Cybercrime group ChostSec was linked to a ransomware family of the Golang variant called GhostLocker.

Attacks conducted by the group have targeted a myriad of counties and sectors including Cuba, Poland, China, Lebanon, Israel, India, Vietnam, Thailand, and Indonesia to name a few. Targeted sectors include government, critical infrastructure, education, and manufacturing. According to a Cisco Talos researcher, both ransomware groups are co-conducting extortionary ransomware attacks. GhostSec is a member of ‘The Five Families” a ransomware coalition formed in August 2023. This coalition includes ThreatSec, Stormous, Blackforums, and SiegedSec. GhostSec joined forces with another ransomware group, GhostLocker to produce ransomware-as-a-service (RaaS). Stormous soon joined and has advertised GhostLocker 2.0 to be fully effective in offering quick encryption/decryption capabilities. Two new potential tools have been discovered as a means of conducting these attacks known as Deep Scan toolset and GhostPresser. GhostPresser is a hack tool used to break into WordPress sites allowing threat actors to remotely edit the sites. Deep Scan toolset used to investigate potential victim networks.

Read more:

https://thehackernews.com/2024/03/alert-ghostsec-and-stormous-launch.html