A feud between RaaS operators 0APT and KryBit erupted into mutual breaches and public data leaks that exposed fabricated victim claims and operational details. Halcyon researchers say the conflict yielded actionable intelligence — including indicators of compromise and proof that 0APT’s initial 190+ victim list was fake — and recommend defenders monitor for data staging, validate backups, and deploy anti-ransomware protections. #0APT #KryBit
Keypoints
- 0APT and KryBit engaged in a public RaaS feud that resulted in mutual breaches and operational data leaks.
- 0APT initially posted a fabricated 190+ victim list to gain credibility before reemerging with targeted leaks.
- KryBit published legitimate victims and retaliated by exfiltrating and leaking 0APT’s source code, access logs, and system files.
- Researchers say both operators will likely need to rebuild, rebrand, and create new infrastructure after the exposure.
- Defenders should monitor for data staging/exfiltration, validate backup integrity, deploy anti-ransomware defenses, and treat KryBit and Everest as active threats.
Read More: https://www.darkreading.com/threat-intelligence/feuding-ransomware-groups-leak-data