Lucene search

Industrial Control Systems Cyber Emergency Response TeamAA22-152A

HistoryDec 12, 2023 - 12:00 p.m.

Karakurt Data Extortion Group

2023-12-1212:00:00

Industrial Control Systems Cyber Emergency Response Team

www.cisa.gov

130

karakurt

ransomware

patching

training

multifactor authentication

cyber threat

phishing

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.976 High

EPSS

Percentile

100.0%

JSON

Actions to take today to mitigate cyber threats from Karakurt ransomware:

Prioritize patching known exploited vulnerabilities.
Train users to recognize and report phishing attempts.
Enforce multifactor authentication.

References

attack.mitre.org/techniques/T1133/

attack.mitre.org/techniques/T1566/

attack.mitre.org/techniques/T1591/002/

attack.mitre.org/versions/v11/software/S0154/

attack.mitre.org/versions/v11/tactics/TA0001/

attack.mitre.org/versions/v11/tactics/TA0043/

attack.mitre.org/versions/v11/techniques/T1048/

attack.mitre.org/versions/v11/techniques/T1078/

attack.mitre.org/versions/v11/techniques/T1083/

attack.mitre.org/versions/v11/techniques/T1133/

attack.mitre.org/versions/v11/techniques/T1190/

attack.mitre.org/versions/v11/techniques/T1219/

attack.mitre.org/versions/v11/techniques/T1566/

attack.mitre.org/versions/v11/techniques/T1566/001/

attack.mitre.org/versions/v11/techniques/T1567/002/

attack.mitre.org/versions/v11/techniques/T1589/001/

attack.mitre.org/versions/v11/techniques/T1589/002/

attack.mitre.org/versions/v11/techniques/T1591/002/

github.com/cisagov/cset/releases/tag/v10.3.0.0

pages.nist.gov/800-63-3/

public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138

twitter.com/CISAgov

twitter.com/intent/tweet?text=Karakurt%20Data%20Extortion%20Group%20+https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-152a

www.cisa.gov/cyber-hygiene-services

www.cisa.gov/stopransomware

www.dhs.gov

www.dhs.gov/foia

www.dhs.gov/performance-financial-reports

www.facebook.com/CISA

www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-152a&title=Karakurt%20Data%20Extortion%20Group%20

www.fincen.gov/resources/advisories/fincen-advisory-fin-2016-a005

www.fincen.gov/resources/advisories/fincen-advisory-fin-2021-a004

www.instagram.com/cisagov

www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency

www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-152a

www.nccoe.nist.gov/projects/building-blocks/data-integrity/detect-respond

www.oig.dhs.gov/

www.state.gov/rewards-for-justice/

www.surveymonkey.com/r/CISA-cyber-survey?product=https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-152a

www.usa.gov/

www.whitehouse.gov/

www.youtube.com/@cisagov

mailto:?subject=Karakurt%20Data%20Extortion%20Group%20&body=www.cisa.gov/news-events/cybersecurity-advisories/aa22-152a

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.976 High

EPSS

Percentile

100.0%

JSON

Karakurt Data Extortion Group

Actions to take today to mitigate cyber threats from Karakurt ransomware:

References

Related