Hackers are rapidly expanding their arsenal, attracting more and more new affiliates.
The international cybercrime group GhostSec, which is involved in the creation and distribution of a cryptographer called GhostLocker, is rapidly increasing the speed of its malicious activities, covering more and more countries.
According to a recent report by Cisco Talos, GhostSec hackers, in collaboration with Stormous, another cybercrime group, are carrying out "double extortion" attacks, affecting a variety of business sectors around the world.
In November 2023, the groups updated the GhostLocker cryptographer to version 2.0, making it even more powerful and dangerous. And already this year, we launched a new RaaS program called STMX_GhostLocker.
The RaaS distribution scheme allows affiliates to monitor their operations through a web dashboard and flexibly configure the behavior of the cryptographer in accordance with their preferences.
Victim countries that have been affected by the groups ' joint activities include Cuba, Argentina, Poland, China, Lebanon, Israel, Uzbekistan, India, South Africa, Brazil, Morocco, Qatar, Turkey, Egypt, Vietnam, Thailand and Indonesia.
The industries most affected by the attacks are information technology, education, manufacturing, public sector, transportation, energy, healthcare, real estate, and telecommunications.
Such a variety of victims can easily be explained by the RaaS distribution scheme, since hundreds of people from different countries can buy a subscription to malicious tools, and then quickly replenish the piggy bank of victims of the cybercrime duo GhostSec and Stormous.
In addition, Cisco Talos discovered new tools likely used by GhostSec to compromise legitimate sites, including the "GhostSec Deep Scan" tool for deep site scanning and the "GhostPresser" tool for attacking WordPress sites.
All this shows GhostSec's desire to expand and develop its arsenal to carry out more complex attacks. And the more hacking arsenal a group can provide, the more affiliates it can potentially attract and earn more money.
Perhaps it is worth recalling that the GhostSec group is part of the "Five Families" coalition, formed in August 2023. It also includes the aforementioned Stormous, as well as the groups ThreatSec, SiegedSec and Blackforums.
The goal of this coalition is to strengthen unity and connections in the underground Internet space to expand cybercrime activities. And, as can be seen from the analysis of the joint activities of GhostSec and Stormous, hackers quite managed to establish effective interaction.
The proliferation and strengthening of cybercrime syndicates like "Five Families" once again reminds private and public companies around the world that they need to constantly improve their security measures, sparing no expense on effective solutions and competent personnel. This is the only way to protect your organization from such cyber threats and keep your business afloat.
The international cybercrime group GhostSec, which is involved in the creation and distribution of a cryptographer called GhostLocker, is rapidly increasing the speed of its malicious activities, covering more and more countries.
According to a recent report by Cisco Talos, GhostSec hackers, in collaboration with Stormous, another cybercrime group, are carrying out "double extortion" attacks, affecting a variety of business sectors around the world.
In November 2023, the groups updated the GhostLocker cryptographer to version 2.0, making it even more powerful and dangerous. And already this year, we launched a new RaaS program called STMX_GhostLocker.
The RaaS distribution scheme allows affiliates to monitor their operations through a web dashboard and flexibly configure the behavior of the cryptographer in accordance with their preferences.
Victim countries that have been affected by the groups ' joint activities include Cuba, Argentina, Poland, China, Lebanon, Israel, Uzbekistan, India, South Africa, Brazil, Morocco, Qatar, Turkey, Egypt, Vietnam, Thailand and Indonesia.
The industries most affected by the attacks are information technology, education, manufacturing, public sector, transportation, energy, healthcare, real estate, and telecommunications.
Such a variety of victims can easily be explained by the RaaS distribution scheme, since hundreds of people from different countries can buy a subscription to malicious tools, and then quickly replenish the piggy bank of victims of the cybercrime duo GhostSec and Stormous.
In addition, Cisco Talos discovered new tools likely used by GhostSec to compromise legitimate sites, including the "GhostSec Deep Scan" tool for deep site scanning and the "GhostPresser" tool for attacking WordPress sites.
All this shows GhostSec's desire to expand and develop its arsenal to carry out more complex attacks. And the more hacking arsenal a group can provide, the more affiliates it can potentially attract and earn more money.
Perhaps it is worth recalling that the GhostSec group is part of the "Five Families" coalition, formed in August 2023. It also includes the aforementioned Stormous, as well as the groups ThreatSec, SiegedSec and Blackforums.
The goal of this coalition is to strengthen unity and connections in the underground Internet space to expand cybercrime activities. And, as can be seen from the analysis of the joint activities of GhostSec and Stormous, hackers quite managed to establish effective interaction.
The proliferation and strengthening of cybercrime syndicates like "Five Families" once again reminds private and public companies around the world that they need to constantly improve their security measures, sparing no expense on effective solutions and competent personnel. This is the only way to protect your organization from such cyber threats and keep your business afloat.
