CarderPlanet
Professional
- Messages
- 2,549
- Reaction score
- 724
- Points
- 113
The F. A. C. C. T. news about the group's work forced the hackers to change their name.
Experts from F. A. C. C. T. found that the well-known cybercrime group Shadow, engaged in extortion, has rebranded and now operates under the name C0met. The changes follow a recent report about the close relationship between two hacker groups - Twelve and Shadow, which actively attack large Russian companies.
Under the new name C0met, attackers continue to use in their attacks an encrypted version of the LockBit 3.0 (Black) ransomware program, created using the same version of the leaked LockBit 3.0 (Black) constructor. For Linux-based systems, attackers use a ransomware program developed on the basis of Babuk source codes.
Hackers not only steal and encrypt corporate data, but also steal the sessions of Telegram clients installed on office computers. It is noted that cybercriminals create a group in Telegram dedicated to hacking, and add IT specialists and the management of the affected company there.
Members of the Comet group (C0met) also claim that the group is international and that they are attacking not only Russia. Criminals "hide behind" the complexity of analyzing the encrypted version of LockBit 3, and, accordingly, attributing such versions of LockBit 3 (Black) to a specific criminal group.
According to the data, the victims of attacks by the Shadow and Twelve groups, and now Comet, are located in Russian cities such as Moscow, St. Petersburg, Barnaul, Yekaterinburg, Izhevsk, Cherepovets and others.
Experts from F. A. C. C. T. found that the well-known cybercrime group Shadow, engaged in extortion, has rebranded and now operates under the name C0met. The changes follow a recent report about the close relationship between two hacker groups - Twelve and Shadow, which actively attack large Russian companies.
Under the new name C0met, attackers continue to use in their attacks an encrypted version of the LockBit 3.0 (Black) ransomware program, created using the same version of the leaked LockBit 3.0 (Black) constructor. For Linux-based systems, attackers use a ransomware program developed on the basis of Babuk source codes.
Hackers not only steal and encrypt corporate data, but also steal the sessions of Telegram clients installed on office computers. It is noted that cybercriminals create a group in Telegram dedicated to hacking, and add IT specialists and the management of the affected company there.
Members of the Comet group (C0met) also claim that the group is international and that they are attacking not only Russia. Criminals "hide behind" the complexity of analyzing the encrypted version of LockBit 3, and, accordingly, attributing such versions of LockBit 3 (Black) to a specific criminal group.
According to the data, the victims of attacks by the Shadow and Twelve groups, and now Comet, are located in Russian cities such as Moscow, St. Petersburg, Barnaul, Yekaterinburg, Izhevsk, Cherepovets and others.
