The analysis reveals that the BlackJack group, a hacktivist group targeting Russian organizations, uses tools like Shamoon wiper, LockBit ransomware, Ngrok, and remote access tools. They share similarities with the Twelve group in terms of tactics, techniques, and procedures (TTP), with overlapping malware samples, commands, and utilities. Both groups aim to cause damage rather than financial gain, and a new activity resembling their procedures points to a unified cluster of hacktivist activity
The study identifies wiper and ransomware similarities, scheduled tasks, MBR overwriting, and common directories in the attacks, suggesting a strong connection between BlackJack and Twelve. ```https://securelist.com/blackjack-hacktivists-connection-with-twelve/113959/