Read more: media.kasperskycontenthub.com
Kaspersky researchers have uncovered a strong connection between two hacktivist groups, BlackJack and Twelve, both of which target Russian organizations. They have been found to employ overlapping tactics, techniques, and procedures (TTPs), including the use of the Shamoon wiper and a leaked version of the LockBit ransomware, as well as legitimate tools such as PuTTY, AnyDesk, and ngrok for remote access and persistence. This shared toolkit and operational similarity strongly suggest these two groups are part of a unified cluster of activity. Both groups are primarily motivated by hacktivism and utilize publicly available tools, lacking the advanced resources typically associated with larger APT groups. Their focus is on causing disruption and damage to their victims, rather than financial gain.