Credential Theft

Executive Summary KryptonZombie is a professional access broker specializing in data breaches and the monetization of stolen information. As the founder of the Mafia International threat group, KryptonZombie focuses on exploiting vulnerabilities to gain access to sensitive data, which is then sold on underground forums and distributed via Telegram. This post dives into their operations, methods, and organizational structure to understand the risks associated with their activities. KryptonZombie: Overview Role: Initial Access Broker Active Since: November 21, 2023 Affiliation: Founder of Mafia International Alternate Handles: robinhouse0xc4, krpzambie0xc4 Key TTPs: Exploiting Vulnerabilities, Data Breaches, Underground Sales Victims: Healthcare, Government, Marketing Services, IT Services Sectors Infrastructure: Linux Parrot, Telegram, filetransfer[. [Read More]

Executive Summary CarthageRocket is a professional access broker and credential theft specialist, with a reputation for targeting employee credentials using techniques such as phishing, credential stuffing, and brute-force attacks. Known for selling compromised databases on underground forums, CarthageRocket has gained prominence through their affiliation with the Lapsus$ group, which has expanded the scale and impact of their operations. This post examines their operations, tactics, and affiliations to shed light on the risks posed by this threat actor. [Read More]