Man
Professional
- Messages
- 3,093
- Reaction score
- 634
- Points
- 113
How polyglot hackers attack critical infrastructure on different continents.
Cybersecurity researchers from Group-IB have revealed new details about the Cicada3301 hacker group, which operates on the RaaS model. Specialists managed to gain access to the panel of affiliates of this cyber gang on the darknet, which allowed them to analyze all its internal processes.
Group-IB established contact with Cicada3301 through the RAMP cyber forum, using the Tox messenger, after the attackers posted an ad for the recruitment of new partners to their affiliate program.
Cicada3301 was first detected in June 2024. The researchers found similarities between the source code of this group and the already inactive ALPHV/BlackCat group. According to Group-IB, Cicada3301 attacks have already affected at least 30 organizations, mainly in critical industries in the US and UK.
The group's malware is built in the Rust language and supports multiple platforms. It can affect devices running Windows and various Linux distributions such as Ubuntu, Debian, CentOS, SUSE, and others, as well as ESXi and NAS systems.
Cicada3301 uses standard ransomware attack methods such as file encryption, VM shutdown, process termination, shadow copy deletion, and network encryption. This makes it as difficult as possible to restore systems and increase the pressure on victims.
A feature of the group is an affiliate program that attracts pentesters and access brokers. For participation, affiliates are offered a 20% commission and access to a web panel with extensive features. The panel includes sections for adding victims, negotiating, and managing an affiliate account.
To encrypt data, Cicada3301 uses a combination of the ChaCha20 and RSA algorithms, and it also actively applies data exfiltration tactics before encrypting it to increase pressure on victims.
According to experts, Cicada3301 has become one of the most advanced threats in today's ransomware market. Its approaches and tools make attacks precise and destructive, making the group a significant threat to organizations around the world.
Source
Cybersecurity researchers from Group-IB have revealed new details about the Cicada3301 hacker group, which operates on the RaaS model. Specialists managed to gain access to the panel of affiliates of this cyber gang on the darknet, which allowed them to analyze all its internal processes.
Group-IB established contact with Cicada3301 through the RAMP cyber forum, using the Tox messenger, after the attackers posted an ad for the recruitment of new partners to their affiliate program.
Cicada3301 was first detected in June 2024. The researchers found similarities between the source code of this group and the already inactive ALPHV/BlackCat group. According to Group-IB, Cicada3301 attacks have already affected at least 30 organizations, mainly in critical industries in the US and UK.
The group's malware is built in the Rust language and supports multiple platforms. It can affect devices running Windows and various Linux distributions such as Ubuntu, Debian, CentOS, SUSE, and others, as well as ESXi and NAS systems.
Cicada3301 uses standard ransomware attack methods such as file encryption, VM shutdown, process termination, shadow copy deletion, and network encryption. This makes it as difficult as possible to restore systems and increase the pressure on victims.
A feature of the group is an affiliate program that attracts pentesters and access brokers. For participation, affiliates are offered a 20% commission and access to a web panel with extensive features. The panel includes sections for adding victims, negotiating, and managing an affiliate account.
To encrypt data, Cicada3301 uses a combination of the ChaCha20 and RSA algorithms, and it also actively applies data exfiltration tactics before encrypting it to increase pressure on victims.
According to experts, Cicada3301 has become one of the most advanced threats in today's ransomware market. Its approaches and tools make attacks precise and destructive, making the group a significant threat to organizations around the world.
Source
