Kraken Ransomware: New Features and Ties to HelloKitty

Kraken ransomware, targeting Windows, Linux, and VMware ESXi systems, has introduced a unique feature that tests machine performance to optimize encryption speed. This ransomware, which emerged as a continuation of the HelloKitty operation, engages in big-game hunting attacks with data theft for double extortion. Kraken's data leak site lists victims from various regions, and the group has launched a new cybercrime forum named 'The Last Haven Board' for secure communications. The ransomware's attack chain involves exploiting SMB vulnerabilities, using Cloudflared and SSHFS tools for persistence and data exfiltration, and conducting performance benchmarks before encryption.

Latest mentioned: 11-13

Earliest mentioned: 11-13

Sources

talosintelligence.com bleepingcomputer.com

Also Read

Critical Triofox Bug Exploited for Malicious Payloads

Hackers exploited a critical Triofox flaw, CVE-2025-12480, to bypass authentication and install remote access tools via the platform’s antivirus feature. Google’s Mandiant researchers spotted the threat actors exploiting the vulnerability, which allowed them to upload and run remote access tools. The attackers used a newly created admin account to execute malicious scripts with SYSTEM privileges, deploying tools like Zoho Assist and AnyDesk for remote access. Mandiant recommends upgrading to the latest Triofox release and auditing admin accounts to mitigate the risk.

11-11Read more →