Unleashing the Kraken Ransomware Group

    Friday, November 14, 2025 In: Threat Research Print

    Date: 11/14/2025

    Severity: High

    Summary

    In August 2025, Kraken— a Russian-speaking ransomware group that emerged from the former HelloKitty cartel— conducted big-game hunting and double-extortion attacks. Cisco Talos observed the group exploiting SMB vulnerabilities for initial access, then using Cloudflared for persistence and SSHFS for pre-encryption data exfiltration. Kraken operates as a cross-platform ransomware, with dedicated encryptors for Windows, Linux, and VMware ESXi, and uniquely benchmarks victim systems before encryption. The group also promoted a new underground forum, “The Last Haven Board,” intended to provide a secure communication hub for cybercriminals.

    Indicators of Compromise (IOC) List 

    Hash

    340ddd9fd22f2abf0474b580a29129b09cc125fbd00a168eab899f6cdde351d7

    79d7701146b24e023de7a34519bbfb635375d1db3711bdf58ab21440a42ca7c2

    abba10d2808639724e8c6b3c22d565cb338dc17d680a4f1591d0408b9edf78d8

    2c26bb95a938b6a5063bf4f95942440a0583d52bb129ea272584fc94906f5e86

    d26171b8ecb3cf1b140d062c0274cc6ee125a318d74e2d5e19699213dca3ca9a

    2797ce055d37f9ea23080498584979b31fbf1f178d989d00c50f0cbbc93c6cc9

    32ead9cd1f4925c8f10b9c04d0aa8b874277495104d9b8adfe7bb42583e51218

    f6e189a3074fc88dc5f1be8de7887e097fe2115867db56b3ecc68b3a278b4965

    2f7cef4fdedf5393a5485ef4e3b718a56052184193b9833220b04930402dc96d

    7472ac19dc16fc3bfd621cbb2a49e3641bd86325552d4eeb562e21d963f82bb3

    1a449b92a96d37cd8210e25c17d495f9cf65387a3feb81b7b2c6a901e5ab7523

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1 :

    sha256hash IN ("f6e189a3074fc88dc5f1be8de7887e097fe2115867db56b3ecc68b3a278b4965","2c26bb95a938b6a5063bf4f95942440a0583d52bb129ea272584fc94906f5e86","32ead9cd1f4925c8f10b9c04d0aa8b874277495104d9b8adfe7bb42583e51218","d26171b8ecb3cf1b140d062c0274cc6ee125a318d74e2d5e19699213dca3ca9a","2797ce055d37f9ea23080498584979b31fbf1f178d989d00c50f0cbbc93c6cc9","1a449b92a96d37cd8210e25c17d495f9cf65387a3feb81b7b2c6a901e5ab7523","abba10d2808639724e8c6b3c22d565cb338dc17d680a4f1591d0408b9edf78d8","340ddd9fd22f2abf0474b580a29129b09cc125fbd00a168eab899f6cdde351d7","79d7701146b24e023de7a34519bbfb635375d1db3711bdf58ab21440a42ca7c2","2f7cef4fdedf5393a5485ef4e3b718a56052184193b9833220b04930402dc96d","7472ac19dc16fc3bfd621cbb2a49e3641bd86325552d4eeb562e21d963f82bb3")

    Reference:

    https://blog.talosintelligence.com/kraken-ransomware-group/


    Tags

    MalwareKrakenRansomwareRussiaExtortionExploitCloudflareExfiltration

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.