Threat Research

Dark Web Analysis: Pure Malice – SOCRadar® Cyber Intelligence Inc.

SocRadar

Just Evil is a pro-Russian cyber threat group formed in January 2024 by KillMilk after changes within KillNet, pursuing ideological goals while distancing itself from financial motives, despite launching Just Market to offer cybercrime services. The group primarily uses DDoS, website defacement, and data breaches against Western nations and NATO members to advance Russian geopolitical interests. #JustEvil #KillMilk #JustMarket #KillNet #DDoS #Lithuania #US #NATO

Keypoints

  • Just Evil formed in January 2024 by KillMilk following internal changes in KillNet.
  • The group emphasizes ideological aims and seeks to distance itself from financial motives.
  • Just Market was launched, offering cybercrime services that contradict their anti-commercial stance.
  • Primary tactics include DDoS, website defacement, and data breaches against Western/NATO targets.
  • Targets include NATO nations, with Lithuania and the United States repeatedly mentioned.
  • Just Evil’s actions align with broader Russian geopolitical objectives, despite internal and leadership shifts within KillNet.

MITRE Techniques

  • [T1190] Exploit Public-Facing Application – Targets vulnerabilities in internet-facing applications to gain initial access. Quote: ‘Targets vulnerabilities in internet-facing applications to gain initial access.’
  • [T1110] Brute Force – Attempts to gain access by systematically guessing passwords. Quote: ‘Attempts to gain access by systematically guessing passwords.’
  • [T1071] Application Layer Protocol – Uses standard application layer protocols for command and control communications. Quote: ‘Uses standard application layer protocols for command and control communications.’
  • [T1498] Network Denial of Service (DDoS) – Overwhelms target systems with excessive traffic to disrupt services. Quote: ‘Overwhelms target systems with excessive traffic to disrupt services.’
  • [T1491] Defacement – Alters the appearance of a website to spread propaganda or shame targets. Quote: ‘Alters the appearance of a website to spread propaganda or shame targets.’

Indicators of Compromise

  • [IOC] None mentioned in article – no explicit IOCs (IPs, domains, file hashes) are provided

Read more: https://socradar.io/dark-web-profile-just-evil/

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint