216.73.216.170

Unleashing the Kraken ransomware group

· Published 13/11/2025 18:04 · Modified 13/11/2025 20:16

Export JSON

Essential information

Published
13/11/2025 18:04
Modified
13/11/2025 20:16
Tags
2025-11-13 cross-platform data leak double-extortion encryption kraken ransomware russian-speaking underground forum
Related entities
11 observables, 1 intrusion sets (apt), 17 techniques (mitre), 1 malware, 6 others

Description

The group, emerging from the remnants of the HelloKitty cartel, has been observed conducting big-game hunting and double extortion attacks. Utilizing SMB vulnerabilities for initial access, they employ tools like Cloudflared for persistence and SSHFS for data exfiltration. 's targets Windows, Linux, and VMware ESXi environments, featuring a unique benchmarking capability. The group operates a site and has announced a new called 'The Last Haven Board'. 's sophisticated includes extensive command-line options, performance testing, and anti-analysis techniques. It targets various file types, including SQL databases and network shares, while employing multi-threaded and self-deletion processes to evade detection.

External references