Threat Profiling

Executive Summary KryptonZombie is a professional access broker specializing in data breaches and the monetization of stolen information. As the founder of the Mafia International threat group, KryptonZombie focuses on exploiting vulnerabilities to gain access to sensitive data, which is then sold on underground forums and distributed via Telegram. This post dives into their operations, methods, and organizational structure to understand the risks associated with their activities. KryptonZombie: Overview Role: Initial Access Broker Active Since: November 21, 2023 Affiliation: Founder of Mafia International Alternate Handles: robinhouse0xc4, krpzambie0xc4 Key TTPs: Exploiting Vulnerabilities, Data Breaches, Underground Sales Victims: Healthcare, Government, Marketing Services, IT Services Sectors Infrastructure: Linux Parrot, Telegram, filetransfer[. [Read More]

Executive Summary CarthageRocket is a professional access broker and credential theft specialist, with a reputation for targeting employee credentials using techniques such as phishing, credential stuffing, and brute-force attacks. Known for selling compromised databases on underground forums, CarthageRocket has gained prominence through their affiliation with the Lapsus$ group, which has expanded the scale and impact of their operations. This post examines their operations, tactics, and affiliations to shed light on the risks posed by this threat actor. [Read More]

Executive Summary Mont4na is a professional access broker known for selling leaked databases and exploiting web vulnerabilities. With a history of operations across major underground forums, Mont4na has targeted high-value sectors such as aviation, banking, and telecommunications, focusing on data breaches and monetization. This post provides insights into their tactics, operations, and targeted victims. Mont4na: Overview Role: Initial Access Broker Active Since: November 10, 2020 Alternate Handles: pumpedkicks Key TTPs: SQL Injection, RCE Vulnerabilities, Data Monetization Victims: Aviation, Banking, Education, Government, Automotive, and Telecommunications Sectors Infrastructure: Nmap, Zmap, SQLmap Key Timeline November 10, 2020: Registered as “pumpedkicks” on an underground forum. [Read More]