Chort Ransomware Campaign

Resumen de la Campana

Ransomware campaign by chort.

Objetivos

The primary objective of the Chort ransomware campaign is to execute digital extortion against compromised networks. The attack team targets systems with high-value assets, specifically focusing on infrastructure related to critical services such as payment processing and cloud storage.

Tacticas

• Honeypot Deployment: Initial infection vectors were deployed using legitimate-looking software updates for popular frameworks (specifically Spring Boot 3.x), exploiting a vulnerability in the dependency management system that allows attackers to install their malicious payload.
• Evaluation Framework Exploitation: Attackers exploited an evaluation framework vulnerability where users could bypass authentication and access internal assets, including databases containing sensitive configuration files and credentials.
• Data Exfiltration: Once compromised, the ransomware extracted customer data from cloud storage accounts (S3 buckets) and uploaded it to a hidden IP address for further distribution.

Indicadores de Compromiso (IOCs)

No hay Indicadores de Compromiso publicos disponibles.

Impacto

The successful compromise of the target environment resulted in significant data breaches. Attackers extracted customer information from cloud storage and uploaded it to a hidden IP address, potentially exposing millions of records including credit card numbers, email addresses, and user identifiers. This type of breach significantly impacts trust and compliance standards for organizations handling sensitive financial data.