An analysis of the cryptocurrency wallets tied to the Karakurt hacker group, combined with their particular methodology for data theft, suggests that the group’s membership overlaps with two other prominent hacking crews, according to an analysis published by cybersecurity firm Tetra Defense.
Tetra’s report details the experience of a client company that was hit with a ransomware attack by the Conti group, and subsequently targeted again by a data theft perpetrated by the Karakurt group. The analysis showed that the Karakurt attack used precisely the same backdoor to compromise the client’s systems as the earlier Conti attack.
“Such access could only be obtained through some sort of purchase, relationship, or surreptitiously gaining access to Conti group infrastructure,” Tetra wrote in its report.