216.73.216.86

Aiming at domestic government and enterprises! Deeply revealed ransomware operator Rast gang

· Published 30/09/2024 10:39 · Modified 30/09/2024 10:50

Export JSON

Essential information

Published
30/09/2024 10:39
Modified
30/09/2024 10:50
Tags
2024-09-30 buran china enterprises gandcrab globeimposter government mysql nday phobos ransomware rast rdp rust
Related entities
21 observables, 1 intrusion sets (apt), 20 techniques (mitre), 5 malware, 5 others

Description

A new threat, dubbed , has emerged targeting Chinese and since December 2023. Written in , has infected over 6,800 terminals, successfully encrypting more than 5,700. The gang, named after the , operates primarily between 20:00 and 05:00, suggesting a European base. Their attack method involves brute-forcing and exploiting vulnerabilities to access border servers, followed by manual deployment of components. The gang's tactics are reminiscent of operators distributing , , , and . has evolved through three versions, with the latest requiring manual operation via a console interface. Victim information is uploaded to a database, revealing a wide range of affected sectors including , finance, and various industries.

External references