ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > Karakurt

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Other threat group: Karakurt

NamesKarakurt (self given)
MotivationFinancial gain
First seen2021
Description(Accenture) Accenture Security has identified a new threat group, the self-proclaimed Karakurt Hacking Team, that has impacted over 40 victims across multiple geographies. The threat group is financially motivated, opportunistic in nature, and so far, appears to target smaller companies or corporate subsidiaries versus the alternative big game hunting approach. Based on intrusion analysis to date, the threat group focuses solely on data exfiltration and subsequent extortion, rather than the more destructive ransomware deployment. In addition, Accenture Security assesses with moderate-to-high confidence that the threat group’s extortion approach includes steps to avoid, as much as possible, drawing attention to its activities.
ObservedSectors: Energy, Entertainment, Healthcare, Hospitality, Industrial, Manufacturing, Retail, Technology.
Countries: USA and Europe.
Tools used7-Zip, AnyDesk, Cobalt Strike, FileZilla, Mimikatz, WinZip, Living off the Land.
Operations performedSep 2022Migration policy org confirms cyberattack after extortion group touts theft

Last change to this card: 13 September 2022

Download this actor card in PDF or JSON format

Previous: Infraud Organization
Next: Lapsus$

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]