GhostSec’s joint ransomware operation and evolution of their arsenal [Tuesday, March 05, 2024]

Cisco Talos observed a surge in GhostSec, a hacking group’s malicious activities since this past year. GhostSec has evolved with a new GhostLocker ...
GhostSec’s joint ransomware operation and evolution of their arsenal [Tuesday, March 05, 2024]
GhostSec’s joint ransomware operation and evolution of their arsenal

GhostSec’s joint ransomware operation and evolution of their arsenal

Description :
Cisco Talos observed a surge in GhostSec, a hacking group’s malicious activities since this past year. GhostSec has evolved with a new GhostLocker 2.0 ransomware, a Golang variant of the GhostLocker ransomware. The GhostSec and Stormous ransomware groups are jointly conducting double extortion ransomware attacks on various business verticals in multiple countries. GhostLocker and Stormous ransomware have started a new ransomware-as-a-service (RaaS) program STMX_GhostLocker, providing various options for their affiliates.

Published Created Modified
2024-03-05 16:11:49 2024-03-05 16:11:49 2024-03-05 16:30:46

Tags

Indicators

IPv4s : URLs : Malwares :
  • GhostLocker
Hashes :
  • 8b758ccdfbfa5ff3a0b67b2063c2397531cf0f7b3d278298da76528f443779e9
  • 36760e9bbfaf5a28ec7f85d13c7e8078a4ee4e5168b672639e97037d66eb1d17
  • 8fa28795e4cd95e6c78c4a1308ea80674102669f9980b2006599d82eff6237b3
  • a1b468e9550f9960c5e60f7c52ca3c058de19d42eafa760b9d5282eb24b7c55f
Intrusion set :
  • GhostSec
Location :
  • Israel
MITRE ATT&CK Techniques : Other observables :
  • Transportation
  • Energy
  • Education
  • Manufacturing
  • Telecommunications
  • Technology
  • Government

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.