A pro-Russian hacktivist group has launched its own ransomware-as-a-service (RaaS) operations to advance its causes.
Researchers from SentinelLabs has observed the CyberVolk hacktivist collective advertise its branded ransomware since June, 2024, and has claimed responsibility for multiple ransomware attacks between June and October.
The hacktivist group, which originated in India, has also promoted and shared tools with other ransomware families.
The analysis highlights the growing blurring of the lines between hacktivism, cybercrime and nation-state activity.
The researchers noted that the group’s activities also demonstrate how readily threat actors can access and deploy dangerous ransomware builders, making such groups increasingly challenging to track.
Read now: Threat Actors Weaponize Hacktivism for Financial Gain
Exploiting Geopolitical Issues to Target Governments
SentinelLabs said that CyberVolk emerged in its current form in May 2024, prior to which it was known by various names including Gloriamist, Gloriamist India and Solntsevskaya Bratva.
The collective has pro-Russia leanings and leverages geopolitical issues to launch and justify attacks on public and government entities opposed to Kremlin interests.
It has become a prominent player in the cybercrime ecosystem, utilizing DDoS attacks as well as adopting and repurposing existing commodity malware to advance its operations. These include infostealer malware and webshells.
CyberVolk claims alliances with a range of hacktivist and cybercrime groups, including Lapsus$, and the Moroccan Dragons.
CyberVolk Launches Branded Ransomware
In June, CyberVolk announced its branded RaaS capabilities. The researchers said this ransomware is derived from AzzaSec ransomware code. AzzaSec is a pro-Russia, anti-Israel, and anti-Ukraine hacktivist group that emerged in February 2024.
The source-code for AzzaSec Ransom was leaked and subsequently adopted and adapted by multiple groups aligned with AzzaSec’s mission in June 2024.
No tags.
