IT Brief Australia - Technology news for CIOs & IT decision-makers
Australia
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things
Search
Story image
#
Malware
#
Ransomware
#
Government

SentinelLabs uncovers CyberVolk hacktivist operations

Today
Author image
By Catherine Knowles, Journalist

SentinelLabs has released a comprehensive report on the hacktivist group CyberVolk, detailing its operations and affiliations within the cybercrime ecosystem.

CyberVolk, a politically motivated collective, has been active since May 2024 and specialises in launching ransomware and Distributed Denial of Service (DDoS) attacks. The group, which has pro-India and pro-Russia leanings, targets entities opposing Russian interests. Between June and October 2024, CyberVolk claimed responsibility for several ransomware attacks on public and government entities.

According to SentinelLabs, CyberVolk has embraced a Ransomware-as-a-Service (RaaS) model, which has been conducive to its dynamic and challenging nature. This approach allows them to repurpose existing commodity malware, enhancing the sophistication of their operations. They utilise ransomware builders such as AzzaSec, Diamond, LockBit, and Chaos, highlighting their adaptability and broadened reach within the cyber threat landscape.

The group's activities are heavily intertwined with other cybercrime collectives and tools. SentinelLabs notes a shared codebase between CyberVolk, AzzaSec, and DoubleFace's ransomware. Furthermore, CyberVolk actively promotes ransomware families like HexaLocker and Parano, underscoring the interconnected nature of these threats.

CyberVolk is noted for its rapid evolution and adaptability, continuously reshaping the threat landscape. The group's strategy includes exploiting geopolitical tensions to justify its cyber-attacks. They have purported alliances with broad groups such as LAPSUS$, Anonymous, and Moroccan Dragons, but also maintain ties with RU-friendly and DDoS-focused groups like NONAME057(16). This array of affiliations enhances their capacity to leverage threats across multiple platforms.

SentinelLabs highlights the volatility of these hacktivist groups, which frequently experience in-fighting and political posturing. Such dynamics can lead to fragmentation and the reconfiguration of alliances and tactics, making it increasingly difficult for cybersecurity teams to track and respond to emerging threats.

SentinelLabs warns that as groups like CyberVolk continue to utilise commodity tools with high potential for damage, the complexity of ransomware operations will rise. This creates an imperative for ongoing vigilance and monitoring by cybersecurity professionals to stay informed about developments within the cybercrime realm.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Palo Alto forecasts AI-driven cyber threats in APAC 2025
Cybersecurity predictions for Asia Pacific in 2025
Bugcrowd attains global CREST accreditation for services
Bugcrowd expands with global CREST accreditation achievement
IT-OT convergence: Why security leaders must act now to protect both domains
Top stories
Debunking the myth of robophobia – why intelligent automation improves employee satisfaction
Turning inventory management and delivery into a peak season competitive advantage
Will AI replace automation?
Enterprise Architecture in 2025 and beyond
The key to AI success in hospitality? Building trust