransomware became publicly available. According to BI.ZONE Cyber Threat Intelligence, they are being intensively used by three criminal groups: Battle Wolf, Twelfth Wolf, and Shadow Wolf.
Battle Wolf emerged in late February 2022 amid the global developments. According to the group’s postings on X (formerly Twitter), it has successfully attacked no less than 15 major organizations in Russia: research, manufacturing, public, financial, etc.
Twelfth Wolf appeared in April 2023, carrying out at least four successful attacks. In its Telegram channel, the group reported an attack on one of Russia’s largest federal executive agencies, which they claimed resulted in a compromise of sensitive information.
Shadow Wolf began its hunt in March 2023 with several successful attacks on Russian engineering, insurance, transportation, and media companies. Unlike Battle Wolf and Twelfth Wolf, the group is driven solely by financial motives. Shadow Wolf and the victim usually communicate on the dark web. The page address is included in the ransom note, which states the conditions for the decryption and removal of the stolen data. In some cases, the attackers create a Telegram chat room where they add the entire IT staff of the affected organization.
You can get the latest information about new attack groups, their techniques and tactics with cyber threat intelligence platforms such as BI.ZONE ThreatVision. New threats can be effectively identified and handled by endpoint detection and response solutions like BI.ZONE EDR.
Check out our new research for more details about the groups and leaked data.