FunkSec is a newly emerged ransomware group that has gained notoriety for its aggressive attacks on over 100 victims since December 2024. The group operates under a Ransomware-as-a-Service model, utilizing double extortion tactics and AI-assisted malware development. FunkSec targets various industries globally, with a notable focus on technology and government sectors. Affected: FunkSec, Ransomware-as-a-Service (RaaS)
Keypoints :
- FunkSec emerged in December 2024, claiming over 129 victims by January 2025.
- The group operates under a Ransomware-as-a-Service (RaaS) model and employs double extortion tactics.
- FunkSec’s ransomware is written in Rust and is believed to be developed by inexperienced actors with AI assistance.
- The group has a diverse global reach, targeting victims in 47 countries.
- Key targeted sectors include technology, government, and business services.
- FunkSec combines ransomware with hacktivist tools and has a marketplace for stolen data.
- The group leverages AI for malware development and operational support.
- FunkSec’s public persona has been shaped by associations with other hacktivist groups.
MITRE Techniques :
- Ransomware (T1486): FunkSec encrypts files using RSA and AES encryption, leaving victims with a ransom note.
- Data Encrypted for Impact (T1486): The group encrypts files and deletes originals, demanding ransom for decryption.
- Credential Dumping (T1003): FunkSec uses tools to scrape passwords and emails.
- Remote Access Tools (T1219): The group markets tools like JQRAXY_HVNC for remote control of infected systems.
- Command and Control (T1071): FunkSec utilizes various hacking utilities to maintain control over compromised systems.
Indicator of Compromise :
- [file hash] 5226ea8e0f516565ba825a1bbed10020982c16414750237068b602c5b4ac6abd
- [domain] funksec[.]com
- [tool name] FDDOS
- [tool name] JQRAXY_HVNC
- [others ioc] AI chatbot based on Miniapps
- Check the article for all found IoCs.
Full Research: https://socradar.io/dark-web-profile-funksec/