Feuding Ransomware Groups 0APT and KryBit Leak Each Other’s Infrastructure Data
What Happened — Ransomware gangs 0APT and KryBit turned on one another, compromising each other’s command‑and‑control (C2) servers, credential stores, and victim‑list databases. The attackers publicly released the stolen artifacts, exposing tooling, encryption keys, and operational playbooks.
Why It Matters for TPRM
- Reveals ransomware tactics that can be repurposed against third‑party vendors and supply‑chain partners.
- Provides concrete Indicators of Compromise (IOCs) that can be integrated into vendor‑risk monitoring platforms.
- Highlights the risk that ransomware groups may target or exploit each other’s infrastructure, potentially affecting shared services.
Who Is Affected — Any organization that relies on third‑party services, especially high‑value sectors such as healthcare, financial services, manufacturing, and cloud‑hosted SaaS providers.
Recommended Actions —
- Ingest the leaked IOCs into your threat‑intelligence feeds and SIEM.
- Verify that critical third‑party vendors have robust ransomware detection, immutable backups, and offline recovery capabilities.
- Conduct a tabletop exercise simulating a ransomware supply‑chain compromise.
Technical Notes — Attack vector: malware‑driven compromise of C2 infrastructure; leaked data includes server configurations, encryption keys, victim lists, and internal tooling. No CVE is associated. Source: Dark Reading