‘Karakurt’ Extortion Threat Emerges, But Says No to Ransomware
The Karakurt threat group, which was first identified by security researchers in June, has allegedly decided to turn down the opportunity of deploying ransomware in its attacks. The threat group focuses only on data exfiltration and extortion and has already claimed 40 victims this fall. Although the threat group is financially motivated, it does not appear to be interested in ransomware or targeting high-profile entities. Researchers at Accenture have been tracking the group, whose name means “black wolf” in Turkish.
The group moves quickly and has attacked more than 40 victims primarily located in North America. Accenture researchers determined that the group targets smaller companies or corporate subsidiaries rather than seeking high-profile targets. Karakurt may turn out to be a trendsetter in the future, prompting other groups to move away from targeting massive corporations or critical infrastructure providers and focusing on smaller companies. This kind of operation enables faster attack execution and does not intentionally disrupt business operations. However, it is still very effective when it comes to data extortion, says Accenture.