Feuding Ransomware Groups Leak Each Other's Data
Summary
Two feuding ransomware groups, 0APT and KryBit, have engaged in a data-leaking conflict, exposing each other's infrastructure and operational data. This internal conflict has inadvertently provided cybersecurity defenders with valuable insights into the inner workings of ransomware operations.
IFF Assessment
The infighting between ransomware groups, leading to the public exposure of their operational data, is beneficial for defenders as it offers unprecedented visibility into threat actor tactics, techniques, and procedures.
Defender Context
Ransomware groups are increasingly sophisticated, but internal conflicts can be a significant vulnerability. Defenders should monitor any leaked data from these disputes for actionable intelligence on attacker infrastructure, communication channels, and potential new TTPs. This also highlights the importance of intelligence gathering from diverse sources, including observing threat actor interactions.