A series of big-game hunting incidents and double extortion attacks carried out by Kraken, a Russian-speaking operation that has emerged from the ashes of the HelloKitty cartel, was observed in August 2025 by Cisco Talos and detailed in an advisory published recently. The group has been linked to intrusions where Server Message Block (SMB) flaws were abused for entry, followed using Cloudflare for persistence and SSH Filesystem (SSHFS) for data theft before encryption. Kraken’s toolkit spans W
