IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image

SentinelLabs uncovers CyberVolk hacktivist operations

Today

SentinelLabs has released a comprehensive report on the hacktivist group CyberVolk, detailing its operations and affiliations within the cybercrime ecosystem.

CyberVolk, a politically motivated collective, has been active since May 2024 and specialises in launching ransomware and Distributed Denial of Service (DDoS) attacks. The group, which has pro-India and pro-Russia leanings, targets entities opposing Russian interests. Between June and October 2024, CyberVolk claimed responsibility for several ransomware attacks on public and government entities.

According to SentinelLabs, CyberVolk has embraced a Ransomware-as-a-Service (RaaS) model, which has been conducive to its dynamic and challenging nature. This approach allows them to repurpose existing commodity malware, enhancing the sophistication of their operations. They utilise ransomware builders such as AzzaSec, Diamond, LockBit, and Chaos, highlighting their adaptability and broadened reach within the cyber threat landscape.

The group's activities are heavily intertwined with other cybercrime collectives and tools. SentinelLabs notes a shared codebase between CyberVolk, AzzaSec, and DoubleFace's ransomware. Furthermore, CyberVolk actively promotes ransomware families like HexaLocker and Parano, underscoring the interconnected nature of these threats.

CyberVolk is noted for its rapid evolution and adaptability, continuously reshaping the threat landscape. The group's strategy includes exploiting geopolitical tensions to justify its cyber-attacks. They have purported alliances with broad groups such as LAPSUS$, Anonymous, and Moroccan Dragons, but also maintain ties with RU-friendly and DDoS-focused groups like NONAME057(16). This array of affiliations enhances their capacity to leverage threats across multiple platforms.

SentinelLabs highlights the volatility of these hacktivist groups, which frequently experience in-fighting and political posturing. Such dynamics can lead to fragmentation and the reconfiguration of alliances and tactics, making it increasingly difficult for cybersecurity teams to track and respond to emerging threats.

SentinelLabs warns that as groups like CyberVolk continue to utilise commodity tools with high potential for damage, the complexity of ransomware operations will rise. This creates an imperative for ongoing vigilance and monitoring by cybersecurity professionals to stay informed about developments within the cybercrime realm.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X