Hacktivist Group Twelve Launches Destructive Cyber Attacks on Russian Entities

Published:

Twelve Hacktivist Group Conducting Destructive Cyber Attacks Against Russian Targets

Hacktivist Group Twelve Conducts Destructive Cyber Attacks on Russian Targets

A hacktivist group known as Twelve has been making headlines for their destructive cyber attacks against Russian targets. Unlike traditional ransomware groups, Twelve’s modus operandi involves encrypting victims’ data and then destroying their infrastructure with a wiper, making data recovery nearly impossible.

The group, suspected to have formed in April 2023 amid the Russo-Ukrainian war, has a history of launching cyber attacks aimed at crippling victim networks and disrupting business operations. Additionally, Twelve has been involved in hack-and-leak operations, where sensitive information is exfiltrated and shared on their Telegram channel.

According to a recent analysis by cybersecurity firm Kaspersky, Twelve shares similarities with another ransomware group called DARKSTAR, suggesting a potential connection between the two entities. While Twelve focuses on causing maximum damage without financial gain, DARKSTAR adheres to the double extortion model.

The cyber attacks orchestrated by Twelve typically involve gaining initial access through compromised accounts and leveraging tools like Cobalt Strike, Mimikatz, and BloodHound for lateral movement and privilege escalation. The group also exploits known vulnerabilities, such as CVE-2021-21972 and CVE-2021-22005, to infiltrate target systems.

In one notable incident, Twelve used a backdoor named FaceFish to exploit a vulnerability in VMware vCenter, demonstrating their sophisticated tactics. The group is also known to disguise their malicious activities under legitimate-sounding names like “Update Microsoft” and “intel.exe” to evade detection.

As Twelve continues to wreak havoc on Russian targets, cybersecurity experts emphasize the importance of vigilance and proactive measures to detect and prevent such destructive cyber attacks in the future. Stay tuned for more updates on this evolving threat landscape.

Related articles

Recent articles