Karakurt is a financially motivated cybercriminal group that emerged in June 2021, distinguished by its exclusive focus on data exfiltration and extortion rather than deploying traditional file-encrypting ransomware. The group is assessed with high confidence to be of Russian origin, with strong operational ties to the now-defunct Conti ransomware group, potentially operating as a side business or a diversification strategy for Conti. Karakurt's primary motivation is financial gain through threatening to leak stolen sensitive data, often on dedicated leak and auction sites, to compel victims into paying a ransom. What sets Karakurt apart is their aggressive and often relentless harassment campaigns, contacting victims' employees, business partners, and clients with emails and phone calls—frequently including samples of the stolen data—to pressure organizations into paying. They are also known to exaggerate the extent and value of the data stolen to increase pressure on victims. The gro