A new warning from Accenture Security highlights this new cybercriminal group making waves that focuses on a "data breach and extortion” MO rather than relying on ransomware.
Very seldom do I see notices about a specific threat group unless one of two things are true – either they have successfully attacked a high-profile victim organization, or there are jumping onto the scene with lots of detected attacks.
In the case of Karakurt, it may be a bit of both.
According to a new notice put out by Accenture Security, Karakurt has been a focus of theirs since only September 2021. With a supposed 40 victim organizations in only 90 days, this cybercriminal group appears to be a formidable adversary. And given Accenture’s customers are typically larger Enterprises with $1B+ in revenues, it’s likely that Karakut has successfully attacked a well-known organization that has somehow stayed out of the headlines.
The group maintain a site promoting the “Karakurt hacking team” and provides press releases on attacks and leaked files.
Source: Accenture Security
According to Accenture, 95% of Karakurt’s victim organizations are in North America with the most attacked industries (based on the limited attack data to-date) being professional services, technology, healthcare, and retail.
Accenture feels we’ve only just seen the beginning of Karakurt, stating “Accenture Security assess with high confidence that the group's operations have just begun, and that Karakurt activity will likely continue to proliferate into the foreseeable future, impacting additional victims.”