A series of big-game hunting incidents and double extortion attacks carried out by Kraken, a Russian-speaking operation that has emerged from the ashes of the HelloKitty cartel, was observed in August 2025 by Cisco Talos and detailed in an advisory published recently. The group has been linked to intrusions where Server Message Block (SMB) flaws were abused for entry, followed using Cloudflare for persistence and SSH Filesystem (SSHFS) for data theft before encryption. Kraken’s toolkit spans W
kraken (2)
Activity Summary - Week Ending 23 October 2020:
- Red Sky Alliance observed 69 unique email accounts compromised with keyloggers
- Analysts identified 43,643 connections from new unique IP addresses
- CTAC identified 2,933 new IP addresses participating in various Botnets
- EKING Variant of Phobos Ransomware
- Kraken
- KillDisk and Industroyer
- Mobility Electronics Suppliers Expo – Attacked
- Messe-Berlin
- Minnesota Republican Party – Attacked
- Critical Manufacturing RedXray example – Tesla Inc.
- 4Chan and 8Chan
