Hacktivist Group Twelve Strikes Russian Entities with Cyber Attacks

SeniorTechInfo
2 Min Read

A group of hacktivists known as Twelve has been causing havoc by launching destructive cyber attacks against Russian targets using a range of publicly available tools.

Kaspersky, in a recent analysis, revealed, “Rather than demand a ransom for decrypting data, Twelve prefers to encrypt victims’ data and then destroy their infrastructure with a wiper to prevent recovery.”

This signifies Twelve’s intent to inflict maximum damage on target organizations without seeking direct financial gain.

Originating in April 2023 during the Russo-Ukrainian war, Twelve specializes in crippling victim networks, disrupting business operations, and engaging in hack-and-leak operations by sharing stolen data on their Telegram channel.

Kaspersky’s research linked Twelve to DARKSTAR, a ransomware group, suggesting a possible relationship between the two or their involvement in the same cluster of activities. While Twelve’s actions lean towards hacktivism, DARKSTAR follows the double extortion model.

The attack chain involves exploiting vulnerabilities, gaining access via RDP, and deploying various tools like Cobalt Strike, Mimikatz, and BloodHound for carrying out malicious activities.

One incident investigated by Kaspersky involved exploiting VMware vCenter vulnerabilities to deploy malicious tools and gain a foothold in victim networks. PowerShell was utilized to escalate privileges and modify Active Directory objects.

To cover their tracks, the attackers disguised their malware under innocuous names like “Update Microsoft” and “Yandex.”

The attacks culminated in launching ransomware and wiper payloads through the Windows Task Scheduler and exfiltrating data via a file-sharing service before encrypting and destroying files.



Cybersecurity


The group’s use of known tools and tactics makes it possible to detect and prevent their attacks in a timely manner. By following us on Twitter and LinkedIn, you can stay updated on exclusive content related to such cyber threats.

Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *