Despite staying on the down-low for a while, the Telebots hacking group appears to have reemerged from the shadows. This hacking group has gone down in history with the first-ever blackout caused by a hacking tool. They are known for developing very complex, high-end malware. Unlike some hacking groups that tread carefully and do not aim to cause damage to the compromised hosts, the Telebots group takes a different approach. They have very little regard for their targets’ systems and data, and some of their threats are known to cause permanent, irreversible damage to its victims.
Telebots Group’s Hacking Arsenal
Among some of its more well-known hacking tools are:
- BlackEnergy – A tool that was used in various operations targeting the energy sector in Ukraine.
- Industroyer – The malware, which made history also targeted the Ukrainian energy sector and managed to cause a blackout successfully.
- KillDisk Ransomware– A Trojan, which wipes out the files on the compromised system permanently and thus makes recovery impossible.
- Petya Ransomware – A ransomware threat, which instead of encrypting targeted files, locks the MBR (Master Boot Record) of the hard drive.
Recently, malware researchers have spotted two threats that have been utilized by the malicious actor recently - the Exaramel Backdoor and the CredRaptor stealer. So far, the CredRaptor credential stealer has only been used in combination with the Exaramel Backdoor. The CredRaptor infostealer is a rather potent threat as it has the ability to collect a large variety of data from the infected system.
The CredRaptor stealer is not a brand-new hacking tool – the Telebots group has been using it since 2016. However, this hacking group takes its job seriously and has been introducing updates to its malware, further weaponizing it. After its latest update, the CredRaptor credential staler is capable of:
- Collect Microsoft Outlook passwords.
- Collect Autofill information and passwords, which may be stored in the following Web browsers – Google Chrome, Mozilla Firefox, Internet Explorer and Opera.
- Collect passwords from FTP clients like CuteFTP, ClassicFTP, FileZilla, BulletProod FTP Client, among others.
The CredRaptor stealer also is able to go after the Windows Vault password-managing utility. This may prove to be a rather unsafe ability since the threat may be able to grab potential webmasters’ login credentials, which will allow its operators to compromise other computers that may be connected to the network of the user’s system.
Make sure you update all the software present on your system regularly. Also, it is crucial to have a legitimate anti-spyware solution installed on your computer so that it keeps your data safe from pests like the CredRaptor stealer.